Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding default config #64

Merged
merged 6 commits into from
Jul 5, 2024
Merged

Adding default config #64

merged 6 commits into from
Jul 5, 2024

Conversation

vvondruska
Copy link
Contributor

@vvondruska vvondruska commented Jun 27, 2024
edited
Loading

This PR:

Adds a simplified way to configure auth apps in the bundle.

There is a new defaultConfig section available in the Helm values, which can be used to provide essential details about Dex connectors and RBAC rules. Some additional configuration options for Dex are also supported. Everything else that is required to deploy the Auth bundle is retrieved automatically from existing configs.

The defaultConfgi section has the following structure:

defaultConfig:
  deployDexK8SAuthenticator: false # optional, determines whether the K8s Authenticator is deployed together with Dex
  oidc: # in case the defaultConfig is defined, the oidc property is required
    expiry: # optional: defines expiration rules for tokens generated by Dex
      signingKeys: 6h
      idTokens: 30m
#   Specification of customer and/or GiantSwarm Dex connectors.
#   Either customer or giantswarm connectors or both are required.   
    customer: # specification of Dex connector details - most importantly credentials: 
      connectors:
      - id: CONNECTOR_ID # common name is "customer"
        connectorName: CONNECTOR_NAME
        connectorType: CONNECTOR_TYPE # e.g. "microsoft" or "github"
        connectorConfig: |- # specific configuration based on connector type. Structure comes from Dex.
          clientID: CLIENT_ID
          clientSecret: CLIENT_SECRET
          tenant: TENANT_ID
#   giantswarm:
#     connectors:
#     - ...
  rbac: # optional but recommended
  - role: ROLE_NAME #required
    namespaces: # optional - if omitted, cluster-wide bindings are created
    - NAMESPACE
    groups: # either groups or users or both are required
    - CUSTOMER_GROUP_NAME
    users:
    - USER_NAME

More detailed configuration can be provided in the "standard" apps section if needed. In that case the defaultConfig section can be omitted.

When both defaultConfig and apps sections are present, they are merged together and the apps section takes priority.

Testing

Description on how auth-bundle can be tested.

  • fresh install works
    • AWS
    • Azure
    • KVM
  • upgrade from previous version works
    • AWS
    • Azure
    • KVM

Checklist

  • Update changelog in CHANGELOG.md.
  • Make sure values.yaml and values.schema.json are valid.

@vvondruska vvondruska linked an issue Jun 27, 2024 that may be closed by this pull request
auth-bundle ux improvements giantswarm/roadmap#3202
Closed
@vvondruska vvondruska mentioned this pull request Jun 27, 2024
Closed
@vvondruska vvondruska marked this pull request as ready for review July 3, 2024 07:48
@vvondruska vvondruska requested a review from a team as a code owner July 3, 2024 07:48
anvddriesch
anvddriesch approved these changes Jul 3, 2024
View reviewed changes
Copy link
Contributor

@anvddriesch anvddriesch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me! Just one question

helm/auth-bundle/templates/_helpers.tpl Show resolved Hide resolved
@vvondruska vvondruska removed a link to an issue Jul 4, 2024
auth-bundle ux improvements giantswarm/roadmap#3202
Closed
@vvondruska vvondruska linked an issue Jul 4, 2024 that may be closed by this pull request
Simplify Auth-bundle config giantswarm/roadmap#3549
Closed
anvddriesch
anvddriesch reviewed Jul 4, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
@vvondruska vvondruska merged commit eaff763 into main Jul 5, 2024
5 checks passed
@vvondruska vvondruska deleted the simple-config branch July 5, 2024 05:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anvddriesch anvddriesch anvddriesch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Simplify Auth-bundle config
2 participants
@vvondruska @anvddriesch