You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.0 KiB
YAML
46 lines
1.0 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: dex
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: dex
|
|
rules:
|
|
- apiGroups: ["oidc.coreos.com"] # API group created by dex
|
|
resources: ["*"]
|
|
verbs: ["*"]
|
|
nonResourceURLs: []
|
|
- apiGroups: ["extensions"]
|
|
resources: ["thirdpartyresources"]
|
|
verbs: ["create"] # To manage its own resources identity must be able to create thirdpartyresources.
|
|
nonResourceURLs: []
|
|
---
|
|
kind: ServiceAccount
|
|
apiVersion: v1
|
|
metadata:
|
|
name: dex
|
|
namespace: dex
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: dex
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: dex # Service account assigned to the dex pod.
|
|
namespace: dex # The namespace dex is running in.
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: dex
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
kind: ThirdPartyResource
|
|
apiVersion: extensions/v1beta1
|
|
metadata:
|
|
name: o-auth2-client.oidc.coreos.com
|
|
versions:
|
|
- name: v1
|
|
description: "An OAuth2 client." |