Closed richard-cox closed 10 months ago
I had a think, from memory helm managed resources aren't something that the user should be manually changing. We show a warning in the rancher ui for resources managed by helm saying something similar. So I'm guessing any changes made by the user will get overwritten on upgrade.
Helm upgrade after appending --set rancher.url=https://rancher.somewhere.io
produces following new entries.
--- dex-config.yaml 2023-10-23 17:01:21.850655068 +0200
+++ dex-config-rancher.yaml 2023-10-23 17:01:36.402797082 +0200
@@ -1,4 +1,6 @@
issuer: "https://auth.1.2.3.4.nip.io"
+web:
+ allowedOrigins: ['https://rancher.somewhere.io']
storage:
type: kubernetes
config:
@@ -24,6 +26,7 @@
trustedPeers:
- epinio-cli
- epinio-ui
+ - rancher-dashboard
- id: epinio-cli
name: 'Epinio cli'
public: true
@@ -33,3 +36,8 @@
# Shouldn't be public, https://dexidp.io/docs/custom-scopes-claims-clients/#public-clients
redirectURIs:
- "https://epinio.1.2.3.4.nip.io/auth/verify/"
+ - id: rancher-dashboard
+ name: 'Rancher Dashboard'
+ public: true
+ redirectURIs:
+ - "https://rancher.somewhere.io/epinio/auth/verify/"
The dex-config can be obtained by:
$ kubectl get secrets/dex-config -n epinio -o=go-template='{{index .data "config.yaml" | base64decode }}'
It works as expected and the dex-config
has the same fields related to rancher-dashboard
as in report above. Also questions.yml
modification is working properly (@mmartin24 the CORS input field has been removed completely ~moved from General settings
under a new Rancher
section~):
@richard-cox But today I found out that when the chart is installed over rancher:v2.8.0-rc3, there is already value global.cattle.url
value automagically set by rancher so maybe we could just reuse the value and remove rancher.url
completely, wdyt?
OK - deployed in rancher - the CORS field not present anymore - the secret data modified @thehejik Just to confirm... in this test case the
ACCESS_CONTROL_ALLOW_ORIGIN
value in theepinio-server
Deployment is populated?
@thehejik Just to confirm... in this test case the
ACCESS_CONTROL_ALLOW_ORIGIN
value in theepinio-server
Deployment is populated?
@richard-cox yes, it is:
@andreas-kupries , @enrichman unless there are objections i'll merge this tomorrow AM
I will be very happy so see this merged! Thanks @richard-cox
rancher.url