marxjd opened a new issue #17729:
URL: https://github.com/apache/superset/issues/17729
When we add a certificate to our service, Superset returns empty response
after Okta handshake.
```
templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: {{ template "superset.fullname" . }}
labels:
app: {{ template "superset.name" . }}
chart: {{ template "superset.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 80
targetPort: 8088
protocol: TCP
name: http
- port: 443
targetPort: 8088
protocol: TCP
name: https
selector:
app: {{ template "superset.name" . }}
release: {{ .Release.Name }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
Auth0 overrides in values.yaml
# A dictionary of overrides to append at the end of superset_config.py - the
name does not matter
# WARNING: the order is not guaranteed
configOverrides:
enable_oauth: |
# This will make sure the redirect_uri is properly computed, even with
SSL offloading
ENABLE_PROXY_FIX = True
from flask_appbuilder.security.manager import (AUTH_OAUTH, AUTH_DB)
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
"name": "okta",
"icon": "fa-address-card",
"token_key": "access_token",
"remote_app": {
"client_id": os.getenv("OKTA_KEY"),
"client_secret": os.getenv("OKTA_SECRET"),
"api_base_url": "https://syapse.okta.com/oauth2/v1/";,
"client_kwargs": {"scope": "email profile openid"},
"request_token_url": None,
"access_token_url": "https://syapse.okta.com/oauth2/v1/token";,
"authorize_url":
"https://syapse.okta.com/oauth2/v1/authorize";,
"authorize_params": {"hd": os.getenv("AUTH_DOMAIN", "")}
},
}
]
# Map Authlib roles to superset roles
AUTH_ROLE_ADMIN = 'Admin'
AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration, allowing to create Flask users from
Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Admin"
service in values.yaml
service:
type: LoadBalancer
port: 8088
annotations:
# cloud.google.com/load-balancer-type: "Internal"
external-dns.alpha.kubernetes.io/hostname: "superset.dev.syapse.com"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "ssl"
# service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags:
"customer=internal,environment=dev,service=superset,team=is-prod-down"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout:
"3600"
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert:
"arn:aws:acm:us-west-2:304614349146:certificate/c441ae9b-9efa-41b4-9284-ab26c10dbe55"
loadBalancerIP: null
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
