diff --git a/bindata/oauth-apiserver/externaloidc-deploy.yaml b/bindata/oauth-apiserver/externaloidc-deploy.yaml index d81b31c76..27f480a13 100644 --- a/bindata/oauth-apiserver/externaloidc-deploy.yaml +++ b/bindata/oauth-apiserver/externaloidc-deploy.yaml @@ -38,7 +38,7 @@ spec: - name: oauth-apiserver terminationMessagePolicy: FallbackToLogsOnError image: ${IMAGE} - imagePullPolicy: IfNotPresent + imagePullPolicy: Always command: ["/bin/bash", "-ec"] args: - | @@ -46,7 +46,7 @@ spec: echo "Copying system trust bundle" cp -f /var/run/configmaps/trusted-ca-bundle/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem fi - exec oauth-apiserver external-oidc \ + exec padlok run \ --secure-port=8443 \ --tls-private-key-file=/var/run/secrets/serving-cert/tls.key \ --tls-cert-file=/var/run/secrets/serving-cert/tls.crt \ diff --git a/pkg/operator/workload/sync_openshift_oauth_apiserver.go b/pkg/operator/workload/sync_openshift_oauth_apiserver.go index ad22d5eca..ad0437f26 100644 --- a/pkg/operator/workload/sync_openshift_oauth_apiserver.go +++ b/pkg/operator/workload/sync_openshift_oauth_apiserver.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + "os" "regexp" "strconv" "strings" @@ -349,9 +350,20 @@ func (c *OAuthAPIServerWorkload) syncExternalOIDCDeployment(ctx context.Context, // log level verbosity is taken from the spec always args["v"] = []string{loglevelToKlog(operatorSpec.LogLevel)} + imageToUse := c.targetImagePullSpec + klog.Info("UPSTREAM_OIDC_COMPONENT_IMAGE", os.Getenv("UPSTREAM_OIDC_COMPONENT_IMAGE")) + if upstreamImage := os.Getenv("UPSTREAM_OIDC_COMPONENT_IMAGE"); len(upstreamImage) > 0 { + imageToUse = upstreamImage + + klog.Info("using UPSTREAM_OIDC_COMPONENT_IMAGE", os.Getenv("UPSTREAM_OIDC_COMPONENT_IMAGE")) + + // configure the API endpoint on the upstream component + args["authenticate-path"] = []string{"/apis/oauth.openshift.io/v1/tokenreviews"} + } + // use string replacer for simple things r := strings.NewReplacer( - "${IMAGE}", c.targetImagePullSpec, + "${IMAGE}", imageToUse, "${REVISION}", strconv.Itoa(int(operatorStatus.LatestAvailableRevision)), )