Spinnaker authentication using IAP

风格不统一 提交于 2020-03-03 04:43:07

问题


We are trying to enable authentication in Spinnaker using IAP.

  • Spinnaker is deployed in GKE using HAL

  • Deck and Gate are exposed to different domains using Ingress and HTTPS is enabled for both.

  • IAP is enabled and credential is created.

  • HAL configurations for IAP have been done and redeployed. BaseURLs for UI & API have been set.

  • CORS pattern is set to the UI URL.

Now when i try to open the application, initially the redirects to https://accounts.google.com/o/oauth2/v2/auth?.... fails a few times (CORS error) before sending me to the log in page. Once logged in, my name appears in the welcome page of Spinnaker. After this stage all API (Gate) calls are failing with CORS error (Access to XMLHttpRequest at 'https://spinnaker-api.abc.com/webhooks/preconfigured' from origin 'https://spinnaker.abc.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.). Same is the issue with Applications call as well.

We have set the baseURLs for UI as well as API. So ideally CORS should have been taken care of.

When I hit https://spinnaker-api.abc.com/applications directly from the browser, I am getting a 200 response.

Any help would be highly appreciated.

Thanks!


回答1:


Well, I got it working sometime back. The deck has to be exposed using IAP. Deck has a /gate proxy to gate. Set this as the API baseurl (spinnakergate-domain.com/gate) and it should work.

I had to edit the .hal/default/service-settings/deck.yml file to make /gate proxy available.



来源:https://stackoverflow.com/questions/54808368/spinnaker-authentication-using-iap

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!