search

openshift / oauth-proxy

A reverse proxy that provides authentication with OpenShift via OAuth and Kubernetes service accounts
MIT License
261 stars 136 forks source link

--ssl-insecure-skip-verify=true not work as expected #233

Closed obabec closed 2 years ago

obabec commented 2 years ago

Hi, I am trying to setup oauth-proxy for Grafana for delegating to openshift oauth. I have following args for container

      - '--provider=openshift'
        - '--skip-provider-button=true'
        - '--ssl-insecure-skip-verify=true'
        - '--pass-basic-auth=false'
        - '--https-address=:9091'
        - '--request-logging=true'
        - '--http-address='
        - '--email-domain=*'
        - '--upstream=http://localhost:3000'
        - '--openshift-sar={"resource": "namespaces", "verb": "get","namespace":"tealc-monitoring"}'
        - '--openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get", "namespace":"tealc-monitoring"}}'
        - '--client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token'
        - '--cookie-secret-file=/etc/proxy/secrets/session_secret'
        - '--openshift-service-account=grafana-serviceaccount'
        - '--openshift-ca=/etc/pki/tls/cert.pem'
        - '--openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
        - '--openshift-ca=/etc/grafana-configmaps/ocp-injected-certs/ca-bundle.crt'
        - '--skip-auth-regex=^/metrics'

I need to skip TLS validation, I can provide only selfsigned certs. Can you help me figure right arg combination how to achieve my goal?

Thank you in advance.

openshift-bot commented 2 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 2 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot commented 2 years ago

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-ci[bot] commented 2 years ago

@openshift-bot: Closing this issue.

In response to [this](https://github.com/openshift/oauth-proxy/issues/233#issuecomment-1092020725): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.