We are trying to enable authentication in Spinnaker using IAP.
Spinnaker is deployed in GKE using HAL
Deck and Gate are exposed to different domains using Ingress and HTTPS is enabled for both.
IAP is enabled and credential is created.
HAL configurations for IAP have been done and redeployed. BaseURLs for UI & API have been set.
CORS pattern is set to the UI URL.
Now when i try to open the application, initially the redirects to https://accounts.google.com/o/oauth2/v2/auth?.... fails a few times (CORS error) before sending me to the log in page. Once logged in, my name appears in the welcome page of Spinnaker. After this stage all API (Gate) calls are failing with CORS error (Access to XMLHttpRequest at 'https://spinnaker-api.abc.com/webhooks/preconfigured' from origin 'https://spinnaker.abc.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.). Same is the issue with Applications call as well.
We have set the baseURLs for UI as well as API. So ideally CORS should have been taken care of.
When I hit https://spinnaker-api.abc.com/applications directly from the browser, I am getting a 200 response.
Any help would be highly appreciated.
Thanks!
Well, I got it working sometime back. The deck has to be exposed using IAP. Deck has a /gate proxy to gate. Set this as the API baseurl (spinnakergate-domain.com/gate) and it should work.
I had to edit the .hal/default/service-settings/deck.yml file to make /gate proxy available.