stacks-instances/otc/observability.t09.de/stacks/core/dex/values.yaml

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: main
  hosts:
    - host: dex.observability.t09.de
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - dex.observability.t09.de
      secretName: dex-cert

envVars:
  - name: FORGEJO_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: dex-forgejo-client
        key: clientSecret
  - name: FORGEJO_CLIENT_ID
    valueFrom:
      secretKeyRef:
        name: dex-forgejo-client
        key: clientID
  - name: OIDC_DEX_GRAFANA_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: dex-grafana-client
        key: clientSecret
  - name: OIDC_DEX_ARGO_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: dex-argo-client
        key: clientSecret

config:
  # Set it to a valid URL
  issuer: https://dex.observability.t09.de

  # See https://dexidp.io/docs/storage/ for more options
  storage:
    type: memory

  oauth2:
    skipApprovalScreen: true
    alwaysShowLoginScreen: false

  connectors:
    - type: gitea
      id: gitea
      name: Forgejo
      config:
        clientID: "$FORGEJO_CLIENT_ID"
        clientSecret: "$FORGEJO_CLIENT_SECRET"
        redirectURI: https://dex.observability.t09.de/callback
        baseURL: https://edp.buildth.ing
  enablePasswordDB: false

  staticClients:
    - id: public-client
      public: true
      name: 'Public Client'
      redirectURIs:
        - 'https://localhost/oidc/callback'
    - id: controller-argocd-dex
      name: ArgoCD Client
      redirectURIs:
        - "http://argocd.observability.t09.de/auth/callback"
      secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
    - id: grafana
      redirectURIs:
        - "https://grafana.observability.t09.de/login/generic_oauth"
      name: "Grafana"
      secret: "thisisasecret"