sshiba
commented
3 years ago Assign it to me
Closed lb4368 closed 3 years ago
sshiba
commented
3 years ago Assign it to me
sshiba
commented
3 years ago This feature needs a deployable baremetal target cluster behind proxy to verify that updates to API server /OIDC flag works. I have not been able to deploy such cluster and it has been a challenge to getting it troubleshooted.
Note that other developers are experience same challenges.
sshiba
commented
3 years ago This capability was implemented in https://review.opendev.org/c/airship/treasuremap/+/791835, which required minor changes to the base dex-aio HelmRelease manifest.
sshiba
commented
3 years ago https://review.opendev.org/c/airship/treasuremap/+/791835 is ready for review. Just waiting for zuul to pass first.
sshiba
commented
3 years ago PS https://review.opendev.org/c/airship/treasuremap/+/791835 has been merged completing this issue.
Proposed change Document the procedure to create RoleBinding and/or ClusterRoleBinding using subject user group(s) existing in an LDAP back-end configured with a Dex deployment for a target cluster or sub-cluster. Demonstrate that a user authenticated via Dex will be bound to roles that correspond to user group in which the user is a member in LDAP.
Further analysis may indicate roles and binding that may later be created as part of site manifests possibly as part of workload phases for a cluster or sub-cluster.