diff options
| author |  Joe Banks <[email protected]> | 2024-07-26 01:18:51 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2024-07-26 15:08:59 +0100 |
| commit | 2b50a5039ddfea94e83c5998e2032e899b61f07d (patch) | |
| tree | 138f16575b413f9aa0c18363e1613399b0e9f76c | |
| parent | Add new modmail secrets (diff) | |
Move IPA CA to be a cluster-wide configmap (with Reflector)
| -rw-r--r-- | kubernetes/ipa-ca-configmap.yaml | 38 | ||||
| -rw-r--r-- | kubernetes/namespaces/tooling/keycloak/deployment.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/namespaces/tooling/keycloak/ipa-ca-configmap.yaml | 33 |
3 files changed, 39 insertions, 34 deletions
diff --git a/kubernetes/ipa-ca-configmap.yaml b/kubernetes/ipa-ca-configmap.yaml new file mode 100644 index 0000000..ca959a8 --- /dev/null +++ b/kubernetes/ipa-ca-configmap.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ipa-ca-configmap + namespace: default + annotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "monitoring,tooling" + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "monitoring,tooling" +data: + pydis-ipa-cert.pem: | + -----BEGIN CERTIFICATE----- + MIIETjCCAragAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1CT1gu + UFlESVMuV1RGMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjQw + NzE5MjExMDI2WhcNNDQwNzE5MjExMDI2WjA4MRYwFAYDVQQKDA1CT1guUFlESVMu + V1RGMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3 + DQEBAQUAA4IBjwAwggGKAoIBgQDvVLBXKeN0gj6OyMwf6VoVE64b6o3gsmoALrAe + VT+iIXQP4YZhvOOH/aMG+6o/2OQDxWGnYFbqLZlJ4jE+cCUKBmMBHSet85jH+4zZ + vQcmp7hdCEr3Kn0qSFtqdiB9H8zfRypN5RXSz6rwrm/WyfoY9N37uRm3ihkntwLI + +ooWBzgkJ2b/dvKViNGInrEXQ3E+raEeSJpnlu2+2sPFn3/lZzDr/tPLnFmZFT4V + jf8WFjeOcQ0v7QNApZ/31EI82BPwuzCtn2va2tOTxS/ni4nPGRztZKzaSKNGeN1D + fOK63aKaKRmD0yF9n6BEu0s8CzZlDr3K22Msix/iOBBgbj8oOcR/NaO/OLEk6sdm + v+bEZEE3wvEfi4dulhRn0P+E1acXbDg43Z08pJKRf2mFF1AUF/i8hrbQ8riWsfvr + 9rsM5USONjZohw14oTUgmfqyLjEhKCc9XfWxEA/gnyqZW/8otwGPUkE/ZHtYMXD6 + UruinbleLP8Enj0N1Cr0NYleH28CAwEAAaNjMGEwHQYDVR0OBBYEFGGvQuMOH2lq + GBWDQWhiJOuPGwl7MB8GA1UdIwQYMBaAFGGvQuMOH2lqGBWDQWhiJOuPGwl7MA8G + A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IB + gQCcVlRpHjapjKxnG66diR4GxgdpbT4CKYb+LliUpRuhrGPVZ5PL22P+iNH29y/w + PM1CuB0E/Rqhct6GhjU7ZYooVl4xZoYPgrjXcAHxbePfYkWCzRK5IY6ZZa7B83+d + mR30ptKQ7bdjATui7XA0rosiVF3Kxvot3wvxgEGVElvVgkayFTrgRaVr65Mro/E0 + tq2JdWIe9wEHn11w7+SYFpaP+1J+gwsSukDJ9cSfRvtpUdk2a4zgLOnSdCjor5gJ + EaNoHPdd2cRSzbvZBIYfN50Oov6/mbwDDgD+g+SZy0HvYhQa/tr9udPQlXk0NjM8 + 4ItUH2+188Wa2Z00gPXLLz7AbsgnsONhf7omnw1muSnyrbWvYQsypmgzGuxs3MGC + bcvZ9wk5K5Ppg7pLtpYyjcM7C2K6Um1DuK/pIHdPFjdXl6rtgDs/tN9p8jiLAbUl + tdT9K7x8iF0anvzdTU/LLf2Uj3QfAy6RT09jkW0ukr54HFKYXZ3OprDgH5l6XkHy + JAM= + -----END CERTIFICATE----- diff --git a/kubernetes/namespaces/tooling/keycloak/deployment.yaml b/kubernetes/namespaces/tooling/keycloak/deployment.yaml index 2ccbb07..397df39 100644 --- a/kubernetes/namespaces/tooling/keycloak/deployment.yaml +++ b/kubernetes/namespaces/tooling/keycloak/deployment.yaml @@ -55,4 +55,4 @@ spec: volumes: - name: ca-store configMap: - name: keycloak-ca-configmap + name: ipa-ca-configmap diff --git a/kubernetes/namespaces/tooling/keycloak/ipa-ca-configmap.yaml b/kubernetes/namespaces/tooling/keycloak/ipa-ca-configmap.yaml deleted file mode 100644 index 086479b..0000000 --- a/kubernetes/namespaces/tooling/keycloak/ipa-ca-configmap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: keycloak-ca-configmap - namespace: tooling -data: - pydis-ipa-cert.pem: | - -----BEGIN CERTIFICATE----- - MIIETjCCAragAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1CT1gu - UFlESVMuV1RGMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjQw - NzE5MjExMDI2WhcNNDQwNzE5MjExMDI2WjA4MRYwFAYDVQQKDA1CT1guUFlESVMu - V1RGMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggGiMA0GCSqGSIb3 - DQEBAQUAA4IBjwAwggGKAoIBgQDvVLBXKeN0gj6OyMwf6VoVE64b6o3gsmoALrAe - VT+iIXQP4YZhvOOH/aMG+6o/2OQDxWGnYFbqLZlJ4jE+cCUKBmMBHSet85jH+4zZ - vQcmp7hdCEr3Kn0qSFtqdiB9H8zfRypN5RXSz6rwrm/WyfoY9N37uRm3ihkntwLI - +ooWBzgkJ2b/dvKViNGInrEXQ3E+raEeSJpnlu2+2sPFn3/lZzDr/tPLnFmZFT4V - jf8WFjeOcQ0v7QNApZ/31EI82BPwuzCtn2va2tOTxS/ni4nPGRztZKzaSKNGeN1D - fOK63aKaKRmD0yF9n6BEu0s8CzZlDr3K22Msix/iOBBgbj8oOcR/NaO/OLEk6sdm - v+bEZEE3wvEfi4dulhRn0P+E1acXbDg43Z08pJKRf2mFF1AUF/i8hrbQ8riWsfvr - 9rsM5USONjZohw14oTUgmfqyLjEhKCc9XfWxEA/gnyqZW/8otwGPUkE/ZHtYMXD6 - UruinbleLP8Enj0N1Cr0NYleH28CAwEAAaNjMGEwHQYDVR0OBBYEFGGvQuMOH2lq - GBWDQWhiJOuPGwl7MB8GA1UdIwQYMBaAFGGvQuMOH2lqGBWDQWhiJOuPGwl7MA8G - A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMA0GCSqGSIb3DQEBCwUAA4IB - gQCcVlRpHjapjKxnG66diR4GxgdpbT4CKYb+LliUpRuhrGPVZ5PL22P+iNH29y/w - PM1CuB0E/Rqhct6GhjU7ZYooVl4xZoYPgrjXcAHxbePfYkWCzRK5IY6ZZa7B83+d - mR30ptKQ7bdjATui7XA0rosiVF3Kxvot3wvxgEGVElvVgkayFTrgRaVr65Mro/E0 - tq2JdWIe9wEHn11w7+SYFpaP+1J+gwsSukDJ9cSfRvtpUdk2a4zgLOnSdCjor5gJ - EaNoHPdd2cRSzbvZBIYfN50Oov6/mbwDDgD+g+SZy0HvYhQa/tr9udPQlXk0NjM8 - 4ItUH2+188Wa2Z00gPXLLz7AbsgnsONhf7omnw1muSnyrbWvYQsypmgzGuxs3MGC - bcvZ9wk5K5Ppg7pLtpYyjcM7C2K6Um1DuK/pIHdPFjdXl6rtgDs/tN9p8jiLAbUl - tdT9K7x8iF0anvzdTU/LLf2Uj3QfAy6RT09jkW0ukr54HFKYXZ3OprDgH5l6XkHy - JAM= - -----END CERTIFICATE----- |