Deploy dex in metalk8s from helm charts #2025
Conversation
Hello ebaneck,My role is to assist you with the merge of this Status report is not available. |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
Ebaneck
changed the title
Ebaneck
force-pushed
the
feature/2007-deploy-dex-in-metalk8s-from-helm-charts
branch
2 times, most recently
from
646e460
to
ebc9116
Compare
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
Ebaneck
force-pushed
the
feature/2007-deploy-dex-in-metalk8s-from-helm-charts
branch
from
ebc9116
to
45d5892
Compare
Ebaneck
force-pushed
the
feature/2007-deploy-dex-in-metalk8s-from-helm-charts
branch
2 times, most recently
from
c9255d9
to
58aece3
Compare
Ebaneck
force-pushed
the
feature/2007-deploy-dex-in-metalk8s-from-helm-charts
branch
6 times, most recently
from
c692de0
to
8bc02b2
Compare
Branches have divergedThis pull request's source branch To avoid any integration risks, please re-synchronize them using one of the
Note: If you choose to rebase, you may have to ask me to rebuild |
There was a problem hiding this comment.
LGTM - added a wait to not merge this in 2.4.
In the meantime (waiting for 2.5 branch), could you please:
- start adding some tests (e.g. try to reach the openid-configuration and check the issuer_url)
- investigate SSL verification from the Ingress (the thing that we removed) - does it work? or is it just ignored?
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
|
/after_pull_request=2063 |
Waiting for other pull request(s)The current pull request is locked by the after_pull_request option. In order for me to merge this pull request, run the following actions first: ➡️ Merge the
Alternatively, delete all the after_pull_request comments from this pull request. The following options are set: after_pull_request |
``` $ helm fetch -d charts --untar stable/dex ``` Closes: #2007
That prevented a proper dumping of the Secret data
This commit adds support for ClusterIP in the Dex charts.
This changed is added because multi-line strings is an issue in rendered charts since Jinja "commands" are split. This fix is needed to properly add and render Dex charts as done in the next commit
This commit adds the following: Adds Dex Image to the buildchain Adds method to obtain OIDC service IP and binds this static IP as the ClusterIP address for Dex service Adds `metalk8-auth` namespace which holds OIDC/authentication cluster resources(PODS) Automatically generate Dex deployment, service account, cluster role and clusterrolebindings The Dex chart.sls is generated from the Helm charts using: ``` $ ./charts/render.py dex metalk8s-auth charts/dex.yaml charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls Add states to deploy Dex and related server certificates Closes: #2007 Closes: #2011
The newly created Dex static user has no access to any resources in a Metalk8s cluster. This commit adds a clusterrolebinding which binds the Dex static user to the Metalk8s Cluster admin Clusterrole. Closes: #2055
This commit adds the following: Add configuration parameters to the APIserver manifest which is required by Dex Define a way to find the Ingress external IP required by Dex config flags If a minion wants to reference the control-plane Ingress by its external IP(in our case the Dex service), it needs to know the control-plane IP of the bootstrap minion (as it is the one used by Salt master when creating the Service). For posterity, we define a helper that should work even during the initial boostrap. Closes: #2010
We need to backup the Dex CAfile and key in other to be able to run a cluster restore. This commit adds the Dex CA file and Key to the backup and restore scripts.
Ebaneck
force-pushed
the
feature/2007-deploy-dex-in-metalk8s-from-helm-charts
branch
from
b52a215
to
d310f34
Compare
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: The following options are set: after_pull_request |
|
/approve |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: The following options are set: approve, after_pull_request |
|
/status |
StatusStatus report is not available. The following options are set: approve, after_pull_request |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: The following options are set: approve, after_pull_request |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve, after_pull_request |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye ebaneck. |
bert-e
deleted the
feature/2007-deploy-dex-in-metalk8s-from-helm-charts
branch
Component:
'authentication', 'salt', 'kubernetes'
Context:
See #2007
Summary:
Acceptance criteria:
Closes: #2007