loginapp
loginapp copied to clipboard
fydrah
Use base64 for cluster certificate authority
We are automating deploy loginapp + dex. We have difficulty on replace cluster certificate-authority strings.
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
******
-----END CERTIFICATE-----
It has pem format which has many lines and /n. The automation has difficulty to replace certficate-authority strings for different clusters. Do you support base64 encode string for this certificate-authority? like
# Clusters list for CLI configuration
clusters:
- name: test1
server: https://****:6443
certificate-authority: |
<base64 encoded string>
insecure-skip-tls-verify: false
# Alternative context name for this cluster
contextName: test
or any workaround would be much appreciated.
Thank you Henry
HI @HenryXie1 ,
Yes that's something we could do.
Currently we use the certificate-authority value, what we could change is:
- check if there is a
certificate-authority-dataalso (the b64 encoded cert) - if yes use this one instead during templating (https://github.com/fydrah/loginapp/blob/v3.2.3/web/templates/token.html#L120 and https://github.com/fydrah/loginapp/blob/v3.2.3/web/templates/token.html#L156)
- else, use the
certificate-authorityby default (this will avoid breaking changes)
I'll take a look at this.
I am in the same situation, for work around, I use yq to manipulate the content of ca, e.g.
yq -i e '.config.clusters[0].certificate-authority = "'"$(sudo cat /var/lib/rancher/k3s/server/tls/server-ca.crt)"'"' /vagrant/HelmWorkShop/loginapp/values.yaml
