Dex configuration change do not apply properly on running Dex Pods #2569
Assignees
Labels
complexity:medium
Something that requires one or few days to fix
kind:bug
Something isn't working
priority:high
High priority issues, should be worked on ASAP (after urgent issues), not postponed
topic:authentication
Anything related to user authentication
topic:tests
What's not tested may be broken
Milestone
Comments
TeddyAndrieux
added
kind:bug
TeddyAndrieux
added a commit
that referenced
this issue
May 25, 2020
We need Dex Pods to restart when secret content change, so use the
`checksum/config` annotation on the Dex Pods. This annotation is equal
to the digest of the secret content
This chart is re-rendered using:
```
./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \
--service-config dex metalk8s-dex-config \
charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls
```
Fixes: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
We need Dex Pods to restart when secret content change, so use the
`checksum/config` annotation on the Dex Pods. This annotation is equal
to the digest of the secret content
This chart is re-rendered using:
```
./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \
--service-config dex metalk8s-dex-config \
charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls
```
Fixes: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
…x-config' into w/2.6/bugfix/GH-2569-add-digest-for-dex-config
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
We need Dex Pods to restart when secret content change, so use the
`checksum/config` annotation on the Dex Pods. This annotation is equal
to the digest of the secret content
This chart is re-rendered using:
```
./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \
--service-config dex metalk8s-dex-config \
charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls
```
Fixes: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 26, 2020
…x-config' into w/2.6/bugfix/GH-2569-add-digest-for-dex-config
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
We need Dex Pods to restart when secret content change, so use the
`checksum/config` annotation on the Dex Pods. This annotation is equal
to the digest of the secret content
This chart is re-rendered using:
```
./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \
--service-config dex metalk8s-dex-config \
charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls
```
Fixes: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
…x-config' into w/2.6/bugfix/GH-2569-add-digest-for-dex-config
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
…x-config' into w/2.6/bugfix/GH-2569-add-digest-for-dex-config
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
…x-config' into w/2.6/bugfix/GH-2569-add-digest-for-dex-config
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
Use CSC to change the password for the Admin static user and test login with this new password on Dex Refs: #2569
TeddyAndrieux
added a commit
that referenced
this issue
May 27, 2020
…x-config' into w/2.6/bugfix/GH-2569-add-digest-for-dex-config
bert-e
added a commit
that referenced
this issue
May 27, 2020
bert-e
added a commit
that referenced
this issue
May 27, 2020
…q/2573/2.5/bugfix/GH-2569-add-digest-for-dex-config' into tmp/octopus/q/2.6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component:
'tests', 'authentication'
What happened:
The Dex configuration is stored in a secret, mounted in the Dex Pods. If the secret change the file is automatically changed in the Dex Pods but as Dex process does not restart he still uses the old config.
Like explained in the docs for CSC to apply a change for Dex you need to manually restart the Dex Pods
What was expected:
Do not need user action to properly deploy the Dex config changes on all running Dex deployment (handled automatically by the salt state)
This Bug should have been seen in CSC test.
Steps to reproduce
Change the Dex secret (or the Dex CSC) and apply Dex salt state.
Resolution proposal (optional):
Add an annotationsUse themetalk8s.scality.com/config-digestchecksum/configannotation on the Dex Pod, containing a digest of the config file. So that when you apply the salt state and the config content changed the Pod will be re-created automatically. (same as the one we have for static pods)Remove the rollout command from the CSC doc
Add a new test to check that after a CSC update for Dex the change get applied on the running Pods as excepted
The text was updated successfully, but these errors were encountered: