Daniel Sy
48070d3cc2
Update the Grafana redirect URI to point to localhost for local testing purposes. This change allows developers to test authentication workflows without needing to connect to the live environment.
76 lines
1.8 KiB
YAML
76 lines
1.8 KiB
YAML
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: main
|
|
hosts:
|
|
- host: dex.observability.t09.de
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- dex.observability.t09.de
|
|
secretName: dex-cert
|
|
|
|
envVars:
|
|
- name: FORGEJO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientSecret
|
|
- name: FORGEJO_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientID
|
|
- name: OIDC_DEX_GRAFANA_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-grafana-client
|
|
key: clientSecret
|
|
- name: OIDC_DEX_ARGO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-argo-client
|
|
key: clientSecret
|
|
|
|
config:
|
|
# Set it to a valid URL
|
|
issuer: https://dex.observability.t09.de
|
|
|
|
# See https://dexidp.io/docs/storage/ for more options
|
|
storage:
|
|
type: memory
|
|
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
alwaysShowLoginScreen: false
|
|
|
|
connectors:
|
|
- type: gitea
|
|
id: gitea
|
|
name: Forgejo
|
|
config:
|
|
clientID: "$FORGEJO_CLIENT_ID"
|
|
clientSecret: "$FORGEJO_CLIENT_SECRET"
|
|
redirectURI: https://dex.observability.t09.de/callback
|
|
baseURL: https://edp.buildth.ing
|
|
enablePasswordDB: false
|
|
|
|
staticClients:
|
|
- id: public-client
|
|
public: true
|
|
name: 'Public Client'
|
|
redirectURIs:
|
|
- 'https://localhost/oidc/callback'
|
|
- id: controller-argocd-dex
|
|
name: ArgoCD Client
|
|
redirectURIs:
|
|
- "http://argocd.observability.t09.de/auth/callback"
|
|
secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
|
|
- id: grafana
|
|
redirectURIs:
|
|
- "https://localhost/login/generic_oauth"
|
|
name: "Grafana"
|
|
secret: "thisisasecret"
|