Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dex config.yaml on init requires elevated privileges #794

Open
castaway2000 opened this issue Apr 5, 2024 · 2 comments
Open

dex config.yaml on init requires elevated privileges #794

castaway2000 opened this issue Apr 5, 2024 · 2 comments
Labels
feedback Share feedback to improve Terrakube

Comments

@castaway2000
Copy link

Feedback

Hi i just spent the better part of my day troubleshooting dex in this deployment. i was getting the following:

error: cannot fork/exec command [gomplate -f /exec/dex/config.yaml -o /tmp/dex.config.yaml]
{"level":"error","error":"template: /etc/dex/config.yaml:4: function \"secrets\" not defined","time":"2024-04-04T23:54:00Z"}\n"

i spent a ton of time thinking the secret was not being generated because of this error. No where in the documentation for deploying terrakube with dex does it mention permissions or this generated secret. after some digging i found the dex helm values and figured out how to translate them into terrakube-dex helm values. i eventually realized that it might be a permissions issue after a rabbit hole of dex tickets.

The solution to my problem was as follows:

add the following to the top of the "dex:" block:

  enabled: true
  podSecurityContext: {      
    allowPrivilegeEscalation: true
  }
  configSecret:
    create: true

Could we get some documentation for advanced dex integration and management with terrakube? i had to dig really deep to find these and extract them and then dig a little more -> https://github.com/AzBuilder/terrakube-helm-chart/tree/main/charts/terrakube/charts once i had these i had to do some work to map it back to your provided helm stuff. its also not in any of the values writeups you have provided for dex.

Thanks for your work on this project. its really cool.
@castaway2000 castaway2000 added the feedback Share feedback to improve Terrakube label Apr 5, 2024
@alfespa17
Copy link
Member

Hello @castaway2000, we have some small samples in the following link using some dex connectors.

https://github.com/AzBuilder/terrakube-helm-chart/tree/main/examples

There are a lot of different ways to setup DEX connectors depending on your configuration, for the helm chart we set like the basic to make it work.

If you have any suggestions for the helm chart, for the examples or the documentation feel free to send a pull request we appreciate all help for this project.

By the way this is the first time that I see the above error I guess it is related to some very specific configuration.

@castaway2000
Copy link
Author

I am mostly concerned about the error i encountered. it seems like it was not an issue with the basics but when i added Microsoft and make it for a production kubernetes the problem persisted. with minikube testing on the defaults it never encountered this error. it would be a nice blurb to have this in the docs about permissions regarding productionizing dex.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feedback Share feedback to improve Terrakube
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alfespa17 @castaway2000