You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/12/13 18:11:40 UTC
[GitHub] [superset] marxjd opened a new issue #17729: Unable to implement AWS TLS Certificate
marxjd opened a new issue #17729:
URL: https://github.com/apache/superset/issues/17729
When we add a certificate to our service, Superset returns empty response after Okta handshake.
```
templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: {{ template "superset.fullname" . }}
labels:
app: {{ template "superset.name" . }}
chart: {{ template "superset.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 80
targetPort: 8088
protocol: TCP
name: http
- port: 443
targetPort: 8088
protocol: TCP
name: https
selector:
app: {{ template "superset.name" . }}
release: {{ .Release.Name }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
Auth0 overrides in values.yaml
# A dictionary of overrides to append at the end of superset_config.py - the name does not matter
# WARNING: the order is not guaranteed
configOverrides:
enable_oauth: |
# This will make sure the redirect_uri is properly computed, even with SSL offloading
ENABLE_PROXY_FIX = True
from flask_appbuilder.security.manager import (AUTH_OAUTH, AUTH_DB)
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
"name": "okta",
"icon": "fa-address-card",
"token_key": "access_token",
"remote_app": {
"client_id": os.getenv("OKTA_KEY"),
"client_secret": os.getenv("OKTA_SECRET"),
"api_base_url": "https://syapse.okta.com/oauth2/v1/",
"client_kwargs": {"scope": "email profile openid"},
"request_token_url": None,
"access_token_url": "https://syapse.okta.com/oauth2/v1/token",
"authorize_url": "https://syapse.okta.com/oauth2/v1/authorize",
"authorize_params": {"hd": os.getenv("AUTH_DOMAIN", "")}
},
}
]
# Map Authlib roles to superset roles
AUTH_ROLE_ADMIN = 'Admin'
AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Admin"
service in values.yaml
service:
type: LoadBalancer
port: 8088
annotations:
# cloud.google.com/load-balancer-type: "Internal"
external-dns.alpha.kubernetes.io/hostname: "superset.dev.syapse.com"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "ssl"
# service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "customer=internal,environment=dev,service=superset,team=is-prod-down"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:304614349146:certificate/c441ae9b-9efa-41b4-9284-ab26c10dbe55"
loadBalancerIP: null
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] geido commented on issue #17729: Unable to implement AWS TLS Certificate
Posted by GitBox <gi...@apache.org>.
geido commented on issue #17729:
URL: https://github.com/apache/superset/issues/17729#issuecomment-1021152547
Hello @marxjd which Superset version are you running?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] geido commented on issue #17729: Unable to implement AWS TLS Certificate
Posted by GitBox <gi...@apache.org>.
geido commented on issue #17729:
URL: https://github.com/apache/superset/issues/17729#issuecomment-1021152547
Hello @marxjd which Superset version are you running?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org