Add Dex for Sub-Cluster Authentication

[lb4368]

Problem description Need to provide a Dex OIDC provider pod during a sub-cluster deployment in order to be able to configure authentication and authorization within each sub-cluster.

Previous design had the SIP operator delivering Dex as a infrastructure service as a SIP CR was applied. Since Dex deployment does not rely on any of SIP scheduling results and can leverage manifest functions defined for delivering Dex for the target cluster, it may be simpler to deliver Dex per sub-cluster directly via manifests during the same phase that the SIP CR is delivered for providing sub-cluster infrastructure. This also decouples Dex as the authentication provider for the sub-clusters.

Proposed change Leverage manifest functions created as part of #19 to deliver a Dex service to the target cluster on a specified NodePort as part of each sub-cluster deployment.

The deployment of Dex will need to allow for specifying configuration of Dex for the associated sub-cluster including:

• The NodePort on the target cluster where the sub-cluster auth service will be exposed for HTTPS access
• The LDAP back-end info (URL, credentials, search attributes, etc.)
• Sub-cluster information needed to enable authentication (CA cert/key, API server port, VIP address(es), FQDN(s), etc.)
• Dex pod replica count (this can be set by patching the HelmRelease document if the default needs to be overridden)

[SaurabhArora86]

Please assign it to me, I can take it up.

[SaurabhArora86]

Based on discussion, have created patchset https://review.opendev.org/c/airship/treasuremap/+/790420

[SaurabhArora86]

Patchset for Dex replica https://review.opendev.org/c/airship/treasuremap/+/790964

[SaurabhArora86]

As per discussion, since we don't need to change replica for dex necessarily and in case it is required, it could be handled via kustomize patch. Abandoned the patchset for replica changes https://review.opendev.org/c/airship/treasuremap/+/790964

For subcluster related changes, updated the patchset https://review.opendev.org/c/airship/treasuremap/+/790420/ and would create a different patchset for dex function related changes which is WIP

[SaurabhArora86]

Based on review comments, below patchsets are ready for view https://review.opendev.org/c/airship/airshipctl/+/792316 https://review.opendev.org/c/airship/treasuremap/+/791931 Note: https://review.opendev.org/c/airship/treasuremap/+/791931 depends on https://review.opendev.org/c/airship/airshipctl/+/792316 to work

[SaurabhArora86]

Patchset https://review.opendev.org/c/airship/treasuremap/+/790420 has all treasuremap changes for Dex for sub-cluster.

[SaurabhArora86]

All the below patchsets belonging to this US is merged. https://review.opendev.org/c/airship/treasuremap/+/790420 https://review.opendev.org/c/airship/airshipctl/+/792316 https://review.opendev.org/c/airship/treasuremap/+/791931

[eak13]

Closing per above patchset merges