search

jetstack / kube-oidc-proxy

Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
https://jetstack.io
Apache License 2.0
478 stars 92 forks source link

Disable TLS check oidc.issuer-url #198

Closed zeusro closed 3 years ago

zeusro commented 3 years ago

I use kube-oidc-proxy to connect the dex server,which using a self-signed certificate . After it starts to run ,here is the log:

0:443: connect: no route to host
E0604 05:53:43.925331       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:53:53.925274       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:03.925501       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:13.923341       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:23.927359       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:33.925619       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host
E0604 05:54:43.925518       1 oidc.go:224] oidc authenticator: initializing plugin: Get "https://dex.mydomaincn/.well-known/openid-configuration": dial tcp 10.10.13.190:443: connect: no route to host

I have already checked about this project’s configuration and found nothing.

Is there an option to disable SSL check ?

saiharshitachava commented 3 years ago

Any update here I have the same issue

zeusro commented 3 years ago

Any update here I have the same issue

I have already fixed that.

Need to provide --oidc-ca-file=/etc/oidc/oidc-ca.pem while starting the oidc-proxy.

/etc/oidc/oidc-ca.pem is the valid CA pem file.

zeusro commented 3 years ago

It happens in the self-signed certificate situation.