Add RBAC support

2018-10-10 11:08:52 +11:00 · 2018-10-10 11:08:52 +11:00 · 1a37b29798
parent 83b51c0bdf
commit 1a37b29798
2 changed files with 96 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -6,6 +6,10 @@ Use this in order to provide a ingress authentication over LDAP for Kubernetes,

    kubectl apply -f k8s.yaml

+For RBAC enabled cluster use the k8s-rbac.yaml manifest instead:
+
+    kubectl apply -f k8s-rbac.yaml
+
 Configure your ingress with annotation `nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555` as described on [nginx documentation](https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/).

 ## Config
--- a/k8s-rbac.yaml
+++ b/k8s-rbac.yaml
@ -0,0 +1,92 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nginx-ldap-auth
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: nginx-ldap-auth
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - "nginx-ldap-auth"
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - "nginx-ldap-auth"
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: nginx-ldap-auth
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: nginx-ldap-auth
+subjects:
+- kind: ServiceAccount
+  name: nginx-ldap-auth
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: nginx-ldap-auth
+spec:
+  type: ClusterIP
+  ports:
+  - name: nginx-ldap-auth
+    port: 5555
+    protocol: TCP
+    targetPort: 5555
+  selector:
+    app: nginx-ldap-auth
+
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: nginx-ldap-auth
+  labels:
+    app: nginx-ldap-auth
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nginx-ldap-auth
+    spec:
+      serviceAccountName: nginx-ldap-auth 
+      containers:
+      - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.0
+        name: nginx-ldap-auth
+        command:
+          - "nginx-ldap-auth"
+          - "--config"
+          - "/etc/nginx-ldap-auth/config.yaml"
+        ports:
+        - name: http
+          containerPort: 5555
+        volumeMounts:
+        - name: config
+          mountPath: /etc/nginx-ldap-auth
+      volumes:
+      - name: config
+        secret:
+          secretName: nginx-ldap-auth
+          items:
+          - key: config.yaml
+            path: config.yaml