operator: support storing SSO connector client secret in a Kubernetes Secret #46699
Conversation
github-actions
bot
requested review from
mmcallister,
ptgott,
r0mant,
xinding33 and
zmb3
hugoShaka
changed the title
|
🤖 Vercel preview here: https://docs-gy730te5k-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-nfzay6sn4-goteleport.vercel.app/docs/ver/preview |
docs/pages/admin-guides/infrastructure-as-code/teleport-operator.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
| @@ -29,7 +29,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. | |||
| |api_endpoint_url|string|APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for.| | |||
| |client_id|string|ClientID is the Github OAuth app client ID.| | |||
| |client_redirect_settings|[object](#specclient_redirect_settings)|ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones.| | |||
| |client_secret|string|ClientSecret is the Github OAuth app client secret.| | |||
| |client_secret|string|ClientSecret is the Github OAuth app client secret. This field supports secret lookup. See the operator documentation for more details.| | |||
There was a problem hiding this comment.
Nit: I'd add a link to "operator documentation" to user can easily navigate.
There was a problem hiding this comment.
This will be an absolute link because it will be displayed in kubectl explain teleportgithubconnector.spec
There was a problem hiding this comment.
The doc linter blocks me from puttin an absolute link,it wants a relative one. Relative links make no sense in the CRD so I will revert this change and remove the link.
docs/pages/reference/operator-resources/resources.teleport.dev_oidcconnectors.mdx
Show resolved
Hide resolved
integrations/operator/controllers/resources/secretlookup/secretlookup.go
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
docs/pages/admin-guides/infrastructure-as-code/teleport-operator/secret-lookup.mdx
Outdated
Show resolved
Hide resolved
public-teleport-github-review-bot
bot
removed request for
marcoandredinis,
tigrato,
mmcallister,
zmb3,
bernardjkim and
xinding33
public-teleport-github-review-bot
bot
removed request for
bernardjkim and
xinding33
|
How does this play with #46041? |
Teleport is not aware of the secret:// scheme, the operator replaces the secret:// uri by the secret value. Any other scheme is passed as-is. If you were to set |
|
Great, sounds like we can merge both PRs without any issues then. |
Co-authored-by: Paul Gottschling <[email protected]> Co-authored-by: Roman Tkachenko <[email protected]>
|
🤖 Vercel preview here: https://docs-8l9cfisam-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-4oym9b189-goteleport.vercel.app/docs/ver/preview |
This reverts commit cd812eb.
|
🤖 Vercel preview here: https://docs-q947jrwr2-goteleport.vercel.app/docs/ver/preview |
… Secret (#46699) * Allow operator secret lookup * Document which fields can lookup secrets * operator: support secret lookup * fixup! operator: support secret lookup * Apply suggestions from code review Co-authored-by: Paul Gottschling <[email protected]> Co-authored-by: Roman Tkachenko <[email protected]> * lint * add link to operator docs * address feedback * Revert "add link to operator docs" This reverts commit cd812eb. --------- Co-authored-by: Paul Gottschling <[email protected]> Co-authored-by: Roman Tkachenko <[email protected]>
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
@hugoShaka See the table below for backport results.
|
Fixes: #6815
Changelog: The Teleport Kubernetes Operator is now able to lookup the GitHub and OIDC connector
client_secretvalue from a Kubernetes Secret.