Files
@ b605b92e89b8
Branch filter:
Location: pomerium/kube/02-roles.yaml - annotation
b605b92e89b8
2.0 KiB
text/x-yaml
change provider to oidc to try to stop failed user directory syncs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 6bf643829330 | apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
namespace: pomerium
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
namespace: pomerium
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/status
- secrets/status
- endpoints/status
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.pomerium.io
resources:
- pomerium
verbs:
- get
- list
- watch
- apiGroups:
- ingress.pomerium.io
resources:
- pomerium/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pomerium-controller
subjects:
- kind: ServiceAccount
name: pomerium-controller
namespace: pomerium
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pomerium-gen-secrets
subjects:
- kind: ServiceAccount
name: pomerium-gen-secrets
namespace: pomerium
|