From 600dd72c0832ef04efa23924f64118f77f5beb27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20M=C5=9Bcichowski?= Date: Thu, 10 Oct 2019 08:03:11 +0200 Subject: [PATCH] Dex static connector override (#5955) * Make static connector configurable * Fix indent --- docs/security/08-03-add-connector.md | 18 +++++++++--------- resources/dex/templates/dex-config-map.yaml | 3 ++- resources/dex/templates/dex-deployment.yaml | 13 +++++++++++-- resources/dex/templates/dex-rbac-role.yaml | 2 ++ resources/dex/values.yaml | 1 + 5 files changed, 25 insertions(+), 12 deletions(-) diff --git a/docs/security/08-03-add-connector.md b/docs/security/08-03-add-connector.md index 1767859d8d87..c9f76355f792 100644 --- a/docs/security/08-03-add-connector.md +++ b/docs/security/08-03-add-connector.md @@ -33,15 +33,15 @@ metadata: kyma-project.io/installation: "" data: connectors: |- - - type: github - id: github - name: GitHub - config: - clientID: {GITHUB_CLIENT_ID} - clientSecret: {GITHUB_CLIENT_SECRET} - redirectURI: https://dex.{{ .Values.global.domainName }}/callback - orgs: - - name: {GITHUB_ORGANIZATION} + - type: github + id: github + name: GitHub + config: + clientID: {GITHUB_CLIENT_ID} + clientSecret: {GITHUB_CLIENT_SECRET} + redirectURI: https://dex.{{ .Values.global.domainName }}/callback + orgs: + - name: {GITHUB_ORGANIZATION} EOF ``` diff --git a/resources/dex/templates/dex-config-map.yaml b/resources/dex/templates/dex-config-map.yaml index d17cc3d7b0e8..b4915ff62577 100644 --- a/resources/dex/templates/dex-config-map.yaml +++ b/resources/dex/templates/dex-config-map.yaml @@ -39,6 +39,7 @@ data: {{- with .Values.oidc.staticClientsExtra }} {{- tpl . $ | nindent 4 }} {{- end }} - + {{ if .Values.dex.useStaticConnector }} enablePasswordDB: true #__STATIC_PASSWORDS__ + {{ end }} diff --git a/resources/dex/templates/dex-deployment.yaml b/resources/dex/templates/dex-deployment.yaml index 39069d0f197a..81a158dbf4cf 100644 --- a/resources/dex/templates/dex-deployment.yaml +++ b/resources/dex/templates/dex-deployment.yaml @@ -32,14 +32,13 @@ spec: ports: - name: http containerPort: {{ .Values.containerPort }} - volumeMounts: - name: config mountPath: /etc/dex/cfg {{- with .Values.volumeMountsExtra }} {{- tpl . $ | nindent 8 }} {{- end }} - + {{ if .Values.dex.useStaticConnector }} initContainers: - name: dex-users-configurator image: {{ .Values.global.containerRegistry.path }}/{{ .Values.global.dex_static_user_configurer.dir }}dex-static-user-configurer:{{ .Values.global.dex_static_user_configurer.version }} @@ -58,6 +57,16 @@ spec: path: config.yaml - name: config emptyDir: {} + {{ else }} + volumes: + - name: config + configMap: + name: dex-config + items: + - key: config.yaml + path: config.yaml + {{ end }} {{- with .Values.volumesExtra }} {{- tpl . $ | nindent 6 }} {{- end }} + diff --git a/resources/dex/templates/dex-rbac-role.yaml b/resources/dex/templates/dex-rbac-role.yaml index 7483a958c025..c54702c3c6aa 100644 --- a/resources/dex/templates/dex-rbac-role.yaml +++ b/resources/dex/templates/dex-rbac-role.yaml @@ -15,9 +15,11 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create"] + {{ if .Values.dex.useStaticConnector }} - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] + {{ end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/resources/dex/values.yaml b/resources/dex/values.yaml index efd08da5e79f..6e74725f1b8a 100644 --- a/resources/dex/values.yaml +++ b/resources/dex/values.yaml @@ -53,6 +53,7 @@ dex: expiry: signingKeys: "720h" idTokens: "8h" + useStaticConnector: true resources: limits: