Closed bjethwan closed 3 years ago
I am going from single k8s to multiple k8s clusters fronted by the same dex-k8s-authenticator deployment. All these k8s clusters are configured with the same openam client-id/client-secret.
It's not clear in the documentation if redirect_uri has to refer back to the cluster name in the config file. https://github.com/mintel/dex-k8s-authenticator/blob/master/docs/config.md
Would something like this work fine with multiple clusters?
data: config.yaml: |- listen: http://0.0.0.0:5555 web_path_prefix: / debug: true - name: sandbox description: sandbox short_description: sandbox issuer: https://openam.example.com:443/openam/oauth2/cspprodrealm client_id: k8s client_secret: super_secret redirect_uri: https://dex-k8s-authenticator.example.com/callback/sandbox k8s_master_uri: https://a.b.c.d clusters: - name: devint description: devint short_description: devint issuer: https://openam.example.com:443/openam/oauth2/cspprodrealm client_id: k8s client_secret: super_secret redirect_uri: https://dex-k8s-authenticator.example.com/callback/devint k8s_master_uri: https://e.f.g.h - name: staging description: staging short_description: staging issuer: https://openam.example.com:443/openam/oauth2/cspprodrealm client_id: k8s client_secret: super_secret redirect_uri: https://dex-k8s-authenticator.example.com/callback/staging k8s_master_uri: https://i.j.k.l - name: tools description: tools short_description: tools issuer: https://openam.example.com:443/openam/oauth2/cspprodrealm client_id: k8s client_secret: super_secret redirect_uri: https://dex-k8s-authenticator.example.com/callback/tools k8s_master_uri: https://m.n.o.p
Is this is how redirect_uri has to be defined for each k8s cluster?
redirect_uri: https://dex-k8s-authenticator.example.com/callback/sandbox redirect_uri: https://dex-k8s-authenticator.example.com/callback/devint redirect_uri: https://dex-k8s-authenticator.example.com/callback/staging redirect_uri: https://dex-k8s-authenticator.example.com/callback/tools
@bjethwan yes it will use the name attribute for each cluster to generate the callback uri.
name
I am going from single k8s to multiple k8s clusters fronted by the same dex-k8s-authenticator deployment. All these k8s clusters are configured with the same openam client-id/client-secret.
It's not clear in the documentation if redirect_uri has to refer back to the cluster name in the config file. https://github.com/mintel/dex-k8s-authenticator/blob/master/docs/config.md
Would something like this work fine with multiple clusters?
Is this is how redirect_uri has to be defined for each k8s cluster?