Spinnaker authentication using IAP

2019-07-22 12:56发布

问题:

We are trying to enable authentication in Spinnaker using IAP.

  • Spinnaker is deployed in GKE using HAL

  • Deck and Gate are exposed to different domains using Ingress and HTTPS is enabled for both.

  • IAP is enabled and credential is created.

  • HAL configurations for IAP have been done and redeployed. BaseURLs for UI & API have been set.

  • CORS pattern is set to the UI URL.

Now when i try to open the application, initially the redirects to https://accounts.google.com/o/oauth2/v2/auth?.... fails a few times (CORS error) before sending me to the log in page. Once logged in, my name appears in the welcome page of Spinnaker. After this stage all API (Gate) calls are failing with CORS error (Access to XMLHttpRequest at 'https://spinnaker-api.abc.com/webhooks/preconfigured' from origin 'https://spinnaker.abc.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.). Same is the issue with Applications call as well.

We have set the baseURLs for UI as well as API. So ideally CORS should have been taken care of.

When I hit https://spinnaker-api.abc.com/applications directly from the browser, I am getting a 200 response.

Any help would be highly appreciated.

Thanks!