-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure Authorino using command-line flags #103
Conversation
…obe endpoints (port number)
…deprecated env vars instead of command-line args (<= v0.10.x)
@@ -128,6 +128,7 @@ Each [`Authorino`](https://github.com/Kuadrant/authorino-operator/tree/main/conf | |||
| listener | [Listener](#listener) | Specification of the authorization service (gRPC interface). | Required | | |||
| oidcServer | [OIDCServer](#oidcserver) | Specification of the OIDC service. | Required | | |||
| metrics | [Metrics](#metrics) | Configuration of the metrics server (port, level). | Optional | | |||
| healthz | [Healthz](#healthz) | Configuration of the health/readiness probe (port). | Optional | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the intention behind exposing the health check port to the user?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's related to this issue: Kuadrant/authorino#355
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I still do not get it after reading that. I will try to be more clear. Why expose the port to the user? what is the value added? The operator can enable healthcheck in authorino and use the default port for it. Maybe the healthcheck port is wanted to be monitored externally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is for the principle more than anything else. This is a configuration option in the operand. As we don't want users touching the deployment directly, we expose it in the API – in this case, with some type-checking added.
The same is done for other configuration options that arguably might be otherwise more rigid, e.g. the metrics endpoint port number (spec.metrics.port
).
If this should be configurable in the operand in the first place, maybe it's a question we should ask in https://github.com/kuadrant/authorino.
Looks good to me regarding the command line args. exposing the healthcheck port in the CRD should have been done in another PR. They do not seem to be related anyhow.. But we are agile :) |
Only thing linking these two changes together is the fact that the health check config in Authorino was introduced after it had moved to command-line args. Since this was a pending setting option of the operand yet to be exposed at the level of the operator (in the That said, you're not wrong. The two changes could be have been presented separately. Either the |
The Operator tries to detect the version of Authorino being deployed (based on the image tag). Whenever it is a version known to be configurable only via env vars (<= 0.10.0), it uses the deprecated way to inject the settings, thus keeping backward compatibility; otherwise, it uses command-line flags. The detection is not perfect, only working when the image tag follows the pattern
v0\.\d+\..+
. When an "old" version is not detected, the Operator defaults to command-line args.Closes #101.
Verification steps
With a new Authorino version - configurable using command-line args:
With an old Authorino version - configurable using env vars: