Daniel Sy
61dddfa961
Removes the public client configuration and updates the Grafana redirect URI to the correct domain. Modifies OAuth scopes to include groups for improved permission management.
71 lines
1.7 KiB
YAML
71 lines
1.7 KiB
YAML
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: main
|
|
hosts:
|
|
- host: dex.observability.t09.de
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- dex.observability.t09.de
|
|
secretName: dex-cert
|
|
|
|
envVars:
|
|
- name: FORGEJO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientSecret
|
|
- name: FORGEJO_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientID
|
|
- name: OIDC_DEX_GRAFANA_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-grafana-client
|
|
key: clientSecret
|
|
- name: OIDC_DEX_ARGO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-argo-client
|
|
key: clientSecret
|
|
|
|
config:
|
|
# Set it to a valid URL
|
|
issuer: https://dex.observability.t09.de
|
|
|
|
# See https://dexidp.io/docs/storage/ for more options
|
|
storage:
|
|
type: memory
|
|
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
alwaysShowLoginScreen: false
|
|
|
|
connectors:
|
|
- type: gitea
|
|
id: gitea
|
|
name: Forgejo
|
|
config:
|
|
clientID: "$FORGEJO_CLIENT_ID"
|
|
clientSecret: "$FORGEJO_CLIENT_SECRET"
|
|
redirectURI: https://dex.observability.t09.de/callback
|
|
baseURL: https://edp.buildth.ing
|
|
enablePasswordDB: false
|
|
|
|
staticClients:
|
|
- id: controller-argocd-dex
|
|
name: ArgoCD Client
|
|
redirectURIs:
|
|
- "http://argocd.observability.t09.de/auth/callback"
|
|
secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
|
|
- id: grafana
|
|
redirectURIs:
|
|
- "https://grafana.observability.t09.de/login/generic_oauth"
|
|
name: "Grafana"
|
|
secret: "thisisasecret"
|