-
Notifications
You must be signed in to change notification settings - Fork 791
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First-class azuread support, oauth 0.11 #1563
Conversation
in config and docs
After setting the authenticator_class as suggested, this LGTM. What are your thoughts about cutting the final z2jh release @minrk? Add beta.4 to test oauthenticator 0.11.0 also a while? |
Co-Authored-By: Erik Sundell <erik.i.sundell@gmail.com>
Since oauthenticator got a big refactor, let's do beta.4 in case there are regressions we haven't caught in testing (oauth is notoriously hard to test rigorously) |
Running I do have a question on how to configure this while keeping secrets out of the values.yaml file. maybe read them from k8s secrets? |
@cnf I typically maintain two helm template value files for my helm chart deployments. One without sensitive stuff (values.yaml), and one with sensitive stuff (secret-values.yaml).
# secret-values.yaml
auth:
clientSecret: ... I sometimes group everything into secret-values.yaml if they relate and I find it troublesome to separate them for readability reasons. Further, all files named secret, or being in a folder called secret etc, is automatically encrypted on commit by the CLI called I install using @minrk's built binaries of git-crypt: https://github.com/minrk/git-crypt-bin .gitattributes for use with git-crypt
|
Adds aliases for
auth.type = azuread
, soshould work now. OAuthenticator is updated to 0.11, which fixes some azuread issues, including the requirement to set tenant id via env, not just standard config.
/cc @cnf