easyai-ai-gateway/deploy/kubernetes/security-events-secret-rbac.yaml
chengcheng 9efeb16fd1 feat(ssf): 实现安全事件一键连接与凭据托管
新增数据库驱动的 SecurityEventConnectionManager,复用 RFC 7662 机器 Client,自动完成 Discovery、Push Bearer 生成、Stream 创建、Verification、首次启用、零停机轮换和安全退役。

增加文件与 Kubernetes SecretStore、最小权限 RBAC、动态 Receiver/撤销水位/内省降级,以及系统设置管理页面。已通过全量 Go 测试、go vet、关键包竞态测试、27 个 Web 测试、类型检查、生产构建、Compose 和 Kubernetes dry-run。
2026-07-15 17:25:00 +08:00

35 lines
853 B
YAML

# Reference overlay for installations that run the Gateway in Kubernetes.
# Keep the Secret empty: the Gateway writes only generated Push Bearers.
apiVersion: v1
kind: Secret
metadata:
name: easyai-gateway-security-events
namespace: easyai
type: Opaque
data: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: easyai-gateway-security-events
namespace: easyai
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["easyai-gateway-security-events"]
verbs: ["get", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: easyai-gateway-security-events
namespace: easyai
subjects:
- kind: ServiceAccount
name: easyai-ai-gateway
namespace: easyai
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: easyai-gateway-security-events