External auth example #245
Conversation
| valid_sts_hosts: | ||
| - "sts.amazonaws.com" | ||
| - "sts.us-east-1.amazonaws.com" |
There was a problem hiding this comment.
no need for that, let's leave it with the default in fluffy (all)
| required_headers: | ||
| required-key: "custom-value" |
There was a problem hiding this comment.
I wonder maybe it's better to use the ingress host provided to add X-LakeFS-Server-ID ? it will save us a lot of typos and troubleshooting with clients. so by default configure required_headers with X-LakeFS-Server-ID: <lakefs.ingress.domain> using helpers and environment variables in the chart. Only if the client configures here in the values required_headers it will override it! Thoughts?
| required_headers: | |
| required-key: "custom-value" | |
| # required_headers: | |
| # required-key: "custom-value" | |
| # this header added by default in all clients to make sure one does authenticate with staging server and then reuses the token in production, so each request should be done per host | |
| # X-LakeFS-Server-ID: <lakefs.ingress.domain> |
| type: local | ||
| auth: | ||
| authentication_api: | ||
| endpoint: http://localhost:8080/api/v1 |
There was a problem hiding this comment.
why is this still here?
| #valid_sts_hosts: | ||
| # - "sts.amazonaws.com" | ||
| # - "sts.us-east-1.amazonaws.com" |
There was a problem hiding this comment.
that's really an advanced use case for someone to use that, i think its confusing, remove
| #required_headers: | ||
| # x-lakefs-custom-key: "custom-value" |
There was a problem hiding this comment.
| #required_headers: | |
| # x-lakefs-custom-key: "custom-value" | |
| # headers that must be present by the client when doing login request | |
| required_headers: | |
| # same host as the lakeFS server ingress | |
| X-LakeFS-Server-ID: <lakefs.ingress.domain> |
| logging: | ||
| level: "INFO" | ||
| blockstore: | ||
| type: local |
| logging: | ||
| format: "json" | ||
| level: "INFO" |
charts/lakefs/templates/_env.tpl
Outdated
| @@ -53,6 +53,10 @@ env: | |||
| - name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL | |||
| value: /logout | |||
| {{- end }} | |||
| {{- if (.Values.fluffy.sso).enabled }} | |||
charts/lakefs/templates/_env.tpl
Outdated
| {{- if (.Values.fluffy.sso).enabled }} | ||
| - name: LAKEFS_AUTH_AUTHENTICATION_API_ENDPOINT | ||
| value: {{ printf "http://%s/api/v1" (include "fluffy.ssoServiceName" .) | quote }} | ||
| {{- end }} |
There was a problem hiding this comment.
bump Chart.yaml version
Closes #247