mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
a991379a74
Some tests are not fully rewritten in Go, a typescript wrapper is called instead until we remove the remaining TS tests and dependencies. Also, dockerize every components (mainly Authelia backend, frontend and kind) so that the project does not interfere with user host anymore (open ports for instance). The only remaining intrusive change is the one done during bootstrap to add entries in /etc/hosts. It will soon be avoided using authelia.com domain that I own.
142 lines
2.6 KiB
YAML
142 lines
2.6 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: nginx-ingress-controller-serviceaccount
|
|
namespace: authelia
|
|
labels:
|
|
app: nginx-ingress-controller
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: nginx-ingress-controller-clusterrole
|
|
labels:
|
|
app: nginx-ingress-controller
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- endpoints
|
|
- nodes
|
|
- pods
|
|
- secrets
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "extensions"
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- apiGroups:
|
|
- "extensions"
|
|
resources:
|
|
- ingresses/status
|
|
verbs:
|
|
- update
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: Role
|
|
metadata:
|
|
name: nginx-ingress-controller-role
|
|
namespace: authelia
|
|
labels:
|
|
app: nginx-ingress-controller
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- pods
|
|
- secrets
|
|
- namespaces
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
resourceNames:
|
|
# Defaults to "<election-id>-<ingress-class>"
|
|
# Here: "<ingress-controller-leader>-<nginx>"
|
|
# This has to be adapted if you change either parameter
|
|
# when launching the nginx-ingress-controller.
|
|
- "ingress-controller-leader-nginx"
|
|
verbs:
|
|
- get
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- endpoints
|
|
verbs:
|
|
- get
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: nginx-ingress-controller-role-nisa-binding
|
|
namespace: authelia
|
|
labels:
|
|
app: nginx-ingress-controller
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: nginx-ingress-controller-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: nginx-ingress-controller-serviceaccount
|
|
namespace: authelia
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: nginx-ingress-controller-clusterrole-nisa-binding
|
|
labels:
|
|
app: nginx-ingress-controller
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: nginx-ingress-controller-clusterrole
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: nginx-ingress-controller-serviceaccount
|
|
namespace: authelia
|
|
|
|
---
|