2022-05-04 19:45:02 +07:00
|
|
|
dex:
|
|
|
|
|
config:
|
|
|
|
|
issuer: https://dex.khuedoan.com
|
|
|
|
|
storage:
|
|
|
|
|
type: kubernetes
|
|
|
|
|
config:
|
|
|
|
|
inCluster: true
|
|
|
|
|
oauth2:
|
|
|
|
|
skipApprovalScreen: true
|
|
|
|
|
connectors:
|
2024-01-06 00:40:20 +07:00
|
|
|
- type: oidc
|
|
|
|
|
id: kanidm
|
|
|
|
|
name: Kanidm
|
|
|
|
|
config:
|
|
|
|
|
clientID: $KANIDM_CLIENT_ID
|
|
|
|
|
clientSecret: $KANIDM_CLIENT_SECRET
|
|
|
|
|
redirectURI: https://dex.khuedoan.com/callback
|
|
|
|
|
issuer: https://auth.khuedoan.com/oauth2/openid/dex
|
|
|
|
|
# TODO https://github.com/dexidp/dex/pull/3188
|
|
|
|
|
# enablePKCE: true
|
|
|
|
|
scopes:
|
|
|
|
|
- openid
|
|
|
|
|
- profile
|
|
|
|
|
- email
|
|
|
|
|
- groups
|
2022-05-04 19:45:02 +07:00
|
|
|
staticClients:
|
|
|
|
|
- id: grafana-sso
|
|
|
|
|
name: Grafana
|
|
|
|
|
redirectURIs:
|
|
|
|
|
- 'https://grafana.khuedoan.com/login/generic_oauth'
|
|
|
|
|
secretEnv: GRAFANA_SSO_CLIENT_SECRET
|
2024-01-17 00:08:28 +07:00
|
|
|
- id: gitea
|
|
|
|
|
name: Gitea
|
|
|
|
|
redirectURIs:
|
|
|
|
|
- 'https://git.khuedoan.com/user/oauth2/Dex/callback'
|
|
|
|
|
secretEnv: GITEA_CLIENT_SECRET
|
2022-05-14 11:29:57 +07:00
|
|
|
envFrom:
|
|
|
|
|
- secretRef:
|
|
|
|
|
name: dex-secrets
|
2022-05-04 19:45:02 +07:00
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
className: nginx
|
|
|
|
|
annotations:
|
|
|
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
|
|
|
hosts:
|
|
|
|
|
- host: &host dex.khuedoan.com
|
|
|
|
|
paths:
|
|
|
|
|
- path: /
|
|
|
|
|
pathType: ImplementationSpecific
|
|
|
|
|
tls:
|
|
|
|
|
- secretName: dex-tls-certificate
|
|
|
|
|
hosts:
|
|
|
|
|
- *host
|
