Open ericchiang opened 7 years ago
+1
We use Dex to front a few applications and we back it with AWS SSO. AWS SSO provides a user portal, which then has links to all the apps you have access to. When we grant access to Dex, they get a link to it, and when they click on it, it goes to Dex which just returns a 404. Suffice to say, we get questions about this often because people don't realize they have to navigate to apps X and Y in order to initiate anything and that Dex doesn't do anything on its own.
This is my current solution for our Kubernetes based deployment (using Kustomize). It's nothing fancy, and requires an additional pod, but better than a 404:
kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- deployment.yaml
- service.yaml
patches:
- target:
kind: Ingress
name: dex
patch: |-
- op: add
path: /spec/rules/0/http/paths/-
value:
pathType: Exact
path: '/'
backend:
service:
name: landing-page
port:
name: http
configMapGenerator:
- name: landing-page-app
files:
- files/main.js
deployment.yaml
:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: landing-page
labels:
k8s-app: landing-page
spec:
selector:
matchLabels:
k8s-app: landing-page
template:
metadata:
labels:
k8s-app: landing-page
spec:
containers:
- name: landing-page
image: node:16-alpine
command:
- node
- /app/main.js
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 3
periodSeconds: 3
volumeMounts:
- name: landing-page-app
mountPath: /app
volumes:
- name: landing-page-app
configMap:
name: landing-page-app
service.yaml
:
---
apiVersion: v1
kind: Service
metadata:
name: landing-page
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: http
selector:
k8s-app: landing-page
main.js
:
const http = require('http');
const page = `
<html>
<body>
At least this is not a 404?
</body>
</html>
`;
const requestListener = function (req, res) {
res.writeHead(200);
res.end(page);
}
const server = http.createServer(requestListener);
server.listen(8080);
Right now we 404 which is a bad UX for users of dex. Maybe we could provide a default redirect?