History

Sirajudeen 0150d774d3 Rename Virtual Sites in Treasuremap * Renamed test-site to virtual-airship-core Relates-To: #154 Change-Id: I15905a5be8628b35f1cebcba95e3257f541d4e74		2021-07-12 19:01:49 +00:00
..
replacements	Rename Virtual Sites in Treasuremap	2021-07-12 19:01:49 +00:00
README.md	Treasuremap - Dex, API server & LDAP integration	2021-05-12 14:48:48 +00:00
dex-cert-issuer.yaml	[uplift] - Uplift airshipctl to stable version	2021-06-24 18:31:24 +00:00
dex-helmrelease.yaml	Rename Virtual Sites in Treasuremap	2021-07-12 19:01:49 +00:00
kustomization.yaml	[uplift] - Uplift airshipctl to stable version	2021-06-24 18:31:24 +00:00

README.md

DEX-AIO function

The DEX-AIO function implements the Dex Authentication service. It contains the HelmRelease manifest for dex-aio, which contains the LDAP connector customization as well as certificates to be used.

The certificate (Secret) used by dex-aio will be generated by the cert-manager, which will be signed by CA that is generated in the Ephemeral cluster and copied to the Target cluster during the airshipctl phase run clusterctl-move operation.

Before you can deploy this helm release, you will need to update the following:

      ldap:
        bind_password: "your LDAP bind password"
        config:
          host: "your LDAP FQDN"
          bind_dn: "your LDAP bind username"

Also, in the same helm release you will need to update the search criteria for the user and group based on your LDAP schema. See the attributes under spec.values.ldap to update below:

      user_search:
        base_dn: dc=testservices,dc=test,dc=com
        filter: "(objectClass=person)"
        username: cn
        idAttr: cn
        emailAttr: name
        nameAttr: name
      group_search:
        base_dn: ou=groups,dc=testservices,dc=test,dc=com
        filter: "(objectClass=group)"
        userMatchers:
          userAttr: name
          groupAttr: member
        nameAttr: name