forked from hswaw/hscloud
ops/sso: bump to latest version, roll out RSA JWT signing
Bump to: https://code.hackerspace.pl/informatic/sso-v2/commit/?id=682322c98063c596d2e46f1e7844551c5a7226db This introduces (and enables) support for RSA id_tokens (that are required by oauth2_proxy for example) and fixes/improves handling of non-active members. Change-Id: Ia7d5e5ca7a2769f11f6190add78114e3b6141c6e Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1304 Reviewed-by: q3k <q3k@hackerspace.pl>master
parent
7d0e56cba7
commit
a13208bf9b
|
@ -8,7 +8,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
||||||
|
|
||||||
cfg:: {
|
cfg:: {
|
||||||
namespace: "sso",
|
namespace: "sso",
|
||||||
image: "registry.k0.hswaw.net/informatic/sso-v2@sha256:3b277a8e2b3c3225d7da10aee37774266f9eb2aa536e7a390160f550b3556087",
|
image: "registry.k0.hswaw.net/informatic/sso-v2@sha256:1118effa697489028c3cd5a6786d3f94f16dbbe2810b1bf1b0f65ea15bac1914",
|
||||||
domain: error "domain must be set",
|
domain: error "domain must be set",
|
||||||
database: {
|
database: {
|
||||||
host: error "database.host must be set",
|
host: error "database.host must be set",
|
||||||
|
@ -33,6 +33,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
||||||
defaultMode: std.parseOctal("0600"),
|
defaultMode: std.parseOctal("0600"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
jwk: { secret: { secretName: "sso-jwk" } },
|
||||||
tlscopy: kube.EmptyDirVolume(), # see initContainers_.secretCopy
|
tlscopy: kube.EmptyDirVolume(), # see initContainers_.secretCopy
|
||||||
},
|
},
|
||||||
securityContext: {
|
securityContext: {
|
||||||
|
@ -74,10 +75,17 @@ local kube = import "../../../kube/kube.libsonnet";
|
||||||
|
|
||||||
LDAP_BIND_PASSWORD: { secretKeyRef: { name: "sso", key: "ldap_bind_password" } },
|
LDAP_BIND_PASSWORD: { secretKeyRef: { name: "sso", key: "ldap_bind_password" } },
|
||||||
SECRET_KEY: { secretKeyRef: { name: "sso", key: "secret_key" } },
|
SECRET_KEY: { secretKeyRef: { name: "sso", key: "secret_key" } },
|
||||||
LOGGING_LEVEL: "DEBUG",
|
LOGGING_LEVEL: "INFO",
|
||||||
|
|
||||||
|
JWT_ALG: "RS256",
|
||||||
|
JWT_EXP: "600",
|
||||||
|
|
||||||
|
JWT_PUBLIC_KEYS: "/jwk/public.pem",
|
||||||
|
JWT_PRIVATE_KEY: "/jwk/private.pem",
|
||||||
},
|
},
|
||||||
volumeMounts_: {
|
volumeMounts_: {
|
||||||
tlscopy: { mountPath: "/tls" },
|
tlscopy: { mountPath: "/tls" },
|
||||||
|
jwk: { mountPath: "/jwk" },
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue