diff --git a/bin/freeleaps-cluster-login b/bin/freeleaps-cluster-login index 69c27c1b..725688e3 100755 --- a/bin/freeleaps-cluster-login +++ b/bin/freeleaps-cluster-login @@ -80,7 +80,7 @@ function main() { --oidc-client-id ${MATHMAST_AD_CLIENT_ID} \ --oidc-client-secret ${MATHMAST_AD_CLIENT_SECRET} \ --oidc-extra-scope="profile,email,offline_access" \ - --log_file=/dev/null + --log_file=/dev/null \ # Prompt user to input username echo "Please enter your username: " @@ -99,11 +99,15 @@ function main() { --exec-arg=get-token \ --exec-arg="--oidc-issuer-url=${MATHMAST_AD_ISSUER}" \ --exec-arg="--oidc-client-id=${MATHMAST_AD_CLIENT_ID}" \ - --exec-arg="--oidc-client-secret=${MATHMAST_AD_CLIENT_SECRET}" + --exec-arg="--oidc-client-secret=${MATHMAST_AD_CLIENT_SECRET}" \ + --exec-arg="--oidc-extra-scope=offline_access" \ + --exec-arg="--oidc-extra-scope=profile" \ + --exec-arg="--oidc-extra-scope=email" \ echo "Set cluster..." kubectl config set-cluster freeleaps-cluster \ - --server=https://${CLUSTER_API_LB_IP}:6443 + --server=https://${CLUSTER_API_LB_IP}:6443 \ + --insecure-skip-tls-verify=true echo "Create context..." kubectl config set-context "$username@freeleaps-cluster" \ diff --git a/cluster/manifests/freeleaps-controls-system/cert-manager/microsoft-entra-id-selfsigned.yaml b/cluster/manifests/freeleaps-controls-system/cert-manager/microsoft-entra-id-selfsigned.yaml deleted file mode 100644 index 15b1201a..00000000 --- a/cluster/manifests/freeleaps-controls-system/cert-manager/microsoft-entra-id-selfsigned.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: microsoft-entra-id-selfsigned - namespace: freeleaps-controls-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: microsoft-entra-id-selfsigned - namespace: freeleaps-controls-system -spec: - dnsNames: - - login.microsoftonline.com - - 4.155.160.32 - secretName: microsoft-entra-id-selfsigned - issuerRef: - name: microsoft-entra-id-selfsigned - kind: Issuer - group: cert-manager.io \ No newline at end of file diff --git a/cluster/manifests/freeleaps-devops-system/namespace.yaml b/cluster/manifests/freeleaps-devops-system/namespace.yaml index 5e6e77fb..4329c2fe 100644 --- a/cluster/manifests/freeleaps-devops-system/namespace.yaml +++ b/cluster/manifests/freeleaps-devops-system/namespace.yaml @@ -4,14 +4,3 @@ metadata: name: freeleaps-devops-system labels: name: freeleaps-devops-system - ---- - -apiVersion: v1 -kind: ResourceQuota -metadata: - name: freeleaps-devops-system - namespace: freeleaps-devops-system -spec: - hard: - requests.cpu: "4" diff --git a/cluster/manifests/rbac/mathmast-admin-cr-binding.yaml b/cluster/manifests/rbac/mathmast-admin-cr-binding.yaml new file mode 100644 index 00000000..1ac571d1 --- /dev/null +++ b/cluster/manifests/rbac/mathmast-admin-cr-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mathmast-admin-cr-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: mathmast:admin \ No newline at end of file diff --git a/cluster/manifests/rbac/mathmast-regular-cr-binding.yaml b/cluster/manifests/rbac/mathmast-regular-cr-binding.yaml new file mode 100644 index 00000000..72f2506b --- /dev/null +++ b/cluster/manifests/rbac/mathmast-regular-cr-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mathmast-regular-cr-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: mathmast:basic-user \ No newline at end of file