Scope down default deployment (#412)

mjudeikis · web-flow · commit f867fd3d8720 · 2025-12-01T14:12:53.000+02:00
* scope down default deployment

* fix wrong flag
diff --git a/deploy/charts/backend/templates/deployment.yaml b/deploy/charts/backend/templates/deployment.yaml
@@ -76,6 +76,9 @@ spec:
             {{- if .Values.backend.consumerScope }}
             - --consumer-scope={{ .Values.backend.consumerScope }}
             {{- end }}
+            {{- if .Values.backend.clusterScopeIsolation }}
+            - --cluster-scoped-isolation={{ .Values.backend.clusterScopeIsolation }}
+            {{- end }}
             {{- if .Values.backend.cookieSigningKey }}
             - --cookie-signing-key={{ .Values.backend.cookieSigningKey }}
             {{- end }}
@@ -91,6 +94,9 @@ spec:
             {{- else if eq .Values.backend.oidc.type "external" }}
             - --oidc-type=external
             {{- end }}
+            {{- if .Values.backend.loggingLevel }}
+            - -v={{ .Values.backend.loggingLevel }}
+            {{- end }}
           ports:
             {{- if .Values.backend.tls.enabled }}
             - name: https
diff --git a/deploy/charts/backend/values.yaml b/deploy/charts/backend/values.yaml
@@ -10,6 +10,7 @@ backend:
   listenAddress: "0.0.0.0:8080"
   externalAddress: ""
   externalServerName: ""
+  loggingLevel: 2
   tls:
     enabled: false
     certSecretName: ""
@@ -25,8 +26,9 @@ backend:
   # General backend configuration
   prettyName: ""
   namespacePrefix: "kube-bind-"
-  consumerScope: "cluster"
-  
+  consumerScope: "namespaced"
+  clusterScopeIsolation: "prefix" # Options: none, prefix, namespaced
+
   # Cookie configuration - these should be base64 encoded keys
   # Empty values - will generate random keys on each start (not for production!)
   cookieSigningKey: ""
