-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use ENV vars in config file #45
Comments
Looks like the code in the PR for that change only happens when you dont specify and a config file? Correct me if i am wrong here. |
@AlexMorreale thanks for feedback :) The If you're rolling your own manifests, here's how you can do it. dex-k8s-authenticator config: listen: http://0.0.0.0:5555
debug: false
clusters:
- client_id: my-cluster
client_secret: ${CLIENT_SECRET}
description: minikube
issuer: http://dex.minikube.test
k8s_ca_uri: http://ca.example.com
k8s_master_uri: http://my-cluster.example.com
name: my-cluster
redirect_uri: http://auth.minikube.test/callback/my-cluster kubernetes secret: apiVersion: v1
data:
client_secret: <base64 encoded secret>
kind: Secret
metadata:
name: dex-auth-secrets
namespace: default
type: Opaque pod-spec ...
spec:
containers:
- args:
- --config
- config.yaml
env:
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: dex-auth-secrets
... So basically, just use ${SOME_VAR} in your configmap for any setting, and the application will perform a lookup at runtime to see if that value exists in your environ, if it does it will use it - the environ can just be populated by k8s secrets. |
luckily i am rolling my own manifests(gives us more flexibility and allows us to use traefik as our ingress infront of them) I actually tried something exactly this and im getting:
when i return from dex to dex-k8s-authenticator |
nvm i figured it out it was kubernetes secret issue when base64 encoding for env vars the kubernetes docs recommand bad:
good:
Really sorry for the hassle. Left the long comment to help others in the future. |
Yep, ran into the same thing when I was checking this earlier ;) |
I'd love to be able use ENV vars from a kubernetes secret in the config file.
Right now we have to make the whole config secret instead of configmap.
I saw this in the change log:
would this unreleased feature allow me drop
client_secret: <redacted>
from my configmap and just use an ENV var to specifiy theclient_secret
.Also love the tool. It makes it so much easy for our developers gain kubectl access. Thanks for writing this tool!.
The text was updated successfully, but these errors were encountered: