Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate JWKS for ory oathkeeper #7179

Merged
merged 8 commits into from
Feb 14, 2020
Merged

Generate JWKS for ory oathkeeper #7179

merged 8 commits into from
Feb 14, 2020

Conversation

piotrmsc
Copy link

@piotrmsc piotrmsc commented Feb 11, 2020
edited
Loading

Description
Rotate oathkeeper keys for id_token mutator instead of using a single one, hardcoded.
Changes proposed in this pull request:

  • Added Job creating keys if not provided by user
  • Added cron job responsible for rotating keys

Related issue(s)

@netlify
Copy link

netlify bot commented Feb 11, 2020
edited
Loading

🥰 Documentation preview ready! 🥰

Built with commit 40ac079

https://deploy-preview-7179--kyma-project-docs-preview.netlify.com

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

3 similar comments
@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-integration

Demonsthere
Demonsthere approved these changes Feb 13, 2020
View reviewed changes
Copy link

@Demonsthere Demonsthere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/meow

@kyma-bot
Copy link
Contributor

@Demonsthere: cat image

In response to this:

/meow

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@piotrmsc piotrmsc self-assigned this Feb 13, 2020
@piotrmsc piotrmsc added area/security Issues or PRs related to security kind/feature Categorizes issue or PR as related to a new feature. labels Feb 13, 2020
@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

2 similar comments
@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc
Copy link
Author

/test pre-master-kyma-gke-compass-integration

@piotrmsc piotrmsc marked this pull request as ready for review February 14, 2020 06:48
@piotrmsc piotrmsc mentioned this pull request Feb 14, 2020
Closed
Demonsthere
Demonsthere reviewed Feb 14, 2020
View reviewed changes
resources/ory/charts/oathkeeper/templates/cronjob.yaml
metadata:
name: oathkeeper-jwks-rotator
spec:
schedule: "0 0 * */1 *"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default option for a cronjob is concurrencyPolicy: Allow. We may want to have it set to Forbid

@piotrmsc piotrmsc merged commit 7c67045 into kyma-project:master Feb 14, 2020
@piotrmsc piotrmsc deleted the ory-oathkeeper-sign-keys branch February 14, 2020 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Demonsthere Demonsthere Demonsthere approved these changes

@jakkab jakkab Awaiting requested review from jakkab

@kubadz kubadz Awaiting requested review from kubadz

@strekm strekm Awaiting requested review from strekm

@Tomasz-Smelcerz-SAP Tomasz-Smelcerz-SAP Awaiting requested review from Tomasz-Smelcerz-SAP

Assignees

@piotrmsc piotrmsc

Labels
area/security Issues or PRs related to security kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@piotrmsc @kyma-bot @Demonsthere