infra4scaleway/apps/dex.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: dex
  namespace: argocd
spec:
  destination:
    namespace: auth
    server: https://kubernetes.default.svc
  project: default
  source:
    chart: dex
    helm:
      values: |
        # Configures the ingress for Dex
        ingress:
          enabled: true
          className: nginx
          hosts:
            - host: "auth.martyn.berlin"
              paths:
                - path: /dex
                  pathType: Prefix
          annotations:
            cert-manager.io/cluster-issuer: letsencrypt
          tls:
            - hosts:
                - "auth.martyn.berlin"
              secretName: dex-cert

        # Configures the Dex instance          
        config:
          issuer: https://auth.martyn.berlin/dex
          storage:
            type: kubernetes
            config:
              inCluster: true
          web:
            http: 0.0.0.0:8080
          oauth2:
            responseTypes: ["code", "token", "id_token"]

          # Configures the Client configuration
          staticClients:
            - id: f7f67ba843f06f244857b01d96cbe7bc
              secret: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f
              name: "Oauth2 Proxy Static Client"
              redirectURIs:
                - https://auth.martyn.berlin/oauth2/callback
                - https://homeauth.martyn.berlin/oauth2/callback
            - id: 8e01cf63a42c451a2254ea8c2f1dd7d2
              secret: 451d158110098dc7029d5588cc5c452a9295d30cdc12132d431d4e0850cd6ade
              name: "NextClouD"
              redirectURIs:
                - https://nc.martyn.berlin/apps/user_oidc/code
            - id: 0ce2934123914ded3f9263c3be9487f0
              secret: b9d9570f06e8dec2c4215f4b8852874cee48fc76c30568e5e688607bff1f0aa8
              name: "KaraokeList"
              redirectURIs:
                - http://172.20.0.82/api/v1/datasources/authorize
                - http://karaokelist.martyn.berlin/api/v1/datasources/authorize
          staticPasswords:
            - email: "martyn@ranyard.info"
              # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
              hash: "$2y$10$RYKealLEcxXNnXdtLXw.eOTJPSgegzQd0SRYxSE/y7Iivt1ECeVgy"
              username: "martyn"
              userID: "fdcb225b-0a6f-4bec-b7c9-3d87dbf64ab8"

          enablePasswordDB: true
          # Allow password grants with local users
          oauth2:
            passwordConnector: local
    repoURL: https://charts.dexidp.io
    targetRevision: 0.23.0
  syncPolicy:
    automated:
      prune: true
      selfHeal: true