Unable to load dex certificates
Closed this issue · 2 comments
I'm getting error when try to install sso-operator
. Pod fails with error "failed to crate dex client: failed to load the CA cert from '/etc/dex/tls/tls.crt'"
.
Looks like there is a hard requirement about number of public certificates: https://github.com/jenkins-x/sso-operator/blob/5da43d3f701385be7d545ec0f654166683dea62b/pkg/dex/client.go#L39
Is it correct, or I do something wrong?
Steps to reproduce:
- Have latest
dex
installed from the charts:
# helm upgrade dex stable/dex --namespace default --install
- Install latest
sso-operator
:
# helm upgrade sso-operator ./sso-operator/charts/sso-operator --namespace default --install -f sso-operator.yml
sso-operator.yml:
dex:
grpcHost: dex.default
certs:
grpc:
client:
secretName: dex-grpc-client-tls
Default secret name is dex-grpc-client-cert
, but I've change it as stable/dex chart installs secret with name dex-grpc-client-tls
Full sso-operator chart output for debug purposes: https://gist.github.com/afoninsky/8d881f994acff562d6db9484a79c96b7
Failed certificate: https://gist.github.com/afoninsky/51aa6eb1b070dcdd585f69523d9b2a64
Do you have the cert-manager installed? The gRPC certs are issued by cert-manager.
We are using a forked version of dex because of a missing gRPC API, which it was recently merged into upstream dex, but I never tried.
You can try with this version of dex chart https://github.com/jenkins-x/dex/tree/master/charts/dex which has integration with cert-manager.
@afoninsky Do you need more help? Can I close this issue?