Closed
Bug 1457608
Opened 6 years ago
Closed 6 years ago
Make signature validation work on redeployable clusters
Categories
(Taskcluster :: Services, enhancement)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bstack, Assigned: bstack)
References
Details
Currently the way we have set up the ingress in front of our services in kubernetes will make signature validation... weird (I think). Things off the top of my head: 1) Most of our services hard-code publicUrl in production. 2) If we do rewrites without changing host header for each service paths will be the same. e.g. v1/ping on auth and v1/ping on index are the "same" so we would need to ensure uniqeness. 3) More that I'm not thinking of I'm reading up on ingress docs now to see what options we have. https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#external-authentication https://kubernetes.io/docs/concepts/services-networking/ingress/
Assignee | ||
Comment 1•6 years ago
|
||
Ok, I've looked into this a bit more. I think I've crystallized the issue. Ignore what I wrote above for the most part. Will be submitting a PR in a bit that seems to make this work! (now whether or not we _want_ to make this work we can decide on monday)
Assignee | ||
Comment 2•6 years ago
|
||
https://github.com/taskcluster/taskcluster-auth/pull/154
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → bstack
Assignee | ||
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Component: Redeployability → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•