wwweww
61 lines
1.2 KiB
YAML
61 lines
1.2 KiB
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: jwt-secret
|
|
namespace: juwan
|
|
type: Opaque
|
|
data:
|
|
# base64 encoded: your-secret-jwt-key-change-this-in-production
|
|
secret-key: eW91ci1zZWNyZXQtand0LWtleS1jaGFuZ2UtdGhpcy1pbi1wcm9kdWN0aW9u
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: user-rpc
|
|
namespace: juwan
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: envoy-gateway
|
|
namespace: juwan
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: jwt-secret-reader
|
|
namespace: juwan
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
resourceNames: ["jwt-secret"]
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: user-rpc-jwt-secret-reader
|
|
namespace: juwan
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: jwt-secret-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: user-rpc
|
|
namespace: juwan
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: envoy-gateway-jwt-secret-reader
|
|
namespace: juwan
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: jwt-secret-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: envoy-gateway
|
|
namespace: juwan
|