starlingx/oidc-auth-armada-app
Code Issues Proposed changes

Support for https in OIDC client

Browse Source 
Changed OIDC client to use HTTPS by default.
OIDC client uses the same TLS certificate as DEX.

Story: 2006711
Task: 38166

Change-Id: I347e9da3380519c89ca3138da3e2a69a47a6db94
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
This commit is contained in:
Teresa Ho 2020-02-20 11:39:46 -05:00
parent b1c018a79a
commit d11d23199d
4 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
stx-oidc-auth-helm/stx-oidc-auth-helm/helm-charts/oidc-client/templates/deployment.yaml
View File

@ -37,15 +37,19 @@ spec:
httpGet: httpGet:
path: / path: /
port: http port: http
scheme: HTTPS
readinessProbe: readinessProbe:
httpGet: httpGet:
path: / path: /
port: http port: http
scheme: HTTPS
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
volumeMounts: volumeMounts:
- mountPath: "/home" - mountPath: "/home"
name: dex-client-secret-volume name: dex-client-secret-volume
- mountPath: /etc/dex/tls/https/server
name: https-tls
- name: config - name: config
subPath: config.yaml subPath: config.yaml
mountPath: /app/config.yaml mountPath: /app/config.yaml
@ -65,6 +69,9 @@ spec:
- name: dex-client-secret-volume - name: dex-client-secret-volume
secret: secret:
secretName: dex-client-secret secretName: dex-client-secret
- name: https-tls
secret:
secretName: local-dex.tls
- name: config - name: config
configMap: configMap:
name: stx-oidc-client name: stx-oidc-client

4
stx-oidc-auth-helm/stx-oidc-auth-helm/helm-charts/oidc-client/values.yaml
View File

@ -28,8 +28,8 @@ config:
client_secret: St8rlingX client_secret: St8rlingX
issuer: https://10.10.10.3:30556/dex issuer: https://10.10.10.3:30556/dex
issuer_root_ca: /home/dex-ca.pem issuer_root_ca: /home/dex-ca.pem
listen: http://0.0.0.0:5555 listen: https://0.0.0.0:5555
redirect_uri: http://10.10.10.3:30555/callback redirect_uri: https://10.10.10.3:30555/callback
ingress: ingress:
enabled: false enabled: false

4
stx-oidc-auth-helm/stx-oidc-auth-helm/manifests/manifest.yaml
View File

@ -76,7 +76,9 @@ data:
values: values:
config: config:
issuer_root_ca: /home/dex-ca.pem issuer_root_ca: /home/dex-ca.pem
listen: http://0.0.0.0:5555 listen: https://0.0.0.0:5555
tlsCert: /etc/dex/tls/https/server/tls.crt
tlsKey: /etc/dex/tls/https/server/tls.key
nodeSelector: nodeSelector:
node-role.kubernetes.io/master: "" node-role.kubernetes.io/master: ""
service: service:

2
stx-oidc-client/centos/docker/main.go
View File

@ -207,6 +207,8 @@ var rootCmd = &cobra.Command{
config.issuerURL = viper.GetString("issuer") config.issuerURL = viper.GetString("issuer")
config.listen = viper.GetString("listen") config.listen = viper.GetString("listen")
config.rootCAs = viper.GetString("issuer_root_ca") config.rootCAs = viper.GetString("issuer_root_ca")
config.tlsCert = viper.GetString("tlsCert")
config.tlsKey = viper.GetString("tlsKey")
config.a.clientID = viper.GetString("client_id") config.a.clientID = viper.GetString("client_id")
config.a.clientSecret = viper.GetString("client_secret") config.a.clientSecret = viper.GetString("client_secret")
config.a.redirectURI = viper.GetString("redirect_uri") config.a.redirectURI = viper.GetString("redirect_uri")