c8b17978a9
This change deploys a small Squid-based proxy into the `dex` namespace in our integration test environment. This lets us use the cluster-local DNS name (`http://dex.dex.svc.cluster.local/dex`) as the OIDC issuer. It will make generating certificates easier, and most importantly it will mean that our CLI can see Dex at the same name/URL as the supervisor running inside the cluster. Signed-off-by: Matt Moyer <moyerm@vmware.com>
58 lines
1.1 KiB
YAML
58 lines
1.1 KiB
YAML
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
#! SPDX-License-Identifier: Apache-2.0
|
|
|
|
#@ load("@ytt:data", "data")
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: proxy
|
|
namespace: dex
|
|
labels:
|
|
app: proxy
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: proxy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: proxy
|
|
spec:
|
|
containers:
|
|
- name: proxy
|
|
image: docker.io/getpinniped/test-forward-proxy
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- name: http
|
|
containerPort: 3128
|
|
resources:
|
|
requests:
|
|
cpu: "10m"
|
|
memory: "64Mi"
|
|
limits:
|
|
cpu: "10m"
|
|
memory: "64Mi"
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
timeoutSeconds: 5
|
|
periodSeconds: 5
|
|
failureThreshold: 2
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: proxy
|
|
namespace: dex
|
|
labels:
|
|
app: proxy
|
|
spec:
|
|
type: NodePort
|
|
selector:
|
|
app: proxy
|
|
ports:
|
|
- port: 3128
|
|
nodePort: #@ data.values.ports.node |