From bcf4b0b7edc33c80cd824a465a3ab95a2b31edb6 Mon Sep 17 00:00:00 2001 From: Steffen Illium Date: Thu, 16 May 2024 19:17:18 +0200 Subject: [PATCH] hompage adjustments --- apps/homepage/base/configmap.yaml | 9 +++++ apps/homepage/base/ingress.yaml | 5 +++ apps/homepage/security/clusterrole.yaml | 39 +++++++++++++++++++ .../homepage/security/clusterrolebinding.yaml | 14 +++++++ apps/homepage/security/secret.yaml | 9 +++++ apps/homepage/security/serviceaccount.yaml | 8 ++++ 6 files changed, 84 insertions(+) create mode 100644 apps/homepage/base/configmap.yaml create mode 100644 apps/homepage/security/clusterrole.yaml create mode 100644 apps/homepage/security/clusterrolebinding.yaml create mode 100644 apps/homepage/security/secret.yaml create mode 100644 apps/homepage/security/serviceaccount.yaml diff --git a/apps/homepage/base/configmap.yaml b/apps/homepage/base/configmap.yaml new file mode 100644 index 0000000..c581e13 --- /dev/null +++ b/apps/homepage/base/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +data: + kubernetes.yaml: | + mode: cluster \ No newline at end of file diff --git a/apps/homepage/base/ingress.yaml b/apps/homepage/base/ingress.yaml index 03975c7..017472f 100644 --- a/apps/homepage/base/ingress.yaml +++ b/apps/homepage/base/ingress.yaml @@ -13,3 +13,8 @@ spec: services: - name: homepage port: http + sticky: + cookie: + httpOnly: true + secure: true + sameSite: none diff --git a/apps/homepage/security/clusterrole.yaml b/apps/homepage/security/clusterrole.yaml new file mode 100644 index 0000000..6c3073a --- /dev/null +++ b/apps/homepage/security/clusterrole.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: homepage + labels: + app: homepage +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - nodes + verbs: + - get + - list + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - apiGroups: + - traefik.containo.us + resources: + - ingressroutes + verbs: + - get + - list + - apiGroups: + - metrics.k8s.io + resources: + - nodes + - pods + verbs: + - get + - list \ No newline at end of file diff --git a/apps/homepage/security/clusterrolebinding.yaml b/apps/homepage/security/clusterrolebinding.yaml new file mode 100644 index 0000000..9e8a34c --- /dev/null +++ b/apps/homepage/security/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: homepage + labels: + app: homepage +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: homepage +subjects: + - kind: ServiceAccount + name: homepage + \ No newline at end of file diff --git a/apps/homepage/security/secret.yaml b/apps/homepage/security/secret.yaml new file mode 100644 index 0000000..97f3449 --- /dev/null +++ b/apps/homepage/security/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: homepage + labels: + app: homepage + annotations: + kubernetes.io/service-account.name: homepage diff --git a/apps/homepage/security/serviceaccount.yaml b/apps/homepage/security/serviceaccount.yaml new file mode 100644 index 0000000..c2be7be --- /dev/null +++ b/apps/homepage/security/serviceaccount.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: homepage + labels: + app: homepage +secrets: + - name: homepage \ No newline at end of file