docs: 归档基于旧版 k8s 的 jwt 加密部署文档

2026-05-03 18:59:44 +08:00
parent d19cb53f24
commit 60a3530609
9 changed files with 0 additions and 0 deletions
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: jwt-secret
+  namespace: juwan
+type: Opaque
+data:
+  # base64 encoded: your-secret-jwt-key-change-this-in-production
+  secret-key: eW91ci1zZWNyZXQtand0LWtleS1jaGFuZ2UtdGhpcy1pbi1wcm9kdWN0aW9u
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: user-rpc
+  namespace: juwan
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: envoy-gateway
+  namespace: juwan
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: jwt-secret-reader
+  namespace: juwan
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["jwt-secret"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: user-rpc-jwt-secret-reader
+  namespace: juwan
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jwt-secret-reader
+subjects:
+  - kind: ServiceAccount
+    name: user-rpc
+    namespace: juwan
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: envoy-gateway-jwt-secret-reader
+  namespace: juwan
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jwt-secret-reader
+subjects:
+  - kind: ServiceAccount
+    name: envoy-gateway
+    namespace: juwan