2946a13806
1. Reflecting changes done in [1] to treasuremap. 2. Changing airshipctl ref to [1] 3. Making static validation work, since it was merged before [1] 4. Adding dex.ldap.bind_password to imported secrets 5. Adding dex.oidc.clientSecret to generated secrets 6. Due to the added new site - increasing the validation timeout 7. Adding replacement for [2] [1] https://review.opendev.org/c/airship/airshipctl/+/786286 [2] https://review.opendev.org/c/airship/treasuremap/+/788991 Relates-To: #128 Change-Id: I473ace3d7aae85ebe76b73253108c6f1b6ca6e95 |
||
|---|---|---|
| .. | ||
| replacements | ||
| README.md | ||
| dex-cert-issuer.yaml | ||
| dex-helmrelease.yaml | ||
| kustomization.yaml | ||
README.md
DEX-AIO function
The DEX-AIO function implements the Dex Authentication service. It contains the HelmRelease manifest for dex-aio, which contains the LDAP connector customization as well as certificates to be used.
The certificate (Secret) used by dex-aio will be generated by the cert-manager, which will be signed by CA that is generated in the Ephemeral cluster and copied to the Target cluster during the airshipctl phase run clusterctl-move operation.
Before you can deploy this helm release, you will need to update the following:
ldap:
bind_password: "your LDAP bind password"
config:
host: "your LDAP FQDN"
bind_dn: "your LDAP bind username"
Also, in the same helm release you will need to update the search criteria for the user and group based on your LDAP schema. See the attributes under spec.values.ldap to update below:
user_search:
base_dn: dc=testservices,dc=test,dc=com
filter: "(objectClass=person)"
username: cn
idAttr: cn
emailAttr: name
nameAttr: name
group_search:
base_dn: ou=groups,dc=testservices,dc=test,dc=com
filter: "(objectClass=group)"
userMatchers:
userAttr: name
groupAttr: member
nameAttr: name