Option to add staticPasswords from environment variables #1601
Conversation
|
@ericchiang @rithujohn191 @sagikazarmark @bonifaido could any one of you PTAL? |
|
Circling back in here again to see if we could please get this reviewed once. |
|
I am no longer a dex maintainer. Please stop cc'ing me :) |
|
@krishnadurai we've received your PR, but as the holidays are coming, it probably won't be reviewed until next year. |
|
@sagikazarmark thanks for replying. Sorry for being impatient about it. We could wait until the holidays end. :-) |
|
@sagikazarmark this is ready for a look. |
|
@sagikazarmark Could we please move this PR forward? |
|
@krishnadurai I've looked at your PR, it looks OK implementation-wise, but I'm not sure I would ever use this feature from an operational standpoint. Managing users in a static file already presents a lot of limitations and issues (eg. security) and I understand this is an attempt improve that last bit, but I'm not 100% it's actually an improvement. Can you tell me a bit more about how you imagine using this feature? Or in what cases would you consider recommending it? Thanks! |
|
I'd love to have this feature, so far we awaited for such feature to move secrets into k8s secretes, k8s secrets are perfectly managed by kustomize and vault plugin. Of course, better option would be an operator, but I'm not aware of any existing yet. |
|
@sagikazarmark We use Dex in Kubeflow. One of our setups is a basic authentication - based setup. We are keen on using staticPasswords field for setting up basic auth with Dex for Kubeflow. Show that this committed configuration has secrets. We are looking to accept environment variables through our deployment plugin (kubeflow/kfctl) which would set this environment variable on the Dex controller pod programmatically. |
There was a problem hiding this comment.
@krishnadurai well, I'm still not convinced if this is the best solution, but it's a solution, it's already done and looks OK to me.
|
@sagikazarmark thanks for considering it @sagikazarmark! |
|
@bonifaido It looks like this requires your review as well. Could you please take a look? |
This PR introduces the ability to set StaticPasswords with field 'hashFromEnv'.
Partially implements requirements from #1099.
Relates to kubeflow/kfctl#130
/cc @ericchiang @rithujohn191 @sagikazarmark @bonifaido