There are a couple of ways to have dex-k8s-authenticator
use trusted certificates.
entrypoint.sh
runs update-ca-certificates
against certificates found in /certs/
They must end in the extension .crt
If using docker, you can mount a volume like so:
docker run --rm -t -i \
-v /tmp/certs:/certs:ro \
-v /tmp/config.yml:/tmp/config.yml:ro \
getditto/dex-k8s-authenticator:latest --config /tmp/config.yml
You can define multiple certificates via the configuration file:
trusted_root_ca:
- |
-----BEGIN CERTIFICATE-----
MIIGJDCCBAygAwI...
-----END CERTIFICATE-----
The configuration file requires the following:
listen: https://127.0.0.1:5555
tls_cert: /path/to/dex-client.crt
tls_key: /path/to/dex-client.key
- Note, the
listen
option is usinghttps
nothttp
- You need to supply both
.crt
and the.key
files
The .crt
and .key
file can be mounted as files in a volume.
Our Helm chart provides options for both using trusted root certs, and serving requests on SSL.
For more information on SSL support, please read here