network:
openunison_host: "k8sou.app.103-149-126-200.nip.io"
dashboard_host: "k8sdb.app.103-149-126-200.nip.io"
api_server_host: "api.103-149-126-200.nip.io:6443"
session_inactivity_timeout_seconds: 900
k8s_url: https://api.103-149-126-200.nip.io:6443
createIngressCertificate: false
ingress_type: nginx
ingress_annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "letsencrypt"
cert_template:
ou: "Kubernetes"
o: "MyOrg"
l: "My Cluster"
st: "State of Cluster"
c: "MyCountry"
image: "docker.io/tremolosecurity/openunison-k8s-login-oidc:latest"
myvd_config_path: "WEB-INF/myvd.conf"
k8s_cluster_name: kubernetes
enable_impersonation: false
dashboard:
namespace: "kubernetes-dashboard"
cert_name: "kubernetes-dashboard-certs"
label: "k8s-app=kubernetes-dashboard"
service_name: kubernetes-dashboard
certs:
use_k8s_cm: false
#trusted_certs:
#- name: idp
# pem_b64: SDFGSDFGHDFHSDFGSDGSDFGDS
monitoring:
prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s
oidc:
client_id: b1a6ade5-249exxxxx.xxxxxx.xxxxxx.xxxx
auth_url: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url: https://login.microsoftonline.com/common/oauth2/v2.0/token
user_in_idtoken: false
userinfo_url: https://graph.microsoft.com/oidc/userinfo
domain: ""
scopes: openid email profile groups
claims:
sub: sub
email: email
given_name: given_name
family_name: family_name
display_name: name
groups: groups
impersonation:
use_jetstack: false
jetstack_oidc_proxy_image: quay.io/jetstack/kube-oidc-proxy:v0.3.0
explicit_certificate_trust: true
ca_secret_name: ou-tls-secret
network_policies:
enabled: false
ingress:
enabled: true
labels:
app.kubernetes.io/name: ingress-nginx
monitoring:
enabled: true
labels:
app.kubernetes.io/name: monitoring
apiserver:
enabled: false
labels:
app.kubernetes.io/name: kube-system
services:
enable_tokenrequest: false
token_request_audience: api
token_request_expiration_seconds: 600
node_selectors: []
pullSecret: ""
openunison:
replicas: 1
non_secret_data: {}
secrets: []
after running helm nothing happens and operator pod displays log.
nto_ks":"keypair"},{"create_data":{"server_name":"kubernetes-dashboard.kubernetes-dashboard.svc","subject_alternative_names":[],"secret_info":{"key_name":"dashboard.key","cert_name":"dashboard.crt","type_of_secret":"Opaque"},"ca_cert":true,"delete_pods_labels":["k8s-app=kubernetes-dashboard"],"sign_by_k8s_ca":false,"key_size":2048,"target_namespace":"kubernetes-dashboard"},"replace_if_exists":true,"name":"kubernetes-dashboard","tls_secret_name":"kubernetes-dashboard-certs","import_into_ks":"certificate"},{"create_data":{"server_name":"unison-saml2-rp-sig","subject_alternative_names":[],"ca_cert":true,"sign_by_k8s_ca":false,"key_size":2048},"name":"unison-saml2-rp-sig","import_into_ks":"keypair"}]}},"enable_activemq":false,"dest_secret":"orchestra","secret_data":["K8S_DB_SECRET","unisonKeystorePassword","OIDC_CLIENT_SECRET"]}}}
java.lang.IllegalArgumentException: Last unit does not have enough valid bits
at java.util.Base64$Decoder.decode0(Base64.java:734)
at java.util.Base64$Decoder.decode(Base64.java:526)
at java.util.Base64$Decoder.decode(Base64.java:549)
at com.tremolosecurity.kubernetes.artifacts.util.CertUtils.pem2certs(CertUtils.java:394)
at com.tremolosecurity.kubernetes.artifacts.util.CertUtils.importCertificate(CertUtils.java:370)
at jdk.nashorn.internal.scripts.Script$Recompilation$120$18882A$\^eval\_.generate_openunison_secret(<eval>:553)
at jdk.nashorn.internal.scripts.Script$Recompilation$119$52A$\^eval\_.on_watch(<eval>:10)
at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:639)
at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
at jdk.nashorn.api.scripting.ScriptObjectMirror.callMember(ScriptObjectMirror.java:199)
at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:386)
at jdk.nashorn.api.scripting.NashornScriptEngine.invokeFunction(NashornScriptEngine.java:190)
at com.tremolosecurity.kubernetes.artifacts.util.K8sWatcher.processEvent(K8sWatcher.java:331)
at com.tremolosecurity.kubernetes.artifacts.util.K8sWatcher.watchUri(K8sWatcher.java:153)
at com.tremolosecurity.kubernetes.artifacts.run.RunWatch.run(RunWatch.java:38)
at java.lang.Thread.run(Thread.java:748)
{code=200, data={"apiVersion":"openunison.tremolo.io/v4","kind":"OpenUnison","metadata":{"annotations":{"meta.helm.sh/release-name":"orchestra","meta.helm.sh/release-namespace":"openunison"},"creationTimestamp":"2021-04-21T10:10:48Z","generation":1,"labels":{"app.kubernetes.io/managed-by":"Helm"},"managedFields":[{"apiVersion":"openunison.tremolo.io/v4","fieldsType":"FieldsV1","fieldsV1":{"f:status":{".":{},"f:conditions":{".":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"f:digest":{}}},"manager":"Apache-HttpClient","operation":"Update","time":"2021-04-21T10:10:48Z"},{"apiVersion":"openunison.tremolo.io/v4","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:meta.helm.sh/release-name":{},"f:meta.helm.sh/release-namespace":{}},"f:labels":{".":{},"f:app.kubernetes.io/managed-by":{}}},"f:spec":{".":{},"f:deployment_data":{".":{}
Is this a bug or i am wrong as per instructions.