feat: split access groups for admins, devs and analytics
This commit is contained in:
@@ -43,7 +43,7 @@ configs:
|
||||
connectors:
|
||||
{{- with .Values.clusterConfig.oidc }}
|
||||
{{- range . }}
|
||||
{{- if eq .provider "azuread" }}
|
||||
{{- if eq .group "devel" }}
|
||||
- type: oidc
|
||||
id: {{ .name }}
|
||||
name: {{ .name }}
|
||||
|
||||
+6
-13
@@ -8,22 +8,15 @@ clusterConfig:
|
||||
initca: "/var/lib/kubernetes/secrets"
|
||||
apiserver: "ekman-manage"
|
||||
apiserverip: "10.255.241.99"
|
||||
etcd_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99" ]
|
||||
k8s_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128" ]
|
||||
etcd_nodes: ["10.255.241.80, 10.255.241.90, 10.255.241.99"]
|
||||
k8s_nodes:
|
||||
[
|
||||
"10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128",
|
||||
]
|
||||
cluster: "ekman"
|
||||
ingress_nodes: ["ekman , ekman-manage" ]
|
||||
ingress_nodes: ["ekman , ekman-manage"]
|
||||
ingress_replica_count: 2
|
||||
fileserver: "10.255.241.100"
|
||||
acme:
|
||||
email: "acme@oceanbox.io"
|
||||
dns01: "namecheap-apikey"
|
||||
oidc:
|
||||
- name: oceanbox
|
||||
provider: azuread
|
||||
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
||||
secret_ref:
|
||||
name: oceanbox-oidc
|
||||
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
|
||||
nodes:
|
||||
- name: ekman-manage
|
||||
taints: []
|
||||
|
||||
@@ -6,22 +6,15 @@ clusterConfig:
|
||||
initca: ""
|
||||
apiserver: ""
|
||||
apiserverip: ""
|
||||
etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ]
|
||||
k8s_nodes: [ "" ]
|
||||
etcd_nodes: ["10.255.241.201, 10.255.241.202, 10.255.241.203"]
|
||||
k8s_nodes: [""]
|
||||
cluster: "oceanbox"
|
||||
ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ]
|
||||
ingress_nodes:
|
||||
[
|
||||
"oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3",
|
||||
]
|
||||
ingress_replica_count: 3
|
||||
fileserver: "10.255.241.210"
|
||||
acme:
|
||||
email: "acme@oceanbox.io"
|
||||
dns01: "namecheap-apikey"
|
||||
oidc:
|
||||
- name: oceanbox
|
||||
provider: azuread
|
||||
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
||||
secret_ref:
|
||||
name: oceanbox-oidc
|
||||
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
|
||||
s3:
|
||||
hosts: []
|
||||
patterns: []
|
||||
|
||||
+7
-14
@@ -8,28 +8,21 @@ clusterConfig:
|
||||
initca: "/var/lib/kubernetes/secrets"
|
||||
apiserver: "rossby-manage"
|
||||
apiserverip: "172.16.239.221"
|
||||
etcd_nodes: [ "172.16.239.221, 172.16.239.222, 172.16.239.210" ]
|
||||
k8s_nodes: [ "172.16.239.221, 172.16.239.222, 172.16.239.210, 172.16.239.111, 172.16.239.112, 172.16.239.113, 172.16.239.114, 172.16.239.115, 172.16.239.116, 172.16.239.117, 172.16.239.118, 172.16.239.119, 172.16.239.120, 172.16.239.121, 172.16.239.122, 172.16.239.123, 172.16.239.124, 172.16.239.125, 172.16.239.126, 172.16.239.127, 172.16.239.128, 172.16.239.129, 172.16.239.130" ]
|
||||
etcd_nodes: ["172.16.239.221, 172.16.239.222, 172.16.239.210"]
|
||||
k8s_nodes:
|
||||
[
|
||||
"172.16.239.221, 172.16.239.222, 172.16.239.210, 172.16.239.111, 172.16.239.112, 172.16.239.113, 172.16.239.114, 172.16.239.115, 172.16.239.116, 172.16.239.117, 172.16.239.118, 172.16.239.119, 172.16.239.120, 172.16.239.121, 172.16.239.122, 172.16.239.123, 172.16.239.124, 172.16.239.125, 172.16.239.126, 172.16.239.127, 172.16.239.128, 172.16.239.129, 172.16.239.130",
|
||||
]
|
||||
cluster: "rossby"
|
||||
ingress_nodes: ["rossby, rossby-manage" ]
|
||||
ingress_nodes: ["rossby, rossby-manage"]
|
||||
ingress_replica_count: 2
|
||||
ingress_clusterissuer: ca-issuer
|
||||
ingress_whitelist:
|
||||
- 0.0.0.0/0
|
||||
- 0.0.0.0/0
|
||||
ingress_hostnetwork: true
|
||||
ingress_hostport: false
|
||||
ingress_nodeport: false
|
||||
fileserver: "172.16.239.222"
|
||||
acme:
|
||||
email: "acme@oceanbox.io"
|
||||
dns01: "namecheap-apikey"
|
||||
oidc:
|
||||
- name: oceanbox
|
||||
provider: azuread
|
||||
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
||||
secret_ref:
|
||||
name: oceanbox-oidc
|
||||
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
|
||||
nodes:
|
||||
- name: rossby-manage
|
||||
taints: []
|
||||
|
||||
+25
-16
@@ -11,9 +11,6 @@ clusterConfig:
|
||||
ingress_nodes: []
|
||||
ingress_replica_count: 3
|
||||
fileserver: ""
|
||||
acme:
|
||||
email: "acme@oceanbox.io"
|
||||
dns01: ""
|
||||
nodenames: []
|
||||
nodes: []
|
||||
ingress_clusterissuer: "letsencrypt-production"
|
||||
@@ -26,19 +23,31 @@ clusterConfig:
|
||||
ingress_hostnetwork: false
|
||||
ingress_hostport: false
|
||||
ingress_nodeport: true
|
||||
oidc: []
|
||||
#- name: azure
|
||||
# provider: azuread
|
||||
# tenant: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0"
|
||||
# secret_ref:
|
||||
# name: azure-oidc
|
||||
# group_id: "<group_id>"
|
||||
#- name: github
|
||||
# provider: github
|
||||
# secret_ref:
|
||||
# name: github-oidc
|
||||
# allowed_organizations: <org>
|
||||
# allowed_teams: <team-id>
|
||||
acme:
|
||||
email: "acme@oceanbox.io"
|
||||
dns01: "namecheap-apikey"
|
||||
oidc:
|
||||
- group: admin
|
||||
name: oceanbox
|
||||
provider: azuread
|
||||
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
||||
secret_ref:
|
||||
name: oceanbox-oidc
|
||||
group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
|
||||
- group: devel
|
||||
name: oceanbox
|
||||
provider: azuread
|
||||
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
||||
secret_ref:
|
||||
name: oceanbox-oidc
|
||||
group_id: ""
|
||||
- group: analytics
|
||||
name: oceanbox
|
||||
provider: azuread
|
||||
tenant: "3f737008-e9a0-4485-9d27-40329d288089"
|
||||
secret_ref:
|
||||
name: oceanbox-oidc
|
||||
group_id: "52bb4c7e-549c-4aed-bd95-9dcedf716f9f"
|
||||
s3:
|
||||
hosts: []
|
||||
patterns: []
|
||||
|
||||
@@ -122,7 +122,7 @@ grafana:
|
||||
users:
|
||||
auto_assign_org_role: "Admin"
|
||||
{{- range .Values.clusterConfig.oidc }}
|
||||
{{- if eq .provider "azuread" }}
|
||||
{{- if eq .group "analytics" }}
|
||||
auth.{{ .provider }}:
|
||||
enabled: true
|
||||
name: {{ .name }}
|
||||
|
||||
Reference in New Issue
Block a user