Comments (9)
dkulchinsky
commented on June 12, 2024
1
I worked around point (2) above by creating a cert-manager Certificate resource that populates it in a secret that the Ingress then consumes, this seems to work well.
from openunison-k8s-login-oidc.
mlbiam
commented on June 12, 2024
1
Our next release of the operator supports adding annotations to the ingress definition. we'll also support disabling the creation of ou-tls-certificate
from openunison-k8s-login-oidc.
dkulchinsky
commented on June 12, 2024
To be more specific, we're using cert-manager (https://cert-manager.io/) to Issue Let's Encrypt certificates, so cert-manager will populate the ou-tls-certificate secret with the Certs from Let's Encrypt, but how to ensure the operator is not going to override it?
maybe we need to remove this section from the OpenUnison manifest?
- create_data:
ca_cert: true
key_size: 2048
server_name: {{ .Values.network.openunison_host }}
sign_by_k8s_ca: false
subject_alternative_names:
- {{ .Values.network.dashboard_host }}
{{ if eq .Values.enable_impersonation true }}
- {{ .Values.network.api_server_host }}
{{ end }}
import_into_ks: certificate
name: unison-ca
tls_secret_name: ou-tls-certificate
from openunison-k8s-login-oidc.
mlbiam
commented on June 12, 2024
this is a reasonable request.
maybe we need to remove this section from the OpenUnison manifest?
Precisely
from openunison-k8s-login-oidc.
dkulchinsky
commented on June 12, 2024
great 👍 I'll try that, but I think we're also missing the ability to add an annotation to the ingress:
cert-manager.io/issuer: "letsencrypt-staging"
if I update the ingress manually, will the operator change it back?
from openunison-k8s-login-oidc.
mlbiam
commented on June 12, 2024
if I update the ingress manually, will the operator change it back?
No. The other option is to create a Certificate object so you don't need to add the annotation
from openunison-k8s-login-oidc.
dkulchinsky
commented on June 12, 2024
Just managed to glue this together 😄
- Removed the
ou-tls-certificatecreate_datablock fromorchestra - added the cert-manager annotation to the ingress
I guess my only ask is to be able to add custom annotations to the generated ingress resource 🙏
This method is preferred because it ensures cert-manager keeps track of all the ingresses and updates them accordingly.
from openunison-k8s-login-oidc.
dkulchinsky
commented on June 12, 2024
ohh, wonderful! can't wait for the next release 😄
from openunison-k8s-login-oidc.
mlbiam
commented on June 12, 2024
Annotations are now supported on the Ingress from the Helm chart
from openunison-k8s-login-oidc.
Related Issues (20)
- Is it possible to add versions for new releases? HOT 2
- multiple token for multiple cluster of the same user in config HOT 4
- Issue with dashboard proxy with non-default cluster domain (!= cluster.local) HOT 4
- kubectl exec|port-forward fails when using api impersonation HOT 35
- Streaming commands (logs and get -w) cuts off after 20~40 seconds HOT 23
- Unable to login to openunison HOT 58
- check-certs-orchestra getting kubernetes.default.svc.cluster.local: Name or service not known HOT 1
- OpenUnison resource reports Failed state after upgrade 1.0.21, but otherwise works HOT 4
- Not able to access Openunison UI HOT 30
- deployment of oidc-login fails with error " java.lang.IllegalArgumentException: Last unit does not have enough valid bits " HOT 4
- Helm chart for orchestra is not deploying ingress. HOT 7
- Openunison/Kubernetes Cert Issues HOT 2
- Integration with traefik ingressroute HOT 6
- Unable to install on k3d cluster HOT 6
- installing helm chart k8s-login-oidc results in error off of openunison_host HOT 3
- Dashboard is Unauthorized HOT 6
- Can't access Kubernetes Dashboard Chapter 7 HOT 2
- Other ingress controllers HOT 3
- OpenID Connect to AWS eks HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openunison-k8s-login-oidc.