Build Dex image with IPv6 patch

The default Dex image does not support a kubernetes cluster with IPv6. The cluster network address is not wrapped in square brackets, which fails when the dex container tries to create custom resources. This commit builds our own dex image while we are trying to get the fix upstreamed. Story: 2006711 Task: 38610 Change-Id: I9193dde6d4260f3c9b5fa12224810f1de0aa53df Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2020-02-03 12:49:25 -05:00 · 2020-02-03 12:49:25 -05:00 · 5d6701bdf2
commit 5d6701bdf2
parent a63597fc03
3 changed files with 42 additions and 0 deletions
--- a/centos_stable_docker_images.inc
+++ b/centos_stable_docker_images.inc
@ -1 +1,2 @@
 stx-oidc-client
+dex
--- a/dex/centos/dex.stable_docker_image
+++ b/dex/centos/dex.stable_docker_image
@ -0,0 +1,5 @@
+BUILDER=docker
+LABEL=dex
+DOCKER_REPO=https://github.com/dexidp/dex.git
+DOCKER_REF=f1581ff873a200cf9dd01bf261e056267d57b991 # SHA for v2.14.0, as of Jan 21, 2020
+DOCKER_PATCHES="docker_patches/0001-Wrap-Kubernetes-host-address-in-square-brackets.patch"
--- a/dex/centos/docker_patches/0001-Wrap-Kubernetes-host-address-in-square-brackets.patch
+++ b/dex/centos/docker_patches/0001-Wrap-Kubernetes-host-address-in-square-brackets.patch
@ -0,0 +1,36 @@
+From a084a721f2485e4eba81fe50e52fd3f3932024fa Mon Sep 17 00:00:00 2001
+From: Jerry Sun <jerry.sun@windriver.com>
+Date: Fri, 24 Jan 2020 09:13:40 -0500
+Subject: [PATCH 1/1] Wrap Kubernetes host address in square brackets
+
+When constructing the host address string, the address is
+not wrapped in square brackets. This does not work in IPv6
+Kubernetes deployments. This commit adds square brackets
+around the address. IPv4 was also tested to ensure it works
+with wrapped address.
+
+Story: 2006711
+Task: 38610
+
+Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
+---
+ storage/kubernetes/client.go | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go
+index cb7fd28..f16bc77 100644
+--- a/storage/kubernetes/client.go
+++ b/storage/kubernetes/client.go
+@@ -419,6 +419,9 @@ func inClusterConfig() (cluster k8sapi.Cluster, user k8sapi.AuthInfo, namespace
+ 		err = fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
+ 		return
+ 	}
+	// we need to wrap IPv6 addresses in square brackets
+	// IPv4 also works with square brackets
+        host = "[" + host + "]"
+ 	cluster = k8sapi.Cluster{
+ 		Server:               "https://" + host + ":" + port,
+ 		CertificateAuthority: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+-- 
+2.7.4
+