Comments (9)
I worked around point (2) above by creating a cert-manager Certificate
resource that populates it in a secret that the Ingress then consumes, this seems to work well.
from openunison-k8s-login-oidc.
Our next release of the operator supports adding annotations to the ingress definition. we'll also support disabling the creation of ou-tls-certificate
from openunison-k8s-login-oidc.
To be more specific, we're using cert-manager (https://cert-manager.io/) to Issue Let's Encrypt certificates, so cert-manager will populate the ou-tls-certificate
secret with the Certs from Let's Encrypt, but how to ensure the operator is not going to override it?
maybe we need to remove this section from the OpenUnison
manifest?
- create_data:
ca_cert: true
key_size: 2048
server_name: {{ .Values.network.openunison_host }}
sign_by_k8s_ca: false
subject_alternative_names:
- {{ .Values.network.dashboard_host }}
{{ if eq .Values.enable_impersonation true }}
- {{ .Values.network.api_server_host }}
{{ end }}
import_into_ks: certificate
name: unison-ca
tls_secret_name: ou-tls-certificate
from openunison-k8s-login-oidc.
this is a reasonable request.
maybe we need to remove this section from the OpenUnison manifest?
Precisely
from openunison-k8s-login-oidc.
great 👍 I'll try that, but I think we're also missing the ability to add an annotation to the ingress:
cert-manager.io/issuer: "letsencrypt-staging"
if I update the ingress manually, will the operator change it back?
from openunison-k8s-login-oidc.
if I update the ingress manually, will the operator change it back?
No. The other option is to create a Certificate
object so you don't need to add the annotation
from openunison-k8s-login-oidc.
Just managed to glue this together 😄
- Removed the
ou-tls-certificate
create_data
block fromorchestra
- added the cert-manager annotation to the ingress
I guess my only ask is to be able to add custom annotations to the generated ingress
resource 🙏
This method is preferred because it ensures cert-manager keeps track of all the ingresses and updates them accordingly.
from openunison-k8s-login-oidc.
ohh, wonderful! can't wait for the next release 😄
from openunison-k8s-login-oidc.
Annotations are now supported on the Ingress
from the Helm chart
from openunison-k8s-login-oidc.
Related Issues (20)
- Is it possible to add versions for new releases? HOT 2
- multiple token for multiple cluster of the same user in config HOT 4
- Issue with dashboard proxy with non-default cluster domain (!= cluster.local) HOT 4
- kubectl exec|port-forward fails when using api impersonation HOT 35
- Streaming commands (logs and get -w) cuts off after 20~40 seconds HOT 23
- Unable to login to openunison HOT 58
- check-certs-orchestra getting kubernetes.default.svc.cluster.local: Name or service not known HOT 1
- OpenUnison resource reports Failed state after upgrade 1.0.21, but otherwise works HOT 4
- Not able to access Openunison UI HOT 30
- deployment of oidc-login fails with error " java.lang.IllegalArgumentException: Last unit does not have enough valid bits " HOT 4
- Helm chart for orchestra is not deploying ingress. HOT 7
- Openunison/Kubernetes Cert Issues HOT 2
- Integration with traefik ingressroute HOT 6
- Unable to install on k3d cluster HOT 6
- installing helm chart k8s-login-oidc results in error off of openunison_host HOT 3
- Dashboard is Unauthorized HOT 6
- Can't access Kubernetes Dashboard Chapter 7 HOT 2
- Other ingress controllers HOT 3
- OpenID Connect to AWS eks HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openunison-k8s-login-oidc.