Update oidc-authservice

[yhwang]

Use the newer image of oidc-authservice, add mandatary
parameter(AUTHSERVICE_URL_PREFIX) and change to
istio/base_v3.

Signed-off-by: Yihong Wang yh.wang@ibm.com

Which issue is resolved by this Pull Request:
Resolves #

Description of your changes:

Checklist:

• Unit tests have been rebuilt:
  1. cd manifests/tests
  2. make generate-changed-only
  3. make test

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: yhwang
To complete the pull request process, please assign adrian555, eedorenko, krishnadurai, patrickxys after the PR has been reviewed.
You can assign the PR to them by writing /assign @adrian555 @eedorenko @krishnadurai @patrickxys in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• istio/OWNERS
• stacks/aws/OWNERS
• stacks/azure/OWNERS
• stacks/ibm/OWNERS
• stacks/kubernetes/OWNERS
• tests/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[aws-kf-ci-bot]

Hi @yhwang. Thanks for your PR.

I'm waiting for a kubeflow member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[PatrickXYS]

/ok-to-test

[PatrickXYS]

/retest

[PatrickXYS]

/test ?

[aws-kf-ci-bot]

@PatrickXYS: The following commands are available to trigger jobs:

• /test kubeflow-manifests-presubmit

Use /test all to run all jobs.

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[PatrickXYS]

/test kubeflow-manifests-presubmit

[yhwang]

@yanniszark can you review this and see if it's good to pump up the oidc-authservice to the following:

newName: gcr.io/arrikto/oidc-authservice
newTag: 087a340

Then it will enable the id-token authentication

[yanniszark]

@yhwang thanks for the ping! I will make a note to address this after the current steps of wg-manifests for 1.3:
#1735

[yhwang]

@yanniszark hope this could be included in v1.3. thanks!

[HassanOuda]

Will this be included for 1.3?

[yanniszark]

I would love to include this, but doing so will break the logout button for CentralDashboard:
https://github.com/kubeflow/kubeflow/blob/876016a57a33cb27c21562aa8ec6c0a514382cb7/components/centraldashboard/public/components/main-page.pug#L83-L84

In later versions, oidc-authservice changed the logout method to account for CSRF attacks:
https://github.com/arrikto/oidc-authservice/blob/master/docs/csrf.md#logout-csrf

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in one week if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been closed due to inactivity.

[alembiewski]

Fix for the logout button for Central Dashboard: kubeflow/kubeflow#6609