Skip to content
This repository has been archived by the owner on Jul 15, 2021. It is now read-only.

fix bug where tokens can't refresh #94

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

fix bug where tokens can't refresh #94

wants to merge 7 commits into from

Conversation

paulczar
Copy link
Contributor

when tokens expire the kubeclient needs to refresh them and that means
it needs to trust the CA of the openid server, to do that we need to
pass idp-certificate-authority-data through to the kubeconfig.

@craigtracey
Copy link
Contributor

What happens if you don't need a Trusted CA? Shouldn't this be optional?

@craigtracey craigtracey self-requested a review January 16, 2019 22:24
craigtracey
craigtracey suggested changes Jan 16, 2019
View reviewed changes
Copy link
Contributor

@craigtracey craigtracey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this field should be optional

@craigtracey
Copy link
Contributor

It also looks like we need a rebase here.

@paulczar paulczar force-pushed the ca-for-token branch 2 times, most recently from 8bdc98f to e840a9e Compare March 12, 2019 17:29
@paulczar
Copy link
Contributor Author

This field is effectively optional ... if its not provided the contents of the field in the kube config file or in the command line template will be an empty string which the kubeconfig config reader then ignores because its set to omit if empty in the kubeconfig object.

@paulczar
Allow kubeconfig setting for trusted ca
e4312b7 
Signed-off-by: Paul Czarkowski <username.taken@gmail.com>
Signed-off-by: Jignesh Sheth <jsheth@pivotal.io>
@paulczar
fix bug where tokens can't refresh
4751c21 
when tokens expire the kubeclient needs to refresh them and that means
it needs to trust the CA of the openid server, to do that we need to
pass `idp-certificate-authority-data` through to the kubeconfig.

Signed-off-by: Paul Czarkowski <username.taken@gmail.com>
Signed-off-by: Jignesh Sheth <jsheth@pivotal.io>
@paulczar
rebased and fixed changes
b13f1ef 
Signed-off-by: Paul Czarkowski <username.taken@gmail.com>
@paulczar
fix idp issuer token to be trusted ca
ae22b47 
Signed-off-by: Paul Czarkowski <username.taken@gmail.com>
@paulczar
fix goformatting
ba5df80 
Signed-off-by: Paul Czarkowski <username.taken@gmail.com>
@paulczar
Copy link
Contributor Author

it would be great to get this merged in ... its blocking gangway from working with PKS

@jenting
Copy link
Contributor

jenting commented Jun 29, 2020

related to #148

@vijaykatam
Copy link

#149

@jenting
Copy link
Contributor

jenting commented Jun 30, 2020

Same, we bump into this issue when the dex CA is a self-signed CA.
@paulczar Could you please rebase to the latest master branch to resolves the conflicts, thx.

@asvasyanin
Copy link

any updates?

@brokencode64
Copy link

Would love to see this merged as well, it's currently blocking us as well with using dex.

@jcrood jcrood mentioned this pull request Oct 21, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@craigtracey craigtracey craigtracey requested changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@paulczar @craigtracey @jenting @vijaykatam @asvasyanin @brokencode64