airship
/
treasuremap
Code Issues Proposed changes
treasuremap/manifests/function/dex-aio
History
sb048x 3c4886aab2 Dex/API server and Catalogue Support for Subcluster 
This patchset includes the Catalogue and respective
Replacement transformers for the Dex/API server and
kustomization of values through patches.

It also includes:
 - Support for dex LDAP authentication
 - Moved Dex from provide-infra to controlplane

Note:
1. This patchset also fixes the current issue with wordpress where it
was not in sync with lma for catalogue (catalogues)
2. This patchset also doesn't call function k8scontrol-oidc replacements
rather subcluster-dex.yaml is created in
manifests/type/sub-cluster/controlplane/replacements/subcluster-dex.yaml
due to current localized yamls available at same path. This is a known
issue for which another patchset has to be created.

Relates-To: #136

Co-authored-by: sa069q <296.saurabh@gmail.com>

Change-Id: I6d14f6cc976d3f8a174e2d083425a970f59dcd92
 		2021-07-16 11:55:29 +05:30
..
replacements Dex/API server and Catalogue Support for Subcluster 2021-07-16 11:55:29 +05:30
README.md Treasuremap - Dex, API server & LDAP integration 2021-05-12 14:48:48 +00:00
dex-cert-issuer.yaml [uplift] - Uplift airshipctl to stable version 2021-06-24 18:31:24 +00:00
dex-helmrelease.yaml Merge "Rename Virtual Sites in Treasuremap" 2021-07-14 17:47:26 +00:00
kustomization.yaml [uplift] - Uplift airshipctl to stable version 2021-06-24 18:31:24 +00:00

README.md

DEX-AIO function

The DEX-AIO function implements the Dex Authentication service. It contains the HelmRelease manifest for dex-aio, which contains the LDAP connector customization as well as certificates to be used.

The certificate (Secret) used by dex-aio will be generated by the cert-manager, which will be signed by CA that is generated in the Ephemeral cluster and copied to the Target cluster during the airshipctl phase run clusterctl-move operation.

Before you can deploy this helm release, you will need to update the following:

      ldap:
        bind_password: "your LDAP bind password"
        config:
          host: "your LDAP FQDN"
          bind_dn: "your LDAP bind username"

Also, in the same helm release you will need to update the search criteria for the user and group based on your LDAP schema. See the attributes under spec.values.ldap to update below:

      user_search:
        base_dn: dc=testservices,dc=test,dc=com
        filter: "(objectClass=person)"
        username: cn
        idAttr: cn
        emailAttr: name
        nameAttr: name
      group_search:
        base_dn: ou=groups,dc=testservices,dc=test,dc=com
        filter: "(objectClass=group)"
        userMatchers:
          userAttr: name
          groupAttr: member
        nameAttr: name