Merge pull request #799 from ericchiang/thirdpartyresources

Documentation: warn admins not to edit dex ThirdPartyResources manually
This commit is contained in:
Eric Chiang 2017-02-06 15:04:40 -08:00 committed by GitHub
commit dd415f5e2f
2 changed files with 5 additions and 1 deletions

View File

@ -47,6 +47,8 @@ Additional notes:
The dex repo contains scripts for running dex on a Kubernetes cluster with authentication through GitHub. The dex service is exposed using a [node port][node-port] on port 32000. This likely requires a custom `/etc/hosts` entry pointed at one of the cluster's workers.
Because dex uses `ThirdPartyResources` to store state, no external database is needed. For more details see the [storage documentation](storage.md#kubernetes-third-party-resources).
There are many different ways to spin up a Kubernetes development cluster, each with different host requirements and support for API server reconfiguration. At this time, this guide does not have copy-pastable examples, but can recommend the following methods for spinning up a cluster:
* [coreos-kubernetes][coreos-kubernetes] repo for vagrant and VirtualBox users.

View File

@ -10,6 +10,8 @@ __NOTE:__ Dex requires Kubernetes version 1.4+.
Kubernetes third party resources are a way for applications to create new resources types in the Kubernetes API. This allows dex to run on top of an existing Kubernetes cluster without the need for an external database. While this storage may not be appropriate for a large number of users, it's extremely effective for many Kubernetes use cases.
The rest of this section will explore internal details of how dex uses `ThirdPartyResources`. __Admins should not interact with these resources directly__, except when debugging. These resources are only designed to store state and aren't meant to be consumed by humans. For modifying dex's state dynamically see the [API documentation](api.md).
The `ThirdPartyResource` type acts as a description for the new resource a user wishes to create. The following an example of a resource managed by dex:
```
@ -32,7 +34,7 @@ kind: OAuth2Client
apiVersion: oidc.coreos.com/v1
metadata:
namespace: foobar
name: client-foo
name: ( opaque hash )
# Custom fields defined by dex.
clientID: "aclientid"