Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add missing key in auth guide #5169

Merged
merged 2 commits into from
Apr 4, 2024
Merged

docs: add missing key in auth guide #5169

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9783c25
docs(flyte-core): add missing key `adminServer` in authentication guide
Jeinhaus Apr 3, 2024
d353c64
docs(flyte-core): fix indentation for flyte-core with AzureAD authori…
Jeinhaus Apr 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
111 changes: 57 additions & 54 deletions docs/deployment/configuration/auth_setup.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -558,42 +558,43 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
.. code-block:: yaml

configmap:
auth:
appAuth:
adminServer:
auth:
appAuth:

authServerType: External
authServerType: External

# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
# 2. Optional: Set external auth server baseUrl if different from OpenId baseUrl.
externalAuthServer:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>

metadataUrl: .well-known/openid-configuration
metadataUrl: .well-known/openid-configuration

thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all
thirdPartyConfig:
flyteClient:
# 3. Replace with a new Native/Public Client ID provisioned in the custom authorization server.
clientId: flytectl
# This should not change
redirectUri: http://localhost:53593/callback
# 4. "all" is a required scope and must be configured in the custom authorization server.
scopes:
- offline
- all

userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>
userAuth:
openId:
# baseUrl: https://<keycloak-url>/auth/realms/<keycloak-realm> # Uncomment for Keycloak and update with your installation host and realm name
# baseUrl: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize # Uncomment for Azure AD
# For Okta, use the Issuer URI of the custom auth server:
baseUrl: https://dev-<org-id>.okta.com/oauth2/<auth-server-id>
scopes:
- profile
- openid
# - offline_access # Uncomment if OIdC supports issuing refresh tokens.
clientId: <client id>


secrets:
Expand All @@ -616,14 +617,14 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
.. code-block:: yaml

secrets:
adminOauthClientCredentials:
enabled: true
clientSecret: <client secret>
clientId: <client id>
adminOauthClientCredentials:
enabled: true
clientSecret: <client secret>
clientId: <client id>
---
configmap:
admin:
admin:
admin:
admin:
endpoint: <admin endpoint>
insecure: true
clientId: <client id>
Expand All @@ -632,28 +633,30 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
- api://<client id>/.default
useAudienceFromAdmin: true
---
auth:
appAuth:
authServerType: External
externalAuthServer:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0/
metadataUrl: .well-known/openid-configuration
AllowedAudience:
- api://<client id>
thirdPartyConfig:
flyteClient:
configmap:
adminServer:
auth:
appAuth:
authServerType: External
externalAuthServer:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0/
metadataUrl: .well-known/openid-configuration
AllowedAudience:
- api://<client id>
thirdPartyConfig:
flyteClient:
clientId: <client id>
redirectUri: http://localhost:53593/callback
scopes:
- api://<client id>/<custom-scope>

userAuth:
openId:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0
scopes:
- openid
- profile
clientId: <client id>
userAuth:
openId:
baseUrl: https://login.microsoftonline.com/<tenant id>/v2.0
scopes:
- openid
- profile
clientId: <client id>

.. note::

Expand Down
Loading