diff --git a/rootfs/opt/ibm/router/nginx/conf/oidc.lua b/rootfs/opt/ibm/router/nginx/conf/oidc.lua index 935728c8ff..388bd6a6eb 100644 --- a/rootfs/opt/ibm/router/nginx/conf/oidc.lua +++ b/rootfs/opt/ibm/router/nginx/conf/oidc.lua @@ -9,6 +9,8 @@ local SECRET_KEY = nil local BODY_AUTH_ERROR_RESPONSE = nil local errorpages_dir_path = os.getenv("AUTH_ERROR_PAGE_DIR_PATH") +local cluster_domain = os.getenv("CLUSTER_DOMAIN") + if errorpages_dir_path == nil then ngx.log(ngx.WARN, "AUTH_ERROR_PAGE_DIR_PATH not set.") else @@ -133,7 +135,7 @@ local function validate_access_token_or_exit() ngx.log(ngx.NOTICE, "Received OIDC token =",token) local httpc = http.new() - local res, err = httpc:request_uri("http://platform-identity-provider.kube-system:4300/v1/auth/userInfo", { + local res, err = httpc:request_uri("http://platform-identity-provider.kube-system.svc."..cluster_domain..":4300/v1/auth/userInfo", { method = "POST", body = "access_token=" .. token, headers = { @@ -158,7 +160,7 @@ end local function validate_policy_or_exit() local httpc = http.new() - ngx.log(ngx.NOTICE, "URL=http://iam-pdp.kube-system:7998/v1/authz") + ngx.log(ngx.NOTICE, "URL=http://iam-pdp.kube-system.svc."..cluster_domain..":7998/v1/authz") local method = ngx.req.get_method() ngx.log(ngx.NOTICE, "Method = ", method) @@ -205,7 +207,7 @@ local function validate_policy_or_exit() } } } - local res, err = httpc:request_uri("http://iam-pdp.kube-system:7998/v1/authz", { + local res, err = httpc:request_uri("http://iam-pdp.kube-system.svc."..cluster_domain..":7998/v1/authz", { method = "POST", body = cjson.encode(data), headers = { diff --git a/rootfs/opt/ibm/router/nginx/template/nginx.tmpl b/rootfs/opt/ibm/router/nginx/template/nginx.tmpl index 415527af32..cd404f16c2 100644 --- a/rootfs/opt/ibm/router/nginx/template/nginx.tmpl +++ b/rootfs/opt/ibm/router/nginx/template/nginx.tmpl @@ -26,7 +26,7 @@ env AUTH_ERROR_PAGE_DIR_PATH; env OAUTH_CLIENT_ID; env OAUTH_AUTH_REDIRECTOR; env WLP_CLIENT_ID; -env LEADER_MASTER_IP; +env CLUSTER_DOMAIN; events { multi_accept on;