76 lines
1.7 KiB
YAML
76 lines
1.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: ldapusermanager
|
|
namespace: idp
|
|
annotations:
|
|
reloader.stakater.com/auto: "true"
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: ldapusermanager
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ldapusermanager
|
|
spec:
|
|
containers:
|
|
- name: ldapusermanager
|
|
image: wheelybird/ldap-user-manager:latest
|
|
envFrom:
|
|
- configMapRef:
|
|
name: ldapusermanager
|
|
- secretRef:
|
|
name: ldapusermanager
|
|
ports:
|
|
- name: http
|
|
containerPort: 80
|
|
|
|
---
|
|
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ldapusermanager
|
|
namespace: idp
|
|
spec:
|
|
selector:
|
|
app: ldapusermanager
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
|
|
---
|
|
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: ldapusermanager
|
|
namespace: idp
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer"
|
|
cert-manager.io/common-name: "accounts.bhasher.com"
|
|
nginx.ingress.kubernetes.io/auth-signin: https://idp.bhasher.com
|
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Groups
|
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
|
nginx.ingress.kubernetes.io/auth-url: https://idp.bhasher.com/api/verify
|
|
nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- accounts.bhasher.com
|
|
secretName: ldapusermanager-tls
|
|
rules:
|
|
- host: accounts.bhasher.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: ldapusermanager
|
|
port:
|
|
number: 80 |