search

jetstack / kube-oidc-proxy

Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
https://jetstack.io
Apache License 2.0
478 stars 92 forks source link

New Helm Chart available #209

Open sspreitzer opened 1 year ago

sspreitzer commented 1 year ago

Hi

I just create a new Helm Chart based on tremolosecurity/kube-oidc-proxy, as this project and Helm Chart seem to have come to a halt.

gecube commented 3 months ago

@sspreitzer thank you very much as this one is looking deprecated.

gecube commented 3 months ago

@sspreitzer @mlbiam Hi! Could you highlight what are the differences between https://github.com/TremoloSecurity/kube-oidc-proxy/tree/master/deploy/charts/kube-oidc-proxy and https://github.com/sspreitzer/helm-kube-oidc-proxy

I would be glad to have one place to develop helm chart, report issues and make PR. For instance, I found that the current certificate generation is not ideal as https://github.com/headlamp-k8s/headlamp complains that 

2024/04/09 10:46:57 http: proxy error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
2024/04/09 10:47:01 http: proxy error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
2024/04/09 10:47:02 http: proxy error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
2024/04/09 10:47:07 http: proxy error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead

So I switched to generation with cert-manager - it's simple and convenient and can be tuned to different usecases. Otherwise it could be nice to give an user option to provide it's own certificates and secret name containing them. It's just the most obvious enhancement that we can elaborate on.

sspreitzer commented 3 months ago

@gecube In Open Source there can always be multiple projects and forks with the same name at different places. The way I decide which one to follow is by latest contribution and number of contributions or contributors.

I have no affiliation or insight to the helm charts at TremoloSecurity or headlamp. However I can help you with the helm chart at https://github.com/sspreitzer/helm-kube-oidc-proxy.

gecube commented 3 months ago

@sspreitzer thanks for the swift reply! I know how opensource works but it creates the fragmentation and multiple teams implement the same things. I could post you a comprehensive description of issue to https://github.com/sspreitzer/helm-kube-oidc-proxy but unfortunately only PRs are enabled.

Screenshot 2024-04-10 at 09 37 24
gecube commented 3 months ago

and BTW the link on the right is leading to nowhere

Screenshot 2024-04-10 at 09 38 20
sspreitzer commented 3 months ago

and BTW the link on the right is leading to nowhere

Screenshot 2024-04-10 at 09 38 20

I noticed this as well. I am currently teaching scuba diving in the tropics and it seems that some automatic GitLab update has failed. I am working on that now.

sspreitzer commented 3 months ago

I noticed this as well. I am currently teaching scuba diving in the tropics and it seems that some automatic GitLab update has failed. I am working on that now.

The link should work now. Please open an issue in that GitLab, Thank you.

gecube commented 3 months ago

The same :-(

Screenshot 2024-04-12 at 08 59 30

I'd prefer to collaborate on stable cloud platform like SaaS github.com and / or gitlab.com if it's possible ofk.

sspreitzer commented 3 months ago

@gecube Seems as if my hosting has some issue I should resolve when coming back from Thailand. I have enabled issues and discussions on the GitHub mirror. Feel free to drop an issue. Please excuse the inconveniences.