generated from coulomb/repo-seed
fix(keycape): NK-WP-0003-T07 — fix deployment image + add demo-app client
- deployment.yaml: image → 92.205.130.254:32166/coulomb/key-cape:latest (Gitea OCI registry, delivered by KEY-WP-0002; imagePullPolicy: Always) - k3s insecure registry hosts.toml: fixed server endpoint to http:// so containerd does not attempt HTTPS against the plain-HTTP Gitea NodePort - create-secrets.sh: add demo-app OIDC client (required for KeyCape to start; also needed for T08 acceptance tests) - keycape-config Secret updated in-place (no re-bootstrap needed) KeyCape pod 1/1 Running; /healthz OK; OIDC discovery live at https://kc.coulomb.social/.well-known/openid-configuration Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -91,19 +91,17 @@ privacyidea:
|
|||||||
realm: "netkingdom"
|
realm: "netkingdom"
|
||||||
|
|
||||||
# ── OIDC client registrations ─────────────────────────────────────────────────
|
# ── OIDC client registrations ─────────────────────────────────────────────────
|
||||||
# Add one entry per downstream application.
|
|
||||||
# clientType: "public" for SPAs/native apps (PKCE, no client secret)
|
# clientType: "public" for SPAs/native apps (PKCE, no client secret)
|
||||||
# "confidential" for server-side apps (client secret required)
|
# "confidential" for server-side apps (client secret required)
|
||||||
clients: []
|
clients:
|
||||||
# Example:
|
- clientId: "demo-app"
|
||||||
# clients:
|
displayName: "Demo Application"
|
||||||
# - clientId: "my-app"
|
redirectUris:
|
||||||
# displayName: "My Application"
|
- "http://localhost:3000/callback"
|
||||||
# redirectUris:
|
- "https://demo.coulomb.social/callback"
|
||||||
# - "https://my-app.coulomb.social/callback"
|
allowedScopes: ["openid", "profile", "email", "groups"]
|
||||||
# allowedScopes: ["openid", "profile", "email", "groups"]
|
grantTypes: ["authorization_code"]
|
||||||
# grantTypes: ["authorization_code"]
|
clientType: "public"
|
||||||
# clientType: "public"
|
|
||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -49,13 +49,10 @@ spec:
|
|||||||
|
|
||||||
containers:
|
containers:
|
||||||
- name: keycape
|
- name: keycape
|
||||||
# EDIT before applying — see README.md "Building the image".
|
# Image published to self-hosted Gitea OCI registry on CoulombCore (KEY-WP-0002).
|
||||||
# Option A (registry): docker build -t <registry>/keycape:v0.1 ~/key-cape/ && docker push ...
|
# k3s insecure registry configured for 92.205.130.254:32166 — no pull secret needed.
|
||||||
# Option B (K3s local): docker build -t keycape:v0.1 ~/key-cape/ &&
|
image: 92.205.130.254:32166/coulomb/key-cape:latest
|
||||||
# docker save keycape:v0.1 | sudo k3s ctr images import -
|
imagePullPolicy: Always
|
||||||
# After Option B, set imagePullPolicy: Never.
|
|
||||||
image: keycape:v0.1
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
|
|||||||
Reference in New Issue
Block a user