apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: dex namespace: argocd spec: destination: namespace: auth server: https://kubernetes.default.svc project: default source: chart: dex helm: values: | # Configures the ingress for Dex ingress: enabled: true className: nginx hosts: - host: "auth.martyn.berlin" paths: - path: /dex pathType: Prefix annotations: cert-manager.io/cluster-issuer: letsencrypt tls: - hosts: - "auth.martyn.berlin" secretName: dex-cert # Configures the Dex instance config: issuer: https://auth.martyn.berlin/dex storage: type: kubernetes config: inCluster: true web: http: 0.0.0.0:8080 oauth2: responseTypes: ["code", "token", "id_token"] # Configures the Client configuration staticClients: - id: f7f67ba843f06f244857b01d96cbe7bc secret: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f name: "Oauth2 Proxy Static Client" redirectURIs: - https://auth.martyn.berlin/oauth2/callback - id: 8e01cf63a42c451a2254ea8c2f1dd7d2 secret: 451d158110098dc7029d5588cc5c452a9295d30cdc12132d431d4e0850cd6ade name: "NextClouD" redirectURIs: - https://nc.martyn.berlin/apps/user_oidc/code staticPasswords: - email: "martyn@ranyard.info" # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2) hash: "$2y$10$RYKealLEcxXNnXdtLXw.eOTJPSgegzQd0SRYxSE/y7Iivt1ECeVgy" username: "martyn" userID: "fdcb225b-0a6f-4bec-b7c9-3d87dbf64ab8" enablePasswordDB: true # Allow password grants with local users oauth2: passwordConnector: local repoURL: https://charts.dexidp.io targetRevision: 0.23.0 syncPolicy: automated: prune: true selfHeal: true