dex icon indicating copy to clipboard operation
dex copied to clipboard
verified publisher icon dexidp

Update kubernetes example to go throught the entrypoint

Open benjamin-bergia opened this issue 3 years ago • 6 comments

Preflight Checklist

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • [X] I am not looking for support or already pursued the available support channels without success.

Version

2.30.0

Storage Type

Kubernetes

Installation Type

Official container image

Expected Behavior

After reading https://github.com/dexidp/dex/issues/1099#issuecomment-1074105206, I tried to add templating to my configuration file and constantly had the following error: error parse config file /etc/dex/config.yaml: error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{".Env.GITHUB_CONNECTOR_CLIENT_ID":interface {}(nil)}

My config file, kubernetes deployment, environment variables, etc were all correct and based on the kubernetes example from this repository. After going again through the documentation, docker entrypoint, Dockerfile and sample config file, I realized that the kubernetes example is over writing the entrypoint.

Actual Behavior

To avoid this, the container specs should be:

      containers:
      - image: ghcr.io/dexidp/dex:v2.30.0
        name: dex
        args: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]

This will preserve the entrypoint defined in the Dockerfile.

Steps To Reproduce

No response

Additional Information

No response

Configuration

No response

Logs

No response

benjamin-bergia avatar Mar 22 '22 14:03 benjamin-bergia

I am keep on getting following error when trying to use the secret from Env. Secret works if I hard code the same.

invalid client_secret on token request for client

Tried all ways :

clientSecret: $CLIENT_SECRET
or 
clientSecret: {{ Env.CLIENT_SECRET }} 
or 
${CLIENT_SECRET}

I validated the variable CLIENT_SECRET which is there in the environment.

@nabokihms @sagikazarmark

tiwarisanjay avatar Jun 06 '22 21:06 tiwarisanjay

Related issue https://github.com/dexidp/dex/issues/2237 (it seems that it conflicts with the current one)

nabokihms avatar Jun 07 '22 14:06 nabokihms

@tiwarisanjay, it is better to open a new issue or a discussion because we need more data to debug the problem. I assume the minimal will be the Dex version and how you deploy it.

nabokihms avatar Jun 07 '22 14:06 nabokihms

@nabokihms https://github.com/dexidp/dex/issues/2553

tiwarisanjay avatar Jun 07 '22 17:06 tiwarisanjay

Same. I'm trying to use a secret for a staticClient from an environment variable in Dex 2.32.0 (deployed in Kubernetes). My Dex config.yaml is mounted from a ConfigMap and looks like this in the container:

issuer: https://XXX
storage:
  type: kubernetes
  config:
    inCluster: true
web:
  http: 0.0.0.0:5556
expiry:
  idTokens: 1h
connectors:
  - type: gitlab
    id: gitlab
    name: GitLab
    config:
      baseURL: XXX
      clientID: $GITLAB_APPLICATION_ID   # I can use this syntax here, but not down there
      clientSecret: $GITLAB_CLIENT_SECRET
      redirectURI: XXX
oauth2:
  skipApprovalScreen: true
staticClients:
  - id: abc
    secret: '{{ .Env.ABC_SECRET }}'   # Doesn't work
    name: 'ABC'
    redirectURIs:
      - XXX

My workaround is to do ad-hoc string replacement in the container startup command.

phoerious avatar Jun 22 '22 18:06 phoerious