search

AzBuilder / terrakube

Open source IaC Automation and Collaboration Software.
https://docs.terrakube.io
Apache License 2.0
520 stars 44 forks source link

dex config.yaml on init requires elevated privileges #794

Open castaway2000 opened 7 months ago

castaway2000 commented 7 months ago

Feedback

Hi i just spent the better part of my day troubleshooting dex in this deployment. i was getting the following:

error: cannot fork/exec command [gomplate -f /exec/dex/config.yaml -o /tmp/dex.config.yaml] {\"level\":\"error\",\"error\":\"template: /etc/dex/config.yaml:4: function \\"secrets\\" not defined\",\"time\":\"2024-04-04T23:54:00Z\"}\n"

i spent a ton of time thinking the secret was not being generated because of this error. No where in the documentation for deploying terrakube with dex does it mention permissions or this generated secret. after some digging i found the dex helm values and figured out how to translate them into terrakube-dex helm values. i eventually realized that it might be a permissions issue after a rabbit hole of dex tickets.

The solution to my problem was as follows:

add the following to the top of the "dex:" block:

  enabled: true
  podSecurityContext: {      
    allowPrivilegeEscalation: true
  }
  configSecret:
    create: true

Could we get some documentation for advanced dex integration and management with terrakube? i had to dig really deep to find these and extract them and then dig a little more -> https://github.com/AzBuilder/terrakube-helm-chart/tree/main/charts/terrakube/charts once i had these i had to do some work to map it back to your provided helm stuff. its also not in any of the values writeups you have provided for dex.

Thanks for your work on this project. its really cool.

alfespa17 commented 7 months ago

Hello @castaway2000, we have some small samples in the following link using some dex connectors.

https://github.com/AzBuilder/terrakube-helm-chart/tree/main/examples

There are a lot of different ways to setup DEX connectors depending on your configuration, for the helm chart we set like the basic to make it work.

If you have any suggestions for the helm chart, for the examples or the documentation feel free to send a pull request we appreciate all help for this project.

By the way this is the first time that I see the above error I guess it is related to some very specific configuration.

castaway2000 commented 7 months ago

I am mostly concerned about the error i encountered. it seems like it was not an issue with the basics but when i added Microsoft and make it for a production kubernetes the problem persisted. with minikube testing on the defaults it never encountered this error. it would be a nice blurb to have this in the docs about permissions regarding productionizing dex.