Skip to content

Add custom CA for Keycloak OIDC from Helm chart #193

New issue
New issue
Open
#513
Open
Add custom CA for Keycloak OIDC from Helm chart#193
#513
@nbisson

Description

@nbisson
nbisson
opened on Sep 19, 2022

Hi,

I deployed Neuvector by using neuvector-helm-chart and I would like to add the authentification by Keycloak (Open ID Connect).

My values.yaml configuration :

controller:
  secret:
    enabled: true
    data:
      oidcinitcfg.yaml:
        Issuer: https://KEYCLOAK_URL/auth/realms/REALM
        Client_ID: neuvector
        Client_Secret: CLIENT_SECRET
        Scopes:
          - openid
          - profile
          - email
        Enable: true
        Default_Role: reader

However, I got the following error :

2022-09-19T11:58:57.914|ERRO|CTL|rest.handlerAuthLoginServer: User login failed - error=Post "https://KEYCLOAK_URL/auth/realms/REALM/protocol/openid-connect/token": x509: certificate signed by unknown authority server=openId1

The workaround would be to implement the ability to add your own CA from the chart. By adding the following content in the controller, the authentication works :

        volumeMounts:
        - mountPath: /etc/ssl/certs
          name: ca-volume
          readOnly: true
#...
      volumes:
      - name: ca-volume
        projected:
          defaultMode: 420
          sources:
          - configMap:
              name: custom-ca

What do you think about adding your own CA in the helm chart ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions