# Copyright 2019 Istio Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- kind: ServiceAccount apiVersion: v1 metadata: name: authentikos namespace: default --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: authentikos rules: - apiGroups: - "" resources: - secrets verbs: - create - update --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: authentikos roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: authentikos subjects: - kind: ServiceAccount name: authentikos namespace: default --- apiVersion: apps/v1 kind: Deployment metadata: name: authentikos namespace: default labels: app: authentikos spec: replicas: 1 selector: matchLabels: app: authentikos template: metadata: labels: app: authentikos spec: serviceAccountName: authentikos containers: - name: authentikos image: gcr.io/istio-testing/authentikos:0.0.4 imagePullPolicy: Always args: - --verbose - --secret=http-cookiefile - --key=cookies - --creds=/etc/creds/service-account.json - --namespace=test-pods - --scopes=https://www.googleapis.com/auth/gerritcodereview - | --template=.googlesource.com TRUE / TRUE {{.Now | .TimeToUnix | .Add 3600}} o {{.Token}} source.developers.google.com FALSE / TRUE {{.Now | .TimeToUnix | .Add 3600}} o {{.Token}} volumeMounts: - name: creds mountPath: /etc/creds readOnly: true volumes: - name: creds secret: defaultMode: 0644 secretName: default-compute-service-account