Added example kubernetes yaml

I hacked my way through figuring this out and thought it might be helpful to others. Thanks!
viafoura · May 30, 2018 · bd22ac5 · bd22ac5
1 parent 80ce8a7
commit bd22ac5
Showing 1 changed file with 82 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -112,6 +112,88 @@ If the `current-context` is set to the name of one of the clusters then the
 `--context` argument may be omitted, and the cluster named by `current-context`
 will be used.
 
+## Kubernetes (example)
+Kuberos can be ran inside a cluster as long as it can still communicate with your OIDC provider from inside the pod and your OIDC provider is set to redirect to your Kuberos endpoint (NodePort, LoadBalancer, etc).
+
+The configuration below is meant to serve as a template and **not** something that is plug-and-play. You will need to adjust your DNS / nameserver helpers, Dex information, and optionally how you ingress your traffic.
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: kuberos
+  name: kuberos
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: kuberos
+    spec:
+      hostAliases:                  #
+      - ip: "192.168.1.1"           # OPTIONAL TO HELP ROUTE TRAFFIC TO DEX / OIDC
+        hostnames:                  #
+        - "dex.oidc.example.com"    # OPTIONAL TO HELP ROUTE TRAFFIC TO DEX / OIDC
+      containers:
+      - image: negz/kuberos:latest
+        name: kuberos
+        command: ["/kuberos", "https://dex.oidc.example.com", "example-app", "/cfg/secret", "/cfg/template"]
+        ports:
+        - name: http
+          containerPort: 10003      # DEFAULT FOR KUBEROS 10003, MATCHES NODEPORT SERVICE
+        volumeMounts:
+        - name: config
+          mountPath: /cfg
+      dnsConfig:
+        nameservers:
+          - 8.8.8.8                 # USING GOOGLE DNS FOR LOOKUPS
+      volumes:
+      - name: config
+        configMap:
+          name: kuberos
+          items:
+          - key: template
+            path: template
+          - key: secret
+            path: secret
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kuberos
+data:
+  template: |
+    apiVersion: v1
+    kind: Config
+    current-context: staging
+    clusters:
+    - name: production
+      cluster:
+        certificate-authority-data: REDACTED
+        server: https://prod.example.org
+    - name: staging
+      cluster:
+        certificate-authority-data: REDACTED
+        server: https://staging.example.org
+  secret: ZXhhbXBsZS1hcHAtc2VjcmV0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kuberos
+spec:
+  type: NodePort
+  ports:
+  - name: kuberos
+    port: 10003
+    protocol: TCP
+    targetPort: 10003               # INTERNAL PORT
+    nodePort: 31001                 # EXTERNAL / NODEPORT
+  selector:
+    app: kuberos
+```
+
 ## Alternatives
 OIDC helpers that run locally to setup `kubectl`:
 * https://github.com/micahhausler/k8s-oidc-helper