New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route LDAP IDPs in the oauth server through guest VPC #1680
Conversation
@@ -127,6 +128,7 @@ func oauthContainerMain() *corev1.Container { | |||
func buildOAuthContainerMain(image string) func(c *corev1.Container) { | |||
return func(c *corev1.Container) { | |||
c.Image = image | |||
c.Image = "quay.io/aleman/debug-pub:oauth-with-proxy-support" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be removed once openshift/library-go#1388 merged and got pulled into the oauth-server
/hold
✅ Deploy Preview for hypershift-docs ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alvaroaleman The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
c6a68a0
to
b89a1e6
Compare
/hold cancel The corresponding change in the oauth-server has been approved |
b89a1e6
to
f60f77b
Compare
This changes makes us route LDAP IDPs in the oauth server to the guest VPC by: * Setting the ALL_PROXY env var to the ldap dialer will use the socks5 sidecar * Extending the socks5 sidecar to optionally resolve everything through the guest clusters cluster-dns
f60f77b
to
15f603f
Compare
/lgtm |
/retest-required |
1 similar comment
/retest-required |
@alvaroaleman: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Only the upgrade test failed and that is unrelated |
@alvaroaleman: Overrode contexts on behalf of alvaroaleman: ci/prow/e2e-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This changes makes us route LDAP IDPs in the oauth server to the guest
VPC by:
sidecar
the guest clusters cluster-dns
Ref https://issues.redhat.com/browse/HOSTEDCP-421
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, use
fixes #<issue_number>(, fixes #<issue_number>, ...)
format, where issue_number might be a GitHub issue, or a Jira story:Fixes #
Checklist