infra4scaleway/apps/dex.yaml
Martyn Ranyard ef51fa9649 ingress, ssl, auth, nc (no persist)
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
2025-06-29 07:54:14 +00:00

72 lines
2.2 KiB
YAML

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dex
namespace: argocd
spec:
destination:
namespace: auth
server: https://kubernetes.default.svc
project: default
source:
chart: dex
helm:
values: |
# Configures the ingress for Dex
ingress:
enabled: true
className: nginx
hosts:
- host: "auth.martyn.berlin"
paths:
- path: /dex
pathType: Prefix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
tls:
- hosts:
- "auth.martyn.berlin"
secretName: dex-cert
# Configures the Dex instance
config:
issuer: https://auth.martyn.berlin/dex
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:8080
oauth2:
responseTypes: ["code", "token", "id_token"]
# Configures the Client configuration
staticClients:
- id: f7f67ba843f06f244857b01d96cbe7bc
secret: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f
name: "Oauth2 Proxy Static Client"
redirectURIs:
- https://auth.martyn.berlin/oauth2/callback
- id: 8e01cf63a42c451a2254ea8c2f1dd7d2
secret: 451d158110098dc7029d5588cc5c452a9295d30cdc12132d431d4e0850cd6ade
name: "NextClouD"
redirectURIs:
- https://nc.martyn.berlin/apps/user_oidc/code
staticPasswords:
- email: "martyn@ranyard.info"
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash: "$2y$10$RYKealLEcxXNnXdtLXw.eOTJPSgegzQd0SRYxSE/y7Iivt1ECeVgy"
username: "martyn"
userID: "fdcb225b-0a6f-4bec-b7c9-3d87dbf64ab8"
enablePasswordDB: true
# Allow password grants with local users
oauth2:
passwordConnector: local
repoURL: https://charts.dexidp.io
targetRevision: 0.23.0
syncPolicy:
automated:
prune: true
selfHeal: true