Comments (5)
nabadger
commented on May 21, 2024
2
Yep, ran into the same thing when I was checking this earlier ;)
from dex-k8s-authenticator.
AlexMorreale
commented on May 21, 2024
Looks like the code in the PR for that change only happens when you dont specify and a config file?
Correct me if i am wrong here.
from dex-k8s-authenticator.
nabadger
commented on May 21, 2024
@AlexMorreale thanks for feedback :)
The latest image should support this but there's a limitation in the Helm template at the moment as it doesn't let you pass in env to the podspec (I'll create an issue to track/add this as it's simple enough).
If you're rolling your own manifests, here's how you can do it.
dex-k8s-authenticator config:
listen: http://0.0.0.0:5555
debug: false
clusters:
- client_id: my-cluster
client_secret: ${CLIENT_SECRET}
description: minikube
issuer: http://dex.minikube.test
k8s_ca_uri: http://ca.example.com
k8s_master_uri: http://my-cluster.example.com
name: my-cluster
redirect_uri: http://auth.minikube.test/callback/my-clusterkubernetes secret:
apiVersion: v1
data:
client_secret: <base64 encoded secret>
kind: Secret
metadata:
name: dex-auth-secrets
namespace: default
type: Opaquepod-spec
...
spec:
containers:
- args:
- --config
- config.yaml
env:
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: dex-auth-secrets
...So basically, just use ${SOME_VAR} in your configmap for any setting, and the application will perform a lookup at runtime to see if that value exists in your environ, if it does it will use it - the environ can just be populated by k8s secrets.
from dex-k8s-authenticator.
AlexMorreale
commented on May 21, 2024
luckily i am rolling my own manifests(gives us more flexibility and allows us to use traefik as our ingress infront of them)
I actually tried something exactly this and im getting:
Failed to get token: oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"Invalid client credentials."}
when i return from dex to dex-k8s-authenticator
from dex-k8s-authenticator.
AlexMorreale
commented on May 21, 2024
nvm i figured it out it was kubernetes secret issue when base64 encoding for env vars the kubernetes docs recommand echo -n over echo for piping into base64.
bad:
alex@omega :: ~/ezcater/ ➜ echo "alex-testing" | base64
YWxleC10ZXN0aW5nCg==
good:
alex@omega :: ~/ezcater/ ➜ echo -n "alex-testing" | base64
YWxleC10ZXN0aW5n
Really sorry for the hassle. Left the long comment to help others in the future.
from dex-k8s-authenticator.
Related Issues (20)
- Failed to query provider "https://dex.example.org/": 400 Bad Request: Client sent an HTTP request to an HTTPS server.
- invalid_scope: Unknown/invalid scope(s): [offline_access, groups] HOT 1
- Add trivy container scanning to gh-action.
- k8s_ca_pem_base64_encoded not used? HOT 1
- Support raw copy kubeconfig file
- Hardcoded Secret in Dex Authenticator ConfigMap HOT 16
- Ability to work outside of Dex HOT 2
- TLS v1.3 Unsupported HOT 2
- Crashloop with no logs between querying provider and verifying client HOT 1
- Finalize upstream helm repo HOT 3
- helm chart not found HOT 1
- Expose user IP address in the logs HOT 2
- UI: cluster names are empty
- Add a arm64 image HOT 1
- Project maintenance (finding a new home for this repo) HOT 1
- Template for ingress not working in newer Kubernetes HOT 1
- You must be logged in to the server HOT 1
- Current Docker image has CVE-2023-0286 HOT 1
- can we use dex-k8s-authenticator without dex
- dex-k8s-authenticator web-app like CLI app
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dex-k8s-authenticator.