feat: split access groups for admins, devs and analytics

2025-11-09 13:05:17 +01:00
parent d4490f949f
commit 7b22a8b7b5
6 changed files with 46 additions and 58 deletions
@@ -11,9 +11,6 @@ clusterConfig:
  ingress_nodes: []
  ingress_replica_count: 3
  fileserver: ""
-  acme:
-    email: "acme@oceanbox.io"
-    dns01: ""
  nodenames: []
  nodes: []
  ingress_clusterissuer: "letsencrypt-production"
@@ -26,19 +23,31 @@ clusterConfig:
  ingress_hostnetwork: false
  ingress_hostport: false
  ingress_nodeport: true
-  oidc: []
-    #- name: azure
-    #  provider: azuread
-    #  tenant: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0"
-    #  secret_ref:
-    #    name: azure-oidc
-    #  group_id: "<group_id>"
-    #- name: github
-    #  provider: github
-    #  secret_ref:
-    #    name: github-oidc
-    #  allowed_organizations: <org>
-    #  allowed_teams: <team-id>
+  acme:
+    email: "acme@oceanbox.io"
+    dns01: "namecheap-apikey"
+  oidc:
+    - group: admin
+      name: oceanbox
+      provider: azuread
+      tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+      secret_ref:
+        name: oceanbox-oidc
+      group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
+    - group: devel
+      name: oceanbox
+      provider: azuread
+      tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+      secret_ref:
+        name: oceanbox-oidc
+      group_id: ""
+    - group: analytics
+      name: oceanbox
+      provider: azuread
+      tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+      secret_ref:
+        name: oceanbox-oidc
+      group_id: "52bb4c7e-549c-4aed-bd95-9dcedf716f9f"
  s3:
    hosts: []
    patterns: []