starlingx/oidc-auth-armada-app
Code Issues Proposed changes
oidc-auth-armada-app/helm-charts
History
Joaci Morais 7b954edc5e Add support to edit telemetry nodePort 
Users need a way to specify telemetry nodePorts as there's a chance
the randomly picked port will collide with nodePorts statically
configured for other applications.

Test Plan:

PASS: Deploy a SX using a stx.9.0 master ISO.
PASS: Build oidc-auth-apps-24.09-61.tgz tarball with the change.
PASS: Copy the new tarball to the SX using scp command.
PASS: Update the oidc-auth-apps with the command:
      system application-update oidc-auth-apps-24.09-61.tgz.
      Update should be successful.
PASS: According oidc configuration guide https://docs.starlingx.io
      /r/stx.5.0/security/kubernetes
      /configure-oidc-auth-applications.html,
      the oidc-auth-apps should be applied successfully. Since I
      didn't inform the telemetry nodePort value yet, the value
      should be random in this case, confirming that the original
      behavior still works.
PASS: Check the nodePorts with the commands:
      $ kubectl -n kube-system get svc oidc-dex
      or
      $ kubectl -n kube-system get service oidc-dex -o yaml
      Save the nodePorts value for telemetry as reference, we're
      going to specify a new one.
PASS: To set a different nodePort for telemetry, add the
      following block to the dex-overrides.yaml file created during
      the oidc configuration guide:

service:
  ports:
    telemetry:
      nodePort: 30259

PASS: Once dex-overrides.yaml has been updated, remove the
      oidc-auth-apps, apply the new dex overrides and apply the
      oidc-auth-apps again, the oidc-auth-apps should be applied
      successfully.
PASS: The telemetry nodePort should be 30259.
PASS: The default port for telemetry value is 5558, but this change
      also gives the possibility to the user change this port as
      well, adding the port into dex-override.yaml like following:

service:
  ports:
    telemetry:
      nodePort: 30259
      port: 5559

      apply the oidc again and the telemetry.port value should be
      updated as well.

$ kubectl -n kube-system get svc oidc-dex
NAME     ...  PORT(S)                                        AGE
oidc-dex ...  5556:31377/TCP,5554:30556/TCP,5559:30259/TCP   2m1s

PASS: Perform oidc-auth-apps test by creating a user, apply
      rolebiding and authenticate it using oidc-auth command, check
      if the new user can send k8s commands based on its roles.

Closes-Bug: 2089586

Change-Id: I43771c560e9c7d996cd1cab9887d3d2ca6fa2513
Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>
2024-11-26 13:10:05 -03:00
..
custom
Liveness tweak to avoid overload on cpu
2024-08-20 10:38:26 -03:00
upstream/dexidp-helm
Add support to edit telemetry nodePort
2024-11-26 13:10:05 -03:00