search

jetstack / kube-oidc-proxy

Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
https://jetstack.io
Apache License 2.0
477 stars 91 forks source link

Dev cluster deploy improvments #133

Closed JoshVanL closed 4 years ago

JoshVanL commented 4 years ago

This PR improves dev_cluster_deploy by re-building the images at every run.

This also optionally allows you to deploy the fake-apiserver so you can easily inspect what headers and request body is being sent across.

This adds some docs for how to use these commands.

/assign @simonswine

munnerz commented 4 years ago

/cc

JoshVanL commented 4 years ago

/unassign @simonswine /assign @munnerz

jetstack-bot commented 4 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoshVanL, munnerz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/jetstack/kube-oidc-proxy/blob/master/OWNERS)~~ [JoshVanL] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
munnerz commented 4 years ago

/lgtm

On Tue, 17 Mar 2020 at 19:41, Josh Van Leeuwen notifications@github.com wrote:

@JoshVanL commented on this pull request.

In docs/tasks/development-testing.md https://github.com/jetstack/kube-oidc-proxy/pull/133#discussion_r393925201 :

+ +This will build the proxy and other tooling from source,build the images, and +load them onto each node. This will then deploy the proxy alongside a fake OIDC +issuer so that the proxy is fully functional. The proxy will then be reachable +from a node port service in the cluster. + + +bash +make dev_cluster_deploy + + +This command will output a signed OIDC token that is valid for the proxy. You +can then make calls to the proxy, like the following: + +```bash +curl -k https://172.17.0.2:30226 -H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.ewoJImlzcyI6Imh0dHBzOi8vb2lkYy1pc3N1ZXItZTJlLmt1YmUtb2lkYy1wcm94eS1lMmUtNmhiNGcuc3ZjLmNsdXN0ZXIubG9jYWw6NjQ0MyIsCgkiYXVkIjpbImt1YmUtb2lkYy1wcm94eS1lMmUtY2xpZW50LWlkIiwiYXVkLTIiXSwKCSJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLAoJImdyb3VwcyI6WyJncm91cC0xIiwiZ3JvdXAtMiJdLAoJImV4cCI6MTU4MjU1NTYzMQoJfQ.qWCM5zUHGslmwbgyZnMjhVeCLJd3R3c7xjtatjT_pv1VY-PpJ8IGBsbcCpur1fAm2CAbr0juM3yzwV1S3TUjhNhE8Wo6rxjA2Flnmwj7Nn2Got6T_cMFHQ_3A6YC72qkMwH-7SvXFB-C5Bk96vi9-clrxJ_b1XjfMPViZEVCJphh9HVzrZ5DPOAR0PDl-qnVys_CRkF0NEwEvAZL5SFumBqjtLBI9XUlWbB6VTljPOExL1zkv8NevZF8DxVsYFaW9HOYH8vNgC07kj_oUVkmAjP-2tVngcBKka0IBmuz2r-RfWNy9VJ-yb19AbtJNw6fjASy7O6VifuH4ZpjP5JSIg'

Thanks @munnerz https://github.com/munnerz :)

I think I will follow up with a PR to fix up the port-forward issue. It is obviously a bug and needs to be dealt with but since lots of other stuff is waiting on this I think it makes sense to get this all through and follow up after. I'll open up an issue.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/jetstack/kube-oidc-proxy/pull/133#discussion_r393925201, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABRWPY2SLSE653TVONFWD3RH7G6PANCNFSM4KZSIYEA .

JoshVanL commented 4 years ago

/hold

JoshVanL commented 4 years ago

/lgtm cancel

JoshVanL commented 4 years ago

Should be good now :sweat_smile: Too quick @munnerz !

JoshVanL commented 4 years ago

/hold cancel

munnerz commented 4 years ago

/lgtm

JoshVanL commented 4 years ago

Better now @munnerz

munnerz commented 4 years ago

/lgtm

On Tue, 17 Mar 2020 at 19:56, Josh Van Leeuwen notifications@github.com wrote:

Better now @munnerz https://github.com/munnerz

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jetstack/kube-oidc-proxy/pull/133#issuecomment-600267995, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABRWP5HV5243B5HDLWPS2LRH7IYDANCNFSM4KZSIYEA .