Merge branch 'main' into oidc_password_grant
This commit is contained in:
commit
a7c88b599c
@ -152,6 +152,15 @@ spec:
|
|||||||
mountPath: /etc/podinfo
|
mountPath: /etc/podinfo
|
||||||
- name: impersonation-proxy
|
- name: impersonation-proxy
|
||||||
mountPath: /var/run/secrets/impersonation-proxy.concierge.pinniped.dev/serviceaccount
|
mountPath: /var/run/secrets/impersonation-proxy.concierge.pinniped.dev/serviceaccount
|
||||||
|
env:
|
||||||
|
#@ if data.values.https_proxy:
|
||||||
|
- name: HTTPS_PROXY
|
||||||
|
value: #@ data.values.https_proxy
|
||||||
|
#@ end
|
||||||
|
#@ if data.values.https_proxy and data.values.no_proxy:
|
||||||
|
- name: NO_PROXY
|
||||||
|
value: #@ data.values.no_proxy
|
||||||
|
#@ end
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /healthz
|
path: /healthz
|
||||||
|
@ -93,3 +93,11 @@ impersonation_proxy_spec:
|
|||||||
{service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000"}
|
{service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000"}
|
||||||
#! When mode LoadBalancer is set, this will set the LoadBalancer Service's Spec.LoadBalancerIP.
|
#! When mode LoadBalancer is set, this will set the LoadBalancer Service's Spec.LoadBalancerIP.
|
||||||
load_balancer_ip:
|
load_balancer_ip:
|
||||||
|
|
||||||
|
#! Set the standard golang HTTPS_PROXY and NO_PROXY environment variables on the Concierge containers.
|
||||||
|
#! These will be used when the Concierge makes backend-to-backend calls to authenticators using HTTPS,
|
||||||
|
#! e.g. when the Concierge fetches discovery documents, JWKS keys, and POSTs to token webhooks.
|
||||||
|
#! The Concierge never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.
|
||||||
|
#! Optional.
|
||||||
|
https_proxy: #! e.g. http://proxy.example.com
|
||||||
|
no_proxy: "$(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local" #! do not proxy Kubernetes endpoints
|
||||||
|
@ -107,7 +107,7 @@ spec:
|
|||||||
- name: HTTPS_PROXY
|
- name: HTTPS_PROXY
|
||||||
value: #@ data.values.https_proxy
|
value: #@ data.values.https_proxy
|
||||||
#@ end
|
#@ end
|
||||||
#@ if data.values.no_proxy:
|
#@ if data.values.https_proxy and data.values.no_proxy:
|
||||||
- name: NO_PROXY
|
- name: NO_PROXY
|
||||||
value: #@ data.values.no_proxy
|
value: #@ data.values.no_proxy
|
||||||
#@ end
|
#@ end
|
||||||
|
@ -72,4 +72,4 @@ api_group_suffix: pinniped.dev
|
|||||||
#! The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.
|
#! The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.
|
||||||
#! Optional.
|
#! Optional.
|
||||||
https_proxy: #! e.g. http://proxy.example.com
|
https_proxy: #! e.g. http://proxy.example.com
|
||||||
no_proxy: #! e.g. 127.0.0.1
|
no_proxy: "$(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local" #! do not proxy Kubernetes endpoints
|
||||||
|
Loading…
Reference in New Issue
Block a user