mirror of
https://github.com/khuedoan/homelab.git
synced 2024-12-22 22:14:55 +07:00
54 lines
1.4 KiB
YAML
54 lines
1.4 KiB
YAML
dex:
|
|
config:
|
|
issuer: https://dex.khuedoan.com
|
|
storage:
|
|
type: kubernetes
|
|
config:
|
|
inCluster: true
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
connectors:
|
|
- type: oidc
|
|
id: kanidm
|
|
name: Kanidm
|
|
config:
|
|
clientID: $KANIDM_CLIENT_ID
|
|
clientSecret: $KANIDM_CLIENT_SECRET
|
|
redirectURI: https://dex.khuedoan.com/callback
|
|
issuer: https://auth.khuedoan.com/oauth2/openid/dex
|
|
# TODO https://github.com/dexidp/dex/pull/3188
|
|
# enablePKCE: true
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
staticClients:
|
|
- id: grafana-sso
|
|
name: Grafana
|
|
redirectURIs:
|
|
- 'https://grafana.khuedoan.com/login/generic_oauth'
|
|
secretEnv: GRAFANA_SSO_CLIENT_SECRET
|
|
- id: gitea
|
|
name: Gitea
|
|
redirectURIs:
|
|
- 'https://git.khuedoan.com/user/oauth2/Dex/callback'
|
|
secretEnv: GITEA_CLIENT_SECRET
|
|
envFrom:
|
|
- secretRef:
|
|
name: dex-secrets
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- host: &host dex.khuedoan.com
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls:
|
|
- secretName: dex-tls-certificate
|
|
hosts:
|
|
- *host
|