bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

comms(mas): enable internal admin API

Browse Source
This commit is contained in:
Brad Stein 2026-01-01 18:22:32 -03:00
parent 32f1532508
commit 144467dfe2
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
services/communication/mas-configmap.yaml
View File

@ -22,13 +22,18 @@ data:
- name: internal
resources:
- name: health
- name: adminapi
binds:
- host: localhost
port: 8081
- address: "0.0.0.0:8081"
database:
uri: "postgresql://mas:@@MAS_DB_PASSWORD@@@postgres-service.postgres.svc.cluster.local:5432/mas?sslmode=prefer"
clients:
- client_id: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
client_auth_method: client_secret_basic
client_secret_file: /etc/mas/admin-client/client_secret
secrets:
encryption_file: /etc/mas/secrets/encryption
keys:
@ -72,6 +77,8 @@ data:
policy:
data:
admin_clients:
- 01KDXMVQBQ5JNY6SEJPZW6Z8BM
client_registration:
allow_insecure_uris: true
allow_host_mismatch: true

18
services/communication/mas-deployment.yaml
View File

@ -14,7 +14,7 @@ spec:
template:
metadata:
annotations:
checksum/config: v4-bind-1
checksum/config: v5-adminapi-1
labels:
app: matrix-authentication-service
spec:
@ -80,6 +80,9 @@ spec:
- name: http
containerPort: 8080
protocol: TCP
- name: internal
containerPort: 8081
protocol: TCP
volumeMounts:
- name: rendered
mountPath: /rendered
@ -87,6 +90,9 @@ spec:
- name: secrets
mountPath: /etc/mas/secrets
readOnly: true
- name: admin-client
mountPath: /etc/mas/admin-client
readOnly: true
- name: keys
mountPath: /etc/mas/keys
readOnly: true
@ -122,6 +128,12 @@ spec:
items:
- key: rsa_key
path: rsa_key
- name: admin-client
secret:
secretName: mas-admin-client-runtime
items:
- key: client_secret
path: client_secret
---
apiVersion: v1
kind: Service
@ -136,3 +148,7 @@ spec:
port: 8080
targetPort: http
protocol: TCP
- name: internal
port: 8081
targetPort: internal
protocol: TCP