72 lines
2.2 KiB
YAML
72 lines
2.2 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: dex
|
|
namespace: argocd
|
|
spec:
|
|
destination:
|
|
namespace: auth
|
|
server: https://kubernetes.default.svc
|
|
project: default
|
|
source:
|
|
chart: dex
|
|
helm:
|
|
values: |
|
|
# Configures the ingress for Dex
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
hosts:
|
|
- host: "auth.martyn.berlin"
|
|
paths:
|
|
- path: /dex
|
|
pathType: Prefix
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
tls:
|
|
- hosts:
|
|
- "auth.martyn.berlin"
|
|
secretName: dex-cert
|
|
|
|
# Configures the Dex instance
|
|
config:
|
|
issuer: https://auth.martyn.berlin/dex
|
|
storage:
|
|
type: kubernetes
|
|
config:
|
|
inCluster: true
|
|
web:
|
|
http: 0.0.0.0:8080
|
|
oauth2:
|
|
responseTypes: ["code", "token", "id_token"]
|
|
|
|
# Configures the Client configuration
|
|
staticClients:
|
|
- id: f7f67ba843f06f244857b01d96cbe7bc
|
|
secret: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f
|
|
name: "Oauth2 Proxy Static Client"
|
|
redirectURIs:
|
|
- https://auth.martyn.berlin/oauth2/callback
|
|
- id: 8e01cf63a42c451a2254ea8c2f1dd7d2
|
|
secret: 451d158110098dc7029d5588cc5c452a9295d30cdc12132d431d4e0850cd6ade
|
|
name: "NextClouD"
|
|
redirectURIs:
|
|
- https://nc.martyn.berlin/apps/user_oidc/code
|
|
|
|
staticPasswords:
|
|
- email: "martyn@ranyard.info"
|
|
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
|
|
hash: "$2y$10$RYKealLEcxXNnXdtLXw.eOTJPSgegzQd0SRYxSE/y7Iivt1ECeVgy"
|
|
username: "martyn"
|
|
userID: "fdcb225b-0a6f-4bec-b7c9-3d87dbf64ab8"
|
|
|
|
enablePasswordDB: true
|
|
# Allow password grants with local users
|
|
oauth2:
|
|
passwordConnector: local
|
|
repoURL: https://charts.dexidp.io
|
|
targetRevision: 0.23.0
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|