-
Notifications
You must be signed in to change notification settings - Fork 404
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure Jaeger UI #681
Secure Jaeger UI #681
Conversation
@@ -8,14 +7,26 @@ spec: | |||
hosts: | |||
- jaeger.{{ .Values.global.domainName }} | |||
gateways: | |||
- {{ .Values.global.istio.gateway.name }} | |||
- core-{{ .Chart.Name }}-gateway |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why can't you use gateway defined for kyma? https://github.com/kyma-project/kyma/blob/master/resources/core/charts/gateway/templates/gateway.yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have defined a new “security context” only for Jaeger UI which is independent of the others already existing. Therefore, we have a new “static client” for dex, see the related PR.
Jaeger UI will be used by developers in addition to admins or support. Compromising it should not imply that the others are compromised too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check my latest commit
{{- if .Values.jaeger.memory }} | ||
args: ["--memory.max-traces={{ .Values.jaeger.memory.maxTraces }}"] | ||
{{- end }} | ||
resources: | ||
{{ toYaml .Values.resources | indent 12 }} | ||
- image: quay.io/gambol99/keycloak-proxy:v2.2.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will update keycloak
to the latest version 2.3.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
change the oauth callback path from kyma-oauth to oauth
See also #356 |
Description
Changes proposed in this pull request:
Related issue(s)
Implements #356