52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
apiVersion: airshipit.org/v1alpha1
|
|
kind: ReplacementTransformer
|
|
metadata:
|
|
name: k8scontrol-cluster-dex-replacements
|
|
annotations:
|
|
config.kubernetes.io/function: |-
|
|
container:
|
|
image: localhost/replacement-transformer
|
|
replacements:
|
|
# Updating dex-apiserver-secret with target-cluster-ca's CA certificate
|
|
- source:
|
|
objref:
|
|
kind: VariableCatalogue
|
|
name: generated-secrets
|
|
fieldref: "{.targetClusterCa}"
|
|
target:
|
|
objref:
|
|
kind: Secret
|
|
name: dex-apiserver-secret
|
|
fieldrefs: ["{.data}"]
|
|
|
|
# Dex OIDC Issuer URL, e.g., https://dex.function.local:31556/dex
|
|
- source:
|
|
objref:
|
|
kind: VariableCatalogue
|
|
name: utility-treasuremap
|
|
fieldref: "{.spec.dex.oidc_issuer}"
|
|
target:
|
|
objref:
|
|
kind: KubeadmControlPlane
|
|
fieldrefs: ["{.spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-issuer-url}"]
|
|
# Dex client id, e.g., function-kubernetes
|
|
- source:
|
|
objref:
|
|
kind: VariableCatalogue
|
|
name: utility-treasuremap
|
|
fieldref: "{.spec.dex.client-id}"
|
|
target:
|
|
objref:
|
|
kind: KubeadmControlPlane
|
|
fieldrefs: ["{.spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-client-id}"]
|
|
# Dex hostname, e.g., dex.function.local
|
|
- source:
|
|
objref:
|
|
kind: VariableCatalogue
|
|
name: utility-treasuremap
|
|
fieldref: "{.spec.dex.hostname}"
|
|
target:
|
|
objref:
|
|
kind: KubeadmControlPlane
|
|
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.certSANs[0]"]
|