chore: enable dex for local development#799
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enables Dex authentication for local development by refactoring the ACL (Access Control List) handlers from global variables to instance-based configuration and adding support for admin users who can bypass tenant filtering.
Changes:
- Refactored ACL handlers from global variables to instance-based
HandlerwithConfigstruct for better testability and maintainability - Added admin user authentication via email-based bypass, allowing admins unrestricted access to all metrics
- Configured Dex with static password authentication for local development with port mappings for host access
- Updated Makefile to automatically generate Dex admin password hash and configure admin email from git config
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| kof-operator/internal/acl/handlers/prometheus_query_handler.go | Refactored from global variables to Handler struct with Config; added admin user bypass logic |
| kof-operator/internal/acl/handlers/prometheus_match_handler.go | Updated to use Handler methods instead of global functions; added admin bypass |
| kof-operator/cmd/acl/main.go | Updated to create Handler instance with Config; added admin-email flag |
| kof-operator/internal/acl/handlers/prometheus_query_handler_test.go | Updated tests to use Handler instance; removed global variable manipulation; added admin user tests |
| kof-operator/internal/acl/handlers/prometheus_match_handler_test.go | Updated tests to use Handler instance; removed global variable manipulation |
| charts/kof-mothership/values.yaml | Added extraArgs field documentation for ACL server configuration |
| charts/kof-mothership/templates/acl/deployment.yaml | Added extraArgs support in deployment template |
| charts/kof/values-local.yaml | Enabled Dex with static password DB; configured issuer and admin-email in extraArgs |
| config/kind-local.yaml | Added port mappings for Dex (32000, 32555) |
| config/kind-adopted.yaml | New file: adopted cluster Kind configuration |
| docs/dev.md | Added step to configure /etc/hosts for dex.example.com |
| Makefile | Added htpasswd-based password hash generation; configured admin email from git config |
| .github/workflows/build_images.yml | Added IMAGE_ACL_SERVER_REPO environment variable |
| .github/workflows/release_images.yml | Added IMAGE_ACL_SERVER_REPO environment variable |
gmlexx
previously approved these changes
Feb 18, 2026
gmlexx
approved these changes
Feb 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.