Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How do I use the dex keycloak overlay #2328

Closed
simonjcarr opened this issue Nov 23, 2022 · 5 comments
Closed

How do I use the dex keycloak overlay #2328

simonjcarr opened this issue Nov 23, 2022 · 5 comments

Comments

@simonjcarr
Copy link

Hi, I need use keycloak as the OIDC provider. I can see there is a common/dex/overlays/keycloak overlay, but I don't know how to apply it.

I also saw there is a params.env file in common/oidc-authservice/base where I could change OIDC_PROVIDER value

I have tried adding

- ../common/dex/overlays/keycloak

to kustomization.yaml

but I get the following error when I run

while ! kustomize build example | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done
Error: accumulating resources: recursed merging from path '../common/dex/overlays/keycloak': may not add resource with an already registered id: ~G_v1_Namespace|~X|auth

Can anyone help.

@simonjcarr
Copy link
Author

simonjcarr commented Nov 23, 2022

I think I might be getting somewhere now. I have managed to get dex to start looking for my keycloak instance, but I am getting the following error.

failed to initialize server: server: Failed to open connector keycloak: failed to open connector: failed to create connector keycloak: failed to get provider: Get "https://xxxxxxxxxxxx:9443/auth/realms/kubeflow/.well-known/openid-configuration": x509: certificate signed by unknown authority

I can see in the keycloa;k config-map.yaml there is

 web:
      https: 0.0.0.0:5556
      tlsCert: /etc/dex/tls/tls.crt
      tlsKey: /etc/dex/tls/tls.key

How do I get those certificates into the dex container? Is there already a file in the example customizations that points to a secret or do I have to sort that out manually? or do I put the certificates for connecting to keycloak somewhere else?

@kd303
Copy link

kd303 commented Apr 3, 2023

Hi.

Have you been able to relsovle this issue? It is one of the key issues that need to be resovled for most enterprise deployment which uses open source version of Kubeflow? Any guide will help

@juliusvonkohout
Copy link
Member

I know for a fact that dex is working with Keycloak within Kubeflow. @kd303 for enterprises you can buy enterprise support from various companies or freelancers active in the project.

Otherwise we need volunteers to contribute something open source.

@juliusvonkohout
Copy link
Member

/close

duplicate of #2379

@google-oss-prow
Copy link

@juliusvonkohout: Closing this issue.

In response to this:

/close

duplicate of #2379

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants