Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup the Dex-to-Kubernetes API server integration #2010

Closed
Ebaneck opened this issue Nov 5, 2019 · 0 comments
Closed

Setup the Dex-to-Kubernetes API server integration #2010

Ebaneck opened this issue Nov 5, 2019 · 0 comments
Assignees
@Ebaneck
Labels
topic:authentication Anything related to user authentication
Milestone
MetalK8s 2.6.0

Comments

@Ebaneck
Copy link
Contributor

Ebaneck commented Nov 5, 2019
edited by gdemonet
Loading

Component:

'salt', 'kubernetes', 'containers', 'authentication'

Why this is needed:

The Kubernetes API server needs to be configured to communicate with Dex to support user authentication.

What should be done:

  • Setup the Kubernetes API server flags to integrate with Dex.
  • Ensure the CA certificate generated for Dex is available to the Kubernetes API server container.

Implementation proposal (strongly recommended):

  • Since we run Kubernetes API server as a container probably the easiest method is to use a hostPath volume to mount the CA file directly.

Test plan:

  • The Kubernetes API server should continue to work after these changes.

Epic iteration: #1988
@Ebaneck Ebaneck added moonshot topic:authentication Anything related to user authentication labels Nov 5, 2019
@Ebaneck Ebaneck added this to the MetalK8s 2.5.0 milestone Nov 5, 2019
@thomasdanan thomasdanan mentioned this issue Nov 6, 2019
Closed
7 tasks
Ebaneck added a commit that referenced this issue Nov 20, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
f82d8ee 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 20, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
5065555 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 20, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
abbc54f 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 20, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
d587efc 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 21, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
5d17e07 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 21, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
11a0b49 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 21, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
09fb4aa 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Ebaneck added a commit that referenced this issue Nov 22, 2019
@Ebaneck
Salt: Setup the Dex-to-Kubernetes API server integration
434259a 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
@Ebaneck Ebaneck closed this as completed Nov 22, 2019
ChengYanJin pushed a commit that referenced this issue Dec 17, 2019
@Ebaneck @ChengYanJin
Salt: Setup the Dex-to-Kubernetes API server integration
859be4e 
This commit adds the following:

Add configuration parameters to the APIserver manifest which is required
by Dex

Define a way to find the Ingress external IP required by Dex config flags

If a minion wants to reference the control-plane Ingress by its external
IP(in our case the Dex service), it needs to know the control-plane IP of
the bootstrap minion (as it is the one used by Salt master when creating the Service).

For posterity, we define a helper that should work even during
the initial boostrap.

Closes: #2010
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ebaneck Ebaneck

Labels
topic:authentication Anything related to user authentication
Projects
None yet
Milestone
MetalK8s 2.6.0
Development

No branches or pull requests
1 participant
@Ebaneck