UNCLASSIFIED - NO CUI

Skip to content

Add TLS support to configure-sso job

Dax McDonald requested to merge dax/fixup_anchore_sso_cert into main

General MR

Summary

Ensure that the configure-sso job has TLS secrets injected correctly

Relevant logs/screenshots

  • Tested fix with self-signed approach. SSO configuration appears to work and job exits successfully

How to test this locally 😅 :

  1. Deploy Anchore (see development maintenance docs for how to do this)
  2. Provide enterprise license and enable SSO and UI.
  3. Deploy Anchore with internal TLS required
    1. This will require you to create a secret with the necessary certs, likely self-signed
    2. I wasn't able to get Anchore's Enterprise UI to start without telling the node process in the frontend to explicitly not verify TLS certs. Done by setting NODE_TLS_REJECT_UNAUTHORIZED=0 as an env var on the UI container
  4. Depending on how you create your self-signed certs curl may verify if the SN matches dev.bigbang.mil
  5. May need to set .Values.anchoreConfig.internalServicesSSL.verifyCerts to false to pass --insecure flags to curl and other services to prevent them from verifying the certs.

Linked Issue

#189 (closed)

Upgrade Notices

No notice required

Edited by Dax McDonald

Merge request reports

UNCLASSIFIED - NO CUI