Skip to content

Commit 3bef6fa

Browse files
bradfordwagnerbradfordwagner
committed
Merge remote-tracking branch 'masonm/add-dev-environment' into feature/sso-cacerts
2 parents 15bb35f + 0633548 commit 3bef6fa

File tree

6 files changed

+82
-1
lines changed

6 files changed

+82
-1
lines changed

.devcontainer/devcontainer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
// This image is built and pushed by .github/workflows/devcontainer.yaml using .devcontainer/builder/devcontainer.json
66
"image": "quay.io/argoproj/argo-workflows-devcontainer",
77

8-
"forwardPorts": [9000, 9001, 9090, 2746, 8080, 5556, 6060, 9091, 3306, 5432, 10000, 8000],
8+
"forwardPorts": [9000, 9001, 9090, 2746, 8080, 5556, 5554, 6060, 9091, 3306, 5432, 10000, 8000],
99
"hostRequirements": {
1010
"cpus": 4
1111
},

Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,8 +102,10 @@ endif
102102
# Need to rewrite the SSO redirect URL referenced in ConfigMaps when UI_SECURE and/or BASE_HREF is set.
103103
# Can't use "kustomize" or "kubectl patch" because the SSO config is a YAML string in those ConfigMaps.
104104
SSO_REDIRECT_URL := http
105+
SSO_ISSUER_URL := http://dex:5556/dex
105106
ifeq ($(UI_SECURE),true)
106107
SSO_REDIRECT_URL := https
108+
SSO_ISSUER_URL := https://dex:5554/dex
107109
endif
108110
ifeq ($(BASE_HREF),)
109111
BASE_HREF := /
@@ -594,6 +596,7 @@ install: githooks ## Install Argo to the current Kubernetes cluster
594596
| sed 's|quay.io/argoproj/|$(IMAGE_NAMESPACE)/|' \
595597
| sed 's/namespace: argo/namespace: $(KUBE_NAMESPACE)/' \
596598
| sed 's|http://localhost:8080/oauth2/callback|$(SSO_REDIRECT_URL)|' \
599+
| sed 's|http://dex:5556/dex|$(SSO_ISSUER_URL)|' \
597600
| KUBECTL_APPLYSET=true kubectl -n $(KUBE_NAMESPACE) apply --applyset=configmaps/install --server-side --prune -f -
598601
ifeq ($(PROFILE),stress)
599602
kubectl -n $(KUBE_NAMESPACE) apply -f test/stress/massive-workflow.yaml

manifests/components/sso/dex/dev-svc.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,5 +6,7 @@ spec:
66
ports:
77
- name: http
88
port: 5556
9+
- name: https
10+
port: 5554
911
selector:
1012
app: dex

manifests/components/sso/dex/dex-cm.yaml

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ data:
1313
file: ":memory:"
1414
web:
1515
http: 0.0.0.0:5556
16+
https: 0.0.0.0:5554
17+
tlsCert: /data/tls.crt
18+
tlsKey: /data/tls.key
1619
logger:
1720
level: debug
1821
staticClients:
@@ -33,3 +36,53 @@ data:
3336
hash: $2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W
3437
username: admin
3538
userID: 08a8684b-db88-4b73-90a9-3cd1661f5466
39+
# Self-signed certificate generated via https://github.com/dexidp/dex/blob/7e2225c0e6594dafd049b5cb3a9fe1fd1941f385/examples/k8s/gencert.sh
40+
tls.crt: |
41+
-----BEGIN CERTIFICATE-----
42+
MIIDHDCCAgSgAwIBAgIUbheSqdU5mYJvB4tYDfYv1xYGUL8wDQYJKoZIhvcNAQEL
43+
BQAwEjEQMA4GA1UEAwwHa3ViZS1jYTAeFw0yNTEwMjcwMTQ2MzhaFw0yNTExMDYw
44+
MTQ2MzhaMBIxEDAOBgNVBAMMB2t1YmUtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
45+
DwAwggEKAoIBAQC2Yx1p7W4v+3z1LGGePcQz6UzezSFQgQMFk/VX3k6OqqVJg8tr
46+
KBYmk6NyeBx2ayo+yLfOWhzAF2tP/jF/s15yyttHjYHA02TSkt+SrpHlqSUSBUO2
47+
E2DHH3y0r0tJT4GEnSLsN4YOwo4BGQ++o97z83GkPHY08r7CCOzs/PkyBLv/bhNk
48+
x2MYLbC8UTqCJMg8dw+5UBKhgvLxLKu/51Tv21CWfhPmTwXlo4+SJlNZ9P09S8M/
49+
mlQB8tZOBYY//xY2d938zMAUlc/wgNAVrQCa78RDpos98VBUuMAzlZvMcP/6qe5X
50+
Q7rlvoDxfQHhc7naWjXyUrFkubt3d6edGPM9AgMBAAGjajBoMAkGA1UdEwQCMAAw
51+
CwYDVR0PBAQDAgXgMA4GA1UdEQQHMAWCA2RleDAdBgNVHQ4EFgQUp0lk1FwePOOy
52+
TrspSac1NPwz1DYwHwYDVR0jBBgwFoAU5Bfyd/AUEA0ZUbM0cLIduM7pU1kwDQYJ
53+
KoZIhvcNAQELBQADggEBAA0cCDgsnuF3TnX4+vAlQHXlcSwUMSWeJi2whZZvX83N
54+
kk6MkvTor0cbTqBtZkyMw8IvW8ioxyEO+GQnZfbZ11XTimfOCLoP+Lxo4wGA7WeJ
55+
NVTU26rvi0nfvWXBusk6a8M5HMQ/kAUmzG/Vb0wriQ+q5P906AzU83TljXTFXOTP
56+
gNFZcfwdi/ALp9ZthEPmbPTUSSs05td3agJqSomsOVsWEDYb7GJEIqi9JP2eihhA
57+
8puMm/9SX9Sv0oLPZECXsZcK/AGRIGm1MQfXnlauFqJR26kM4arSU9np7IAqPboZ
58+
KySHaTX4XYnvxVX5BMT9HaFRJ3bcRJE0Osk8hOZkzWQ=
59+
-----END CERTIFICATE-----
60+
tls.key: |
61+
-----BEGIN PRIVATE KEY-----
62+
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2Yx1p7W4v+3z1
63+
LGGePcQz6UzezSFQgQMFk/VX3k6OqqVJg8trKBYmk6NyeBx2ayo+yLfOWhzAF2tP
64+
/jF/s15yyttHjYHA02TSkt+SrpHlqSUSBUO2E2DHH3y0r0tJT4GEnSLsN4YOwo4B
65+
GQ++o97z83GkPHY08r7CCOzs/PkyBLv/bhNkx2MYLbC8UTqCJMg8dw+5UBKhgvLx
66+
LKu/51Tv21CWfhPmTwXlo4+SJlNZ9P09S8M/mlQB8tZOBYY//xY2d938zMAUlc/w
67+
gNAVrQCa78RDpos98VBUuMAzlZvMcP/6qe5XQ7rlvoDxfQHhc7naWjXyUrFkubt3
68+
d6edGPM9AgMBAAECggEAB1XPpEe6B4B+C088YtSZnDvdDVXjKd1ybWpAswa8EpVO
69+
3fjIuNfNIkKMT4mAnYucUJeaethZcSlP9dDjlT71xLifXo6UohhuZOCm0LuoHvwx
70+
QzsGeN9pJEECLzMgnENwElEOi0EFaXkOJIGpRjHJgPawwpny6Bi+LsgUnUhkTkxc
71+
gKQU1pdX3F5QGBp0YdTzPj3Ekf3Tw7z+gT+8JkV8Z/g+1kRusgyBCrjfmHe6ulv6
72+
9LMbl3vdc+HnK/jw0Lx0eIMdRDJb4gotpATCoEwVA0CZTJRvaGFY1mUQwQ7uecqf
73+
v/P1vQYW5nKtEWJaYJ45hpl0pvjLS5rmMfbrdo5ByQKBgQDrQ05ER5+NKe8Wj3qS
74+
HKTdbVN6nOkbMzRkwmqWAl0pRPpRysnegrUwvApNr73IL/HVTw9RQwiR/d0QZKM9
75+
aDlO1mVrBThAY7EyeUmZSZBUXbYZg6dOntKU+C2GztIzHHXXLsNuaKuI3UXcyJqO
76+
S7PH9Z5f3+PSF+UFIXI4tgLb5QKBgQDGdqvFC2mYPCvcTUYcgdQFZzBTBAiVbKFt
77+
yrHsXTOpnrkxQF/uV9qCgrIddAqm+2uPZqRXgscJpYv+mMhcQDrLrSIh1i5KSBBU
78+
HcvmZUiqQ5/vi+PyEipXcaEvO16c8aDs3Ls8W68NPjLnOCpS2zWTKgK88prxCREM
79+
A7IbKHq0eQKBgCIFMJs1FEBwkO9dPidE1x5iAdFYQWk6hVgQuSMKInimTeBoB7sS
80+
gasTdhX31OTO8hSbgyaIIAQkhsQpGWX23VqmLDJGpfTBtc0LtvXgqmtYxc14uUfo
81+
NaFvJf45iDH16qB8VaxwnGWFQeYEaD0te0juHsHUeXhXFjogtQi4YT91AoGAXQmW
82+
3snJ188ldKJZItYOEfZc5h329C23w6OJI1hR9sts39Tg4/gVfKdOXpZexAcLVm90
83+
zX2GV1RfO5xeGTkXFxJz9M7WZoY/+V76jmie1wrauE6pLnsrlFC1klHPud1gZonX
84+
0KTefGPTMyfWV39iLzo7jF5jGmn4rtwwq6CfXWkCgYEAic8g95T9mcswD4dtoq8n
85+
Y0D2jn4haw6M8x1cI0Op3M3cyST1vng7y2ta+YVbpws8j6n0hVfPPWZ42pBK3j5J
86+
lpS2grJ+nbmdPu4S2zr8hbwVpqjYYlSKa5YhTnq4pYCfAgulYQ5QeOCDIFBJSaFp
87+
eQNDdRcWA8EWy9aPeyEzMc0=
88+
-----END PRIVATE KEY-----

manifests/components/sso/dex/dex-deploy.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ spec:
2424
ports:
2525
- name: http
2626
containerPort: 5556
27+
- name: https
28+
containerPort: 5554
2729
volumeMounts:
2830
- mountPath: /data
2931
name: config

manifests/components/sso/overlays/workflow-controller-configmap.yaml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,27 @@ data:
66
sso: |
77
issuer: http://dex:5556/dex
88
issuerAlias: http://dex:5556/dex
9+
# ca.pem associated with the self-signed cert in manifests/components/sso/dex/dex-cm.yaml
10+
rootCA: |
11+
-----BEGIN CERTIFICATE-----
12+
MIIDBTCCAe2gAwIBAgIUMKWILZAQMhB5HJvcvoXNhd8bOEMwDQYJKoZIhvcNAQEL
13+
BQAwEjEQMA4GA1UEAwwHa3ViZS1jYTAeFw0yNTEwMjcwMTQ2MzhaFw0yNTExMDYw
14+
MTQ2MzhaMBIxEDAOBgNVBAMMB2t1YmUtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
15+
DwAwggEKAoIBAQCGlEuUr07CDmZ2sKV6J1KEKEzfOdbmkhT1o7Z8qmOIuGK/TqYg
16+
lXs6DJ+Vtfbq0jB9BWhA+8/Mik8GtUHOp+pEcoHncCsIwOmA5NCmnCFOhINYQe+w
17+
njk5dPztB+0PP1+R0hiwtjl/ERgbhOb2z3xUbjCbKZ95c7iUoquki6TAEaID1n+A
18+
TJcS9OMDF07oVPuW3Il1H8I9CjmfX34wetYLxmzPeoaUoxslqI0k3Htu7dRibZZz
19+
UDbQ59wup6JajFWYTIIVq2yfmtQ812a7z9QZUNmrBVMsz7wCkPPVG/Xv7pVgHMLw
20+
JpqirR9A8V4OHumSk4s+P+O60Wb4NJaE8I9vAgMBAAGjUzBRMB0GA1UdDgQWBBTk
21+
F/J38BQQDRlRszRwsh24zulTWTAfBgNVHSMEGDAWgBTkF/J38BQQDRlRszRwsh24
22+
zulTWTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmfmUA20Cd
23+
INYHr7faU501JZuFcJ9QPbNb9wxGMNk3x940ixshutOBD3KWHafE9HOLFyp3BTGH
24+
bNRBKwbbnqzHLvRaUwfOqRW2xFyKncxNGpTchlM3JeR7gfRxGuEdXASb4WbnJpvh
25+
98Bv0IaUU2IQUjRl//HSDoJ6xANa4VmtBBRP3/9Vln8WMaYrTlenJMyn/uq5AQHx
26+
9DIXaBkA2GX8bWj7H8s/5RNJr0qz8o3BSWBEv87LZxppA/lK8SZ5wd7GnMCJ17MU
27+
glFG6TkG174Am0dbhla6UIvx+JTWgtbs+iD0hPhVrQrMV+V548jpdmCzCjUApEj7
28+
BWhCrTK0M1QI
29+
-----END CERTIFICATE-----
930
clientId:
1031
name: argo-server-sso
1132
key: clientID

0 commit comments

Comments
 (0)