Skip to content

Add custom CA for Keycloak OIDC from Helm chart #193

Description

@nbisson

Hi,

I deployed Neuvector by using neuvector-helm-chart and I would like to add the authentification by Keycloak (Open ID Connect).

My values.yaml configuration :

controller:
  secret:
    enabled: true
    data:
      oidcinitcfg.yaml:
        Issuer: https://KEYCLOAK_URL/auth/realms/REALM
        Client_ID: neuvector
        Client_Secret: CLIENT_SECRET
        Scopes:
          - openid
          - profile
          - email
        Enable: true
        Default_Role: reader

However, I got the following error :

2022-09-19T11:58:57.914|ERRO|CTL|rest.handlerAuthLoginServer: User login failed - error=Post "https://KEYCLOAK_URL/auth/realms/REALM/protocol/openid-connect/token": x509: certificate signed by unknown authority server=openId1 

The workaround would be to implement the ability to add your own CA from the chart. By adding the following content in the controller, the authentication works :

        volumeMounts:
        - mountPath: /etc/ssl/certs
          name: ca-volume
          readOnly: true
#...
      volumes:
      - name: ca-volume
        projected:
          defaultMode: 420
          sources:
          - configMap:
              name: custom-ca

What do you think about adding your own CA in the helm chart ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions