Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable options to API server #37

Closed
anton-johansson opened this Issue Mar 8, 2019 · 5 comments

Comments

Projects
None yet
2 participants
@anton-johansson
Copy link
Contributor

anton-johansson commented Mar 8, 2019

I'm planning on doing an LDAP-integration for authentication to our cluster, so we can use a detailed permission system. To do this, I need to use aditional options to the API server:

--oidc-issuer-url=https://dex.example.com
--oidc-client-id=example-app
--oidc-ca-file=/etc/ssl/certs/openid-ca.pem
--oidc-username-claim=email
--oidc-groups-claim=groups

Any idea on how we can add a generic way of adding API-server options?

Maybe some prefixed Ansible variables? Like kube-apiserver.oidc-issuer-url=https://dex.example.com?

@amimof

This comment has been minimized.

Copy link
Owner

amimof commented Mar 18, 2019

As much as I like the idea of the ability to customise, I think to a certain extent it just adds too much complexity. The goal has always been to keep it simple and leave keep specific configuration away from this project.

@anton-johansson

This comment has been minimized.

Copy link
Contributor Author

anton-johansson commented Mar 18, 2019

Yeah, that's fair enough! How would you suggest tweaking the configuration? I'd very much like to keep using KTRW. I could fork this repository, but that feels bad as well.

@amimof

This comment has been minimized.

Copy link
Owner

amimof commented Mar 19, 2019

I would include install.yml in a top-level playbook that would do stuff before and after running ktrw. Look at test/main.yml which does exactly this.

https://github.com/amimof/kubernetes-the-right-way/blob/master/test/main.yml#L109

anton-johansson added a commit to anton-johansson/kubernetes-the-right-way that referenced this issue Mar 19, 2019

Allow dynamic configuration of `kube-apiserver`
This replaces `enable_admission_plugins`

Closes amimof#37
@anton-johansson

This comment has been minimized.

Copy link
Contributor Author

anton-johansson commented Mar 19, 2019

Hmm, that could work. However, that means I have to replicate the service file for kube-apiserver. That could potentially cause conflicts with future versions of KTRW.

I made a small PR with a suggestion that I don't think is too complex and allows very dynamic configuration, in an easy way. What do you think? See #38.

@anton-johansson

This comment has been minimized.

Copy link
Contributor Author

anton-johansson commented Mar 21, 2019

Decided to fork the repository after all, and try to keep up with your changes in the future. :)

Closing this!

anton-johansson added a commit to anton-johansson/kubernetes-the-right-way that referenced this issue Mar 22, 2019

Allow dynamic configuration of `kube-apiserver`
This replaces `enable_admission_plugins`

Closes amimof#37

amimof added a commit that referenced this issue Mar 24, 2019

Allow dynamic configuration of `kube-apiserver` (#38)
* Allow dynamic configuration of `kube-apiserver`

* This replaces `enable_admission_plugins`

* Closes #37

* Move additional flags to the end of the command line

* This way, we can properly override KTRW-default flags.

* Add newline at the end of the command line
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.