search

Tanzu-Solutions-Engineering / tkg-lab

Day in the life of a TKG platform team.
140 stars 75 forks source link

Enables Dex trust of Let's Encrypt #119

Closed crdant closed 4 years ago

crdant commented 4 years ago

TL;DR

Updates Dex configurations so that deployed pods trust Let's Encrypt as a CA.

Details

Fixes #118, which describes a challenge I unearthed when using a custom URL (and thus certificate) for my Okta endpoint and issuer. My custom endpoint uses a Let's Encrypt certificate and the container image used by Dex does not include Let's Encrypt as a trusted CA. This change leverages the approach in #115 and the overlay created for #112 to assure that Dex trusts LE as a certificate issuer.

N.B. Depends on #115 being merged first, because it's based on that code.

doddatpivotal commented 4 years ago

@crdant I've tested with a clean run and things work fine. There was just one line in the generate-and-apply-dex-yaml.sh that I wasn't sure if it was necessary. Would you have a look?