Closed nce closed 1 year ago
Secret that will be used in the helm release
apiVersion: v1
kind: Secret
metadata:
name: dex-azure-ad-connector
namespace: ops-dex
type: Opaque
data:
MICROSOFT_CLIENT_ID: ${base64encode(jsondecode(data.aws_secretsmanager_secret_version.azure.secret_string)["DEX_MICROSOFT_CLIENT_ID"])}
MICROSOFT_CLIENT_SECRET: ${base64encode(jsondecode(data.aws_secretsmanager_secret_version.azure.secret_string)["DEX_MICROSOFT_CLIENT_SECRET"])}
helm release secret reference
envFrom:
- secretRef:
name: dex-azure-ad-connector
AWS Credential that was created at the aws sandbox secret-manager
Important capabilities for the psp, so the pod can actually run
defaultAddCapabilities:
- CHOWN
- NET_BIND_SERVICE
- SETGID
- SETUID
working as expected.