this repo has no description
feat: setup staging Dex
+127
+1
flake.nix
+1
flake.nix
+115
platform/staging/dex.yaml
+115
platform/staging/dex.yaml
···
1
+
apiVersion: source.toolkit.fluxcd.io/v1
2
+
kind: HelmRepository
3
+
metadata:
4
+
name: dex
5
+
namespace: flux-system
6
+
spec:
7
+
type: oci
8
+
interval: 1h
9
+
url: oci://registry.registry.svc.cluster.local:5000/vendor/charts/dex
10
+
---
11
+
apiVersion: helm.toolkit.fluxcd.io/v2
12
+
kind: HelmRelease
13
+
metadata:
14
+
name: dex
15
+
namespace: flux-system
16
+
spec:
17
+
interval: 3m
18
+
dependsOn:
19
+
- name: platform-namespaces
20
+
chart:
21
+
spec:
22
+
chart: dex
23
+
version: 0.23.0
24
+
sourceRef:
25
+
kind: HelmRepository
26
+
name: dex
27
+
releaseName: dex
28
+
targetNamespace: dex
29
+
install:
30
+
createNamespace: true
31
+
values:
32
+
image:
33
+
repository: registry.registry.svc.cluster.local/vendor/images/dexidp/dex
34
+
tag: v2.43.1
35
+
env:
36
+
ADMIN_PASSWORD_HASH: vault:secret/data/dex/auth#ADMIN_PASSWORD_HASH
37
+
KHUEDOAN_PASSWORD_HASH: vault:secret/data/dex/auth#KHUEDOAN_PASSWORD_HASH
38
+
FORGEJO_CLIENT_SECRET: vault:secret/data/forgejo/oauth#secret
39
+
config:
40
+
issuer: https://dex.staging.khuedoan.com
41
+
storage:
42
+
type: kubernetes
43
+
config:
44
+
inCluster: true
45
+
oauth2:
46
+
passwordConnector: local
47
+
skipApprovalScreen: true
48
+
enablePasswordDB: true
49
+
staticPasswords:
50
+
- username: admin
51
+
email: admin@cloudlab.khuedoan.com
52
+
userID: "b34bd9d2-70ed-4ee1-8d22-6e4fc84f8d17"
53
+
hashFromEnv: ADMIN_PASSWORD_HASH
54
+
- username: khuedoan
55
+
email: mail@khuedoan.com
56
+
userID: "41dd7db5-4cb3-4856-a7f1-0d5168a10a12"
57
+
hashFromEnv: KHUEDOAN_PASSWORD_HASH
58
+
staticClients:
59
+
- id: forgejo
60
+
name: Forgejo
61
+
redirectURIs:
62
+
- "https://code.staging.khuedoan.com/user/oauth2/SSO/callback"
63
+
secretEnv: FORGEJO_CLIENT_SECRET
64
+
podAnnotations:
65
+
istio.io/dataplane-mode: ambient
66
+
resources:
67
+
requests:
68
+
cpu: 50m
69
+
memory: 128Mi
70
+
limits:
71
+
cpu: 200m
72
+
memory: 256Mi
73
+
---
74
+
apiVersion: helm.toolkit.fluxcd.io/v2
75
+
kind: HelmRelease
76
+
metadata:
77
+
name: dex-config
78
+
namespace: flux-system
79
+
spec:
80
+
interval: 30m
81
+
dependsOn:
82
+
- name: platform-namespaces
83
+
- name: istio-gateway
84
+
releaseName: dex-config
85
+
targetNamespace: dex
86
+
install:
87
+
createNamespace: true
88
+
chart:
89
+
spec:
90
+
chart: app-template
91
+
version: 4.6.0
92
+
sourceRef:
93
+
kind: HelmRepository
94
+
name: app-template
95
+
values:
96
+
rawResources:
97
+
dex-route:
98
+
apiVersion: gateway.networking.k8s.io/v1
99
+
kind: HTTPRoute
100
+
forceRename: dex
101
+
spec:
102
+
spec:
103
+
parentRefs:
104
+
- name: gateway
105
+
namespace: istio-system
106
+
hostnames:
107
+
- dex.staging.khuedoan.com
108
+
rules:
109
+
- matches:
110
+
- path:
111
+
type: PathPrefix
112
+
value: /
113
+
backendRefs:
114
+
- name: dex
115
+
port: 5556
+11
settings.yaml
+11
settings.yaml
···
21
21
type: random
22
22
secret:
23
23
type: random
24
+
secret/dex/auth:
25
+
ADMIN_PASSWORD_HASH:
26
+
type: manual
27
+
description: |
28
+
Enter Dex admin password hash.
29
+
(Generate with: echo mypassword | htpasswd -BinC 10 "" | cut -d: -f2)
30
+
KHUEDOAN_PASSWORD_HASH:
31
+
type: manual
32
+
description: |
33
+
Enter Dex khuedoan password hash.
34
+
(Generate with: echo mypassword | htpasswd -BinC 10 "" | cut -d: -f2)
24
35
vendors:
25
36
vendor/charts/dex:
26
37
kind: chart