Update k8s manifests

2026-03-10 18:37:59 +08:00 · 2026-03-10 18:37:59 +08:00 · 80ae5593b2
commit 80ae5593b2
parent c43f6e8f70
4 changed files with 16 additions and 0 deletions
--- a/k8s/apps/vaultwarden/helmrelease.yaml
+++ b/k8s/apps/vaultwarden/helmrelease.yaml
@ -27,6 +27,7 @@ spec:
      clientSecret:
        existingSecretKey: SSO_CLIENT_SECRET
      signupsMatchEmail: true
+      onlySSO: true
    ingress:
      enabled: true
      class: traefik
--- a/k8s/infrastructure/kustomization.yaml
+++ b/k8s/infrastructure/kustomization.yaml
@ -9,3 +9,4 @@ resources:
  - observability
  - openldap/helmrelease.yaml
  - keycloak/helmrelease.yaml
+  - oidc-rbac.yaml
--- a/k8s/infrastructure/observability/kube-prometheus-stack.yaml
+++ b/k8s/infrastructure/observability/kube-prometheus-stack.yaml
@ -48,6 +48,8 @@ spec:
      grafana.ini:
        server:
          root_url: https://grafana.n0ball.tw
+        auth:
+          disable_login_form: true
        auth.generic_oauth:
          enabled: true
          name: Keycloak
--- a/k8s/infrastructure/oidc-rbac.yaml
+++ b/k8s/infrastructure/oidc-rbac.yaml
@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: oidc-admin-n0ball
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: n0ball