Skip to content

Integrate core auth in EE #406

New issue
New issue
Closed
Closed
Integrate core auth in EE#406
Assignees
yiannistrisarataha
Labels
team/pesto
@foot

Description

@foot
foot
opened on Jan 5, 2022
  • Core serves the UI from the api server
  • EE serves the UI from another server that is mux'd by an ingress-controller

Options:

  • Teach the ingress controller about oidc / auth
  • Merge the ui-server and api-server

Decision:

  • YAGNI (ingress-controller)
  • Lets merge the 3 deployments (broker / cluster / ui)

Refactoring tasks:

  • Merge all the go.mods together into a single root go.mod
  • Mount the gitops-broker handlers onto the main clusters-service mux
    • There is a possibility to invest a bit more here and add the routes to the proto defs too but the multi-cluster work might make all the broker routes obsolete too.
  • Add a root route to serve the ui from the clusters-service and update build processes to mount it (see how core does this)
  • Remove build tooling and helm chart deployments for the ui-server and the gitops-broker

Auth tasks:

  • Add auth middleware and OIDC params to clusters-service
  • Add kube clientGetter impersonation to all handlers
  • document how to configure OIDC in EE (maybe include adding some more values to helm-chart)

Metadata

Metadata

Assignees

Labels

team/pesto

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions