-
Notifications
You must be signed in to change notification settings - Fork 69
/
Copy pathdex-template.jsonnet
117 lines (116 loc) · 2.95 KB
/
dex-template.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
local dex = (import 'github.com/observatorium/observatorium/configuration/components/dex.libsonnet')({
name:: 'dex',
namespace:: '${NAMESPACE}',
image:: '${IMAGE}:${IMAGE_TAG}',
version:: '${IMAGE_TAG}',
config:: {
oauth2: {
passwordConnector: 'local',
},
staticClients: [
{
id: 'test',
name: 'test',
secret: 'ZXhhbXBsZS1hcHAtc2VjcmV0',
},
],
enablePasswordDB: true,
staticPasswords: [
{
email: '[email protected]',
// bcrypt hash of the string "password"
hash: '$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W',
username: 'admin',
userID: '08a8684b-db88-4b73-90a9-3cd1661f5466',
},
],
issuer: 'http://${NAMESPACE}.${NAMESPACE}.svc.cluster.local:5556/dex',
storage: {
type: 'sqlite3',
config: { file: '/storage/dex.db' },
},
web: {
http: '0.0.0.0:5556',
},
logger: { level: 'debug' },
},
replicas: 1,
}) + {
deployment+: {
spec+: {
replicas: '${{REPLICAS}}', // additional parenthesis does matter, they convert argument to an int.
template+: {
spec+: {
containers: [
super.containers[0] {
resources: {
requests: {
cpu: '${DEX_CPU_REQUEST}',
memory: '${DEX_MEMORY_REQUEST}',
},
limits: {
cpu: '${DEX_CPU_LIMITS}',
memory: '${DEX_MEMORY_LIMITS}',
},
},
volumeMounts: [
{ name: 'config', mountPath: '/etc/dex/cfg' },
{ name: 'storage', mountPath: '/storage', readOnly: false },
],
},
],
volumes: [
{
name: 'config',
secret: {
secretName: dex.config.name,
items: [
{ key: 'config.yaml', path: 'config.yaml' },
],
},
},
{
name: 'storage',
persistentVolumeClaim: { claimName: dex.config.name },
},
],
},
},
},
},
pvc+: {
spec+: {
resources: {
requests: {
storage: '${DEX_STORAGE}',
},
},
},
},
};
{
apiVersion: 'template.openshift.io/v1',
kind: 'Template',
metadata: {
name: 'dex',
},
objects: [
dex[name] {
metadata+: {
namespace:: 'hidden',
},
}
for name in std.objectFields(dex)
],
parameters: [
{ name: 'NAMESPACE', value: 'dex' },
{ name: 'IMAGE', value: 'dexidp/dex' },
{ name: 'IMAGE_TAG', value: 'v2.30.0' },
{ name: 'REPLICAS', value: '1' },
{ name: 'DEX_CPU_REQUEST', value: '100m' },
{ name: 'DEX_MEMORY_REQUEST', value: '200Mi' },
{ name: 'DEX_CPU_LIMITS', value: '100m' },
{ name: 'DEX_MEMORY_LIMITS', value: '200Mi' },
{ name: 'DEX_STORAGE', value: '1Gi' },
],
}