Update instructions on how to update dex (Closes #743)

SUSE · Apr 6, 2020 · ee40007 · ee40007
1 parent b5d9179
commit ee40007
Showing 1 changed file with 22 additions and 7 deletions.
diff --git a/adoc/admin-security-rbac.adoc b/adoc/admin-security-rbac.adoc
@@ -48,7 +48,6 @@ instructions to the user.
 +
 image::rbac-configure-kubectl.png[]
 
-
 . User downloads `kubeconf` or self-configures `kubectl`.
 . User uses `kubectl` to connect to the {kube} API server.
 . {kube} CRDs validate the {kube} API server request and return a response.
@@ -99,17 +98,17 @@ It is a known limitation of the addon customization process.
 Administrators can update the authentication connector settings after {productname}
 deployment as follows:
 
-. Based on the manifest in `~/clusters/<CLUSTER_NAME>/addons/dex/base/dex.yml`, provide a kustomize patch to `~/clusters/<CLUSTER_NAME>/addons/dex/patches/custom.yml` of the form of strategic merge patch or a JSON 6902 patch.
-
+. Based on the manifest in `~/clusters/<CLUSTER_NAME>/addons/dex/base/dex.yml`, provide a kustomize patch to `~/clusters/<CLUSTER_NAME>/addons/dex/patches/dex-patch.yml` of the form of strategic merge patch or a JSON 6902 patch.
++
 Read https://github.com/kubernetes-sigs/kustomize/blob/master/docs/glossary.md#patchstrategicmerge and https://github.com/kubernetes-sigs/kustomize/blob/master/docs/glossary.md#patchjson6902 to get more information.
 +
 . Adapt ConfigMap by adding LDAP configuration to the connector section.
-For detailed configuration of the LDAP connector, refer to Dex documentation:
+For detailed configuration of the LDAP connector, refer to the Dex documentation:
 https://github.com/dexidp/dex/blob/v2.16.0/Documentation/connectors/ldap.md.
 The following is an *example LDAP connector:*
 +
-====
-
+[source,yaml]
+----
   connectors:
   - type: ldap
     id: 389ds
@@ -133,7 +132,7 @@ The following is an *example LDAP connector:*
         userAttr: uid
         groupAttr: memberUid
         nameAttr: cn
-====
+----
 . A base64 encoded PEM file can be generated by running:
 +
 [source,bash]
@@ -144,6 +143,22 @@ cat <ROOT_CA_PEM_FILE> | base64 | awk '{print}' ORS='' && echo
 Besides the LDAP connector you can also set up other connectors.
 For additional connectors, refer to the available connector configurations in the Dex repository:
 https://github.com/dexidp/dex/tree/v2.16.0/Documentation/connectors.
+. Create a `kustomization.yaml` file in `~/clusters/<CLUSTER_NAME>/addons/dex/kustomization.yaml`
++
+[source,yaml]
+----
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - base/dex.yaml
+patches:
+  - patches/dex-patch.yaml
+----
+. Apply the changes with:
++
+----
+kubectl apply -k ~/clusters/<CLUSTER_NAME>/addons/dex/
+----
 
 [[_sec.admin.security.rbac.apply]]
 === User Access