Skip to content

Documentation fix #3257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Documentation fix #3257

wants to merge 5 commits into from
+1 −1

Conversation

@Pradyumn-cloud
Copy link

@Pradyumn-cloud Pradyumn-cloud commented Oct 10, 2025
edited
Loading

Fix - #3244

Changes done as Mentioned in issue.

insecureSkipVerify set to true

added jwksUri: http://dex.auth.svc.cluster.local:5556/dex/keys

✅ Contributor Checklist

@google-oss-prow
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yanniszark for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@juliusvonkohout juliusvonkohout linked an issue Oct 10, 2025 that may be closed by this pull request
documentation fix in case of external IdP and Kubeflow with self-signed certs #3244
Open
8 tasks
@juliusvonkohout
Copy link
Member

You need to sign you commits as desribed in https://github.com/kubeflow/manifests/pull/3257/checks?check_run_id=52443746965

juliusvonkohout
juliusvonkohout reviewed Oct 10, 2025
View reviewed changes
common/dex/README.md Outdated
clientSecret: $CLIENT_SECRET
redirectURI: $REDIRECT_URI
insecure: false
insecureSkipVerify: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. the default should be false
  2. Please link in an inline comment about self-signed certificates to the dex documentation where this is documented

juliusvonkohout
juliusvonkohout reviewed Oct 10, 2025
View reviewed changes
common/dex/README.md Outdated
app: istio-ingressgateway
jwtRules:
- issuer: $DEX_ISSUER
jwksUri: http://dex.auth.svc.cluster.local:5556/dex/keys
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert this. It should be a comment for the variable in line 156 DEX_ISSUER="https://kubeflow.example.com/dex". Please also link to the dex documentation or something that explains the change.

@juliusvonkohout
Copy link
Member

@Pradyumn-cloud your commits still have to be signed.

@Pradyumn-cloud
Documentation fix
206f6d9 
Signed-off-by: Pradyumn-cloud <[email protected]>
@Pradyumn-cloud
further changes in doc file
7fe4cde 
Signed-off-by: Pradyumn-cloud <[email protected]>
@Pradyumn-cloud
Adding required comments
57757fc 
Signed-off-by: Pradyumn-cloud <[email protected]>
@Pradyumn-cloud
Add DCO sign-off for previous commit
f16b1f1 
Signed-off-by: Pradyumn-cloud <[email protected]>
juliusvonkohout
juliusvonkohout reviewed Oct 23, 2025
View reviewed changes
common/dex/README.md Outdated
clientSecret: $CLIENT_SECRET
redirectURI: $REDIRECT_URI
insecure: false
# Set to true only for self-signed certificates. See: https://dexidp.io/docs/connectors/oidc/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not see "insecureSkipVerify" on the page you linked

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and an inline comment would be insecureSkipVerify: false # Set to true only for self-signed certificates. See: https://dexidp.io/docs/connectors/oidc/ in a single line

Copy link
Member

@juliusvonkohout juliusvonkohout Oct 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

insecureSkipVerify: false # Specify whether to communicate with the authentication provider without validating SSL certificates see https://dexidp.io/docs/connectors/oauth/ and https://dexidp.io/docs/connectors/oidc/

would be my guess but on the pages linked i see it in the oauth instead of the oidc section. CC @kromanow94 @kimwnasptd for more input

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oidc doc dont mention insecureSkipVerify instead oauth2.0 do.

So i am adding this line - insecureSkipVerify: false # Specify whether to communicate with the authentication provider without validating SSL certificates see https://dexidp.io/docs/connectors/oauth/ and https://dexidp.io/docs/connectors/oidc/.

@Pradyumn-cloud
new changes
e856e76 
Signed-off-by: Pradyumn-cloud <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliusvonkohout juliusvonkohout juliusvonkohout left review comments

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

documentation fix in case of external IdP and Kubeflow with self-signed certs

2 participants

@Pradyumn-cloud @juliusvonkohout