Mercurial > code > home > repos > pomerium

changeset 7:0071c165e990

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
more file moves
author drewp@bigasterisk.com
date Mon, 12 Dec 2022 23:18:39 -0800
parents d3caeaf39d87
children 723ad82340d1
files 00-defs/02-roles.yaml 20-kube/20-pom-deploy.yaml kube/02-roles.yaml kube/05-idp-secret.yaml kube/60-auth-cert.yaml
diffstat 5 files changed, 125 insertions(+), 191 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/00-defs/02-roles.yaml	Mon Dec 12 23:18:39 2022 -0800
@@ -0,0 +1,125 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-controller
+  namespace: pomerium
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-gen-secrets
+  namespace: pomerium
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  - secrets/status
+  - endpoints/status
+  verbs:
+  - get
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - ingressclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ingress.pomerium.io
+  resources:
+  - pomerium
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ingress.pomerium.io
+  resources:
+  - pomerium/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-gen-secrets
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: pomerium-controller
+subjects:
+- kind: ServiceAccount
+  name: pomerium-controller
+  namespace: pomerium
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: pomerium
+  name: pomerium-gen-secrets
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: pomerium-gen-secrets
+subjects:
+- kind: ServiceAccount
+  name: pomerium-gen-secrets
+  namespace: pomerium
--- a/20-kube/20-pom-deploy.yaml	Mon Dec 12 23:16:59 2022 -0800
+++ b/20-kube/20-pom-deploy.yaml	Mon Dec 12 23:18:39 2022 -0800
@@ -1,49 +1,3 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  namespace: pomerium
-  name: autocert-data
-spec:
-  storageClassName: ""
-  volumeName: "autocert-data"
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-metrics
-  namespace: pomerium
-spec:
-  ports:
-    - { name: metrics, port: 9090, protocol: TCP, targetPort: metrics }
-  selector: { app.kubernetes.io/name: pomerium }
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-proxy
-  namespace: pomerium
-spec:
-  ports:
-    - { name: https, port: 443, protocol: TCP, targetPort: https }
-    - { name: http, port: 80, protocol: TCP, targetPort: http }
-  selector: { app.kubernetes.io/name: pomerium }
-  type: LoadBalancer
-  externalIPs:
-  # prime forwards to this
-    - 10.5.0.1
-  # local dns picks this
-    - 10.2.0.1
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/kube/02-roles.yaml	Mon Dec 12 23:16:59 2022 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,125 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-controller
-  namespace: pomerium
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-gen-secrets
-  namespace: pomerium
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-controller
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - services
-  - endpoints
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - services/status
-  - secrets/status
-  - endpoints/status
-  verbs:
-  - get
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  - ingressclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ingress.pomerium.io
-  resources:
-  - pomerium
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ingress.pomerium.io
-  resources:
-  - pomerium/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-gen-secrets
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pomerium-controller
-subjects:
-- kind: ServiceAccount
-  name: pomerium-controller
-  namespace: pomerium
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-gen-secrets
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pomerium-gen-secrets
-subjects:
-- kind: ServiceAccount
-  name: pomerium-gen-secrets
-  namespace: pomerium
\ No newline at end of file
--- a/kube/05-idp-secret.yaml	Mon Dec 12 23:16:59 2022 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: idp
-  namespace: pomerium
-type: Opaque
-stringData:
-  
\ No newline at end of file
--- a/kube/60-auth-cert.yaml	Mon Dec 12 23:16:59 2022 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: pomerium-proxy-tls
-  namespace: pomerium
-spec:
-  dnsNames:
-  - 'authenticate.bigasterisk.com'
-  issuerRef:
-    kind: Issuer
-    name: letsencrypt-prod
-  secretName: pomerium-proxy-tls
\ No newline at end of file