cloud-provider-openstack/examples/webhook/keystone-deployment.yaml at 39d904e79f2928451ded74ac864d19872d323037 · shiftstack/cloud-provider-openstack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
apiVersion: apps/v1
kind: Deployment
metadata:
  name: k8s-keystone-auth
  namespace: kube-system
  labels:
    app: k8s-keystone-auth
spec:
  replicas: 2
  selector:
    matchLabels:
      app: k8s-keystone-auth
  template:
    metadata:
      labels:
        app: k8s-keystone-auth
    spec:
      serviceAccountName: k8s-keystone
      containers:
        - name: k8s-keystone-auth
          image: registry.k8s.io/provider-os/k8s-keystone-auth:v1.36.0
          args:
            - ./bin/k8s-keystone-auth
            - --tls-cert-file
            - /etc/pki/tls.crt
            - --tls-private-key-file
            - /etc/pki/tls.key
            - --policy-configmap-name
            - k8s-auth-policy
            - --keystone-url
            - {{ keystone_server_url }}
          volumeMounts:
            - mountPath: /etc/pki
              name: certs
              readOnly: true
          ports:
            - containerPort: 8443
      volumes:
      - name: certs
        secret:
          secretName: keystone-auth-certs