Unable to load dex certificates

[afoninsky]

I'm getting error when try to install sso-operator. Pod fails with error "failed to crate dex client: failed to load the CA cert from '/etc/dex/tls/tls.crt'".

Looks like there is a hard requirement about number of public certificates: https://github.com/jenkins-x/sso-operator/blob/5da43d3f701385be7d545ec0f654166683dea62b/pkg/dex/client.go#L39

Is it correct, or I do something wrong?

---

Steps to reproduce: 1) Have latest dex installed from the charts:

# helm upgrade dex stable/dex --namespace default --install

2) Install latest sso-operator:

# helm upgrade sso-operator ./sso-operator/charts/sso-operator --namespace default --install -f sso-operator.yml

sso-operator.yml:

dex:
  grpcHost: dex.default
  certs:
    grpc:
      client:
        secretName: dex-grpc-client-tls

Default secret name is dex-grpc-client-cert, but I've change it as stable/dex chart installs secret with name dex-grpc-client-tls

Full sso-operator chart output for debug purposes: https://gist.github.com/afoninsky/8d881f994acff562d6db9484a79c96b7 Failed certificate: https://gist.github.com/afoninsky/51aa6eb1b070dcdd585f69523d9b2a64

[ccojocar]

Do you have the cert-manager installed? The gRPC certs are issued by cert-manager.

We are using a forked version of dex because of a missing gRPC API, which it was recently merged into upstream dex, but I never tried.

You can try with this version of dex chart https://github.com/jenkins-x/dex/tree/master/charts/dex which has integration with cert-manager.

[ccojocar]

@afoninsky Do you need more help? Can I close this issue?