Daniel Sy
f3d2def98a
Refactor the configuration to use environment variable syntax for Forgejo client ID and secret. This change improves consistency and readability in the configuration file.
71 lines
1.7 KiB
YAML
71 lines
1.7 KiB
YAML
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: main
|
|
hosts:
|
|
- host: dex.observability.t09.de
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- dex.observability.t09.de
|
|
secretName: dex-cert
|
|
|
|
envVars:
|
|
- name: FORGEJO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientSecret
|
|
- name: FORGEJO_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-forgejo-client
|
|
key: clientID
|
|
- name: OIDC_DEX_GRAFANA_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-grafana-client
|
|
key: clientSecret
|
|
- name: OIDC_DEX_ARGO_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex-argo-client
|
|
key: clientSecret
|
|
|
|
config:
|
|
# Set it to a valid URL
|
|
issuer: https://dex.observability.t09.de
|
|
|
|
# See https://dexidp.io/docs/storage/ for more options
|
|
storage:
|
|
type: memory
|
|
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
alwaysShowLoginScreen: false
|
|
|
|
connectors:
|
|
- type: gitea
|
|
id: gitea
|
|
name: Forgejo
|
|
config:
|
|
clientID: "$FORGEJO_CLIENT_ID"
|
|
clientSecret: "$FORGEJO_CLIENT_SECRET"
|
|
redirectURI: https://dex.observability.t09.de/callback
|
|
baseURL: https://edp.buildth.ing
|
|
enablePasswordDB: false
|
|
|
|
staticClients:
|
|
- id: controller-argocd-dex
|
|
name: ArgoCD Client
|
|
redirectURIs:
|
|
- "http://argocd.observability.t09.de/auth/callback"
|
|
secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
|
|
- id: grafana
|
|
redirectURIs:
|
|
- "https://grafana.observability.t09.de/login/generic_oauth"
|
|
name: "Grafana"
|
|
secret: "thisisasecret"
|