8b7c30cfbd
- TLS certificates can be configured on the OIDCProviderConfig using the `secretName` field. - When listening for incoming TLS connections, choose the TLS cert based on the SNI hostname of the incoming request. - Because SNI hostname information on incoming requests does not include the port number of the request, we add a validation that OIDCProviderConfigs where the issuer hostnames (not including port number) are the same must use the same `secretName`. - Note that this approach does not yet support requests made to an IP address instead of a hostname. Also note that `localhost` is considered a hostname by SNI. - Add port 443 as a container port to the pod spec. - A new controller watches for TLS secrets and caches them in memory. That same in-memory cache is used while servicing incoming connections on the TLS port. - Make it easy to configure both port 443 and/or port 80 for various Service types using our ytt templates for the supervisor. - When deploying to kind, add another nodeport and forward it to the host on another port to expose our new HTTPS supervisor port to the host. |
||
|---|---|---|
| .. | ||
| good-ec-key.pem | ||
| good-jwk.json | ||
| good-jwks.json | ||
| invalid-key-jwk.json | ||
| invalid-key-jwks.json | ||
| missing-active-jwks.json | ||
| not-json.txt | ||
| private-jwks.json | ||
| public-jwk2.json | ||
| public-jwk.json | ||
| test2.crt | ||
| test2.key | ||
| test.crt | ||
| test.key | ||