starlingx/oidc-auth-armada-app
Code Issues Proposed changes

Add support to edit telemetry nodePort

Browse Source 
Users need a way to specify telemetry nodePorts as there's a chance
the randomly picked port will collide with nodePorts statically
configured for other applications.

Test Plan:

PASS: Deploy a SX using a stx.9.0 master ISO.
PASS: Build oidc-auth-apps-24.09-61.tgz tarball with the change.
PASS: Copy the new tarball to the SX using scp command.
PASS: Update the oidc-auth-apps with the command:
      system application-update oidc-auth-apps-24.09-61.tgz.
      Update should be successful.
PASS: According oidc configuration guide https://docs.starlingx.io
      /r/stx.5.0/security/kubernetes
      /configure-oidc-auth-applications.html,
      the oidc-auth-apps should be applied successfully. Since I
      didn't inform the telemetry nodePort value yet, the value
      should be random in this case, confirming that the original
      behavior still works.
PASS: Check the nodePorts with the commands:
      $ kubectl -n kube-system get svc oidc-dex
      or
      $ kubectl -n kube-system get service oidc-dex -o yaml
      Save the nodePorts value for telemetry as reference, we're
      going to specify a new one.
PASS: To set a different nodePort for telemetry, add the
      following block to the dex-overrides.yaml file created during
      the oidc configuration guide:

service:
  ports:
    telemetry:
      nodePort: 30259

PASS: Once dex-overrides.yaml has been updated, remove the
      oidc-auth-apps, apply the new dex overrides and apply the
      oidc-auth-apps again, the oidc-auth-apps should be applied
      successfully.
PASS: The telemetry nodePort should be 30259.
PASS: The default port for telemetry value is 5558, but this change
      also gives the possibility to the user change this port as
      well, adding the port into dex-override.yaml like following:

service:
  ports:
    telemetry:
      nodePort: 30259
      port: 5559

      apply the oidc again and the telemetry.port value should be
      updated as well.

$ kubectl -n kube-system get svc oidc-dex
NAME     ...  PORT(S)                                        AGE
oidc-dex ...  5556:31377/TCP,5554:30556/TCP,5559:30259/TCP   2m1s

PASS: Perform oidc-auth-apps test by creating a user, apply
      rolebiding and authenticate it using oidc-auth command, check
      if the new user can send k8s commands based on its roles.

Closes-Bug: 2089586

Change-Id: I43771c560e9c7d996cd1cab9887d3d2ca6fa2513
Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>
This commit is contained in:
Joaci Morais 2024-11-22 09:26:08 -03:00
parent b78a185adc
commit 7b954edc5e
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
helm-charts/upstream/dexidp-helm/debian/deb_folder/patches/0001-Add-support-to-edit-telemetry-nodePort.patch Normal file
View File

@ -0,0 +1,52 @@
From 1473973fcc57fd24490a4e5ea5832b1faff9a4a0 Mon Sep 17 00:00:00 2001
From: Joaci Morais <Joaci.deMorais@windriver.com>
Date: Fri, 22 Nov 2024 17:04:27 -0300
Subject: [PATCH] Add support to edit telemetry nodePort
User requested to change the nodePort for telemetry service, in case
this port conflicts with any user application ports. This patch is
needed to support changes in nodePort parameter through overrides.
Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>
---
templates/service.yaml | 5 ++++-
values.yaml | 7 +++++++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/templates/service.yaml b/templates/service.yaml
index 8114e8d..58c7b92 100644
--- a/templates/service.yaml
+++ b/templates/service.yaml
@@ -49,7 +49,10 @@ spec:
{{- end }}
{{- end }}
- name: telemetry
- port: 5558
+ port: {{ .Values.service.ports.telemetry.port }}
+ {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.ports.telemetry.nodePort }}
+ nodePort: {{ .Values.service.ports.telemetry.nodePort }}
+ {{- end }}
targetPort: telemetry
protocol: TCP
{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion }}
diff --git a/values.yaml b/values.yaml
index 7452791..638d674 100644
--- a/values.yaml
+++ b/values.yaml
@@ -184,6 +184,13 @@ service:
# -- (int) gRPC node port (when applicable)
nodePort:
+ telemetry:
+ # -- telemetry service port
+ port: 5558
+
+ # -- (int) telemetry node port (when applicable)
+ nodePort:
+
ingress:
# -- Enable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/).
enabled: false
--
2.34.1

1
helm-charts/upstream/dexidp-helm/debian/deb_folder/patches/series
View File

@ -1,2 +1,3 @@
0001-Create-new-config-value-extraStaticClients.patch
0001-Added-support-to-tweak-liveness-Probe.patch
0001-Add-support-to-edit-telemetry-nodePort.patch