lukasmrtvy · April 24, 2023 22:06
diff --git a/tfkdexpinniped b/tfkdexpinniped
 helmDefaults:
  wait: true

 repositories:
 - name: bitnami
  url: https://charts.bitnami.com/bitnami
 - name: dex
  url: https://charts.dexidp.io
 - name: dysnix
  url: https://dysnix.github.io/charts
 - name: traefik
  url: https://helm.traefik.io/traefik

 releases:
 - name: traefik
  namespace: default
  createNamespace: true
  chart: traefik/traefik
  version: 22.1.0
  values:
    - globalArguments:
        - --global.checknewversion=false
        - --global.sendanonymoususage=false
    - additionalArguments:
        - --log.level=DEBUG
        - --log.format=json
        - --accesslog
        - --accesslog.format=json
        - --metrics.prometheus
        - --entrypoints.websecure.forwardedHeaders.insecure
        - --entrypoints.web.http.redirections.entrypoint.to=:443
        - --entrypoints.web.http.redirections.entrypoint.permanent=true
        - --api.insecure
    - ingressRoute:
        dashboard:
          enabled: false
    - service:
        type: NodePort
    - ports:
        web:
          nodePort: 80
        websecure:
          nodePort: 443
          
 - name: wildcard-tls
  namespace: default
  createNamespace: true
  chart: dysnix/raw
  version: 0.3.1
  disableValidation: true
  needs:
  - default/traefik
  values:
    - resources:
      - apiVersion: traefik.containo.us/v1alpha1
        kind: TLSStore
        metadata:
          name: default
          namespace: default
        spec:
          defaultCertificate:
            secretName: wildcard-tls
      - apiVersion: v1
        kind: Secret
        metadata:
          name: wildcard-tls
        type: Opaque
        stringData:
          tls.crt: |
                -----BEGIN CERTIFICATE-----
                MIIFJzCCBA+gAwIBAgISBObsyoZC19wN5TQrQrBBTQizMA0GCSqGSIb3DQEBCwUA
                MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
                EwJSMzAeFw0yMzAyMjMyMDIzMTFaFw0yMzA1MjQyMDIzMTBaMBUxEzARBgNVBAMT
                CnRyYWVmaWsubWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkUIZs
                y4xRZFfC/SpTbCzD0SlPjDpyueOZITeiBsAMCEIKFBSgObOuB1lWmvl4B2fYubq4
                efNHZ3/8yzEfhN0wGI4Z2k4QYtZLVJODM4EFnKCnD+9a6lRazjSHf49TdEhEqtHL
                OsD7dTs8Cx9dPeDshqy4QHVfPAOE/Q0LJhn6bGibmiLCNfUtx50S2Y7lrroCfyZU
                pZf+oYu+BoUbC0LEAKQbKrRlk6CfGfopkvj1dtTmF7ouRksJ6oZnnGbIGWzBbt2S
                IA9TLfrYLMonbLWb6Pm03S/vXyBxXrPLdpuobO5w5POEORqxb/AAtOAFuyCId+eE
                ww6oZYg14JHnFqqjAgMBAAGjggJSMIICTjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
                BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
                FBbFhsVrjG7x7QebZ8HXeYGreR1zMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
                r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
                bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCMG
                A1UdEQQcMBqCDCoudHJhZWZpay5tZYIKdHJhZWZpay5tZTBMBgNVHSAERTBDMAgG
                BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
                LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ALc++yTf
                nE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhoAook4AAAQDAEcwRQIgftV6
                fpiU+/muFPluREelD9YGkWTPhm95KEwGYwtZH88CIQDmM1lN2qJ6jdJ6NaNpHjv5
                1XtFQuHvZx4+LlSVXT3AKAB1AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlej
                UutSAAABhoAoolcAAAQDAEYwRAIgLWvw809VaM6VNOlFgqBFwpsWgO10dqHLy9ea
                H+Fhr8oCIEusi+UvwgjMrvNjMZa6wFI8yYAts40+TgaN3TbtJ54pMA0GCSqGSIb3
                DQEBCwUAA4IBAQAcr2AYacKVaLDWYDp5NF2DkFcJtOAJsPIQA8IyCbTQe8mo6A/b
                GIkIHthGBRF8Vo6GKMMJ17Q5bsa4GrMcYnpRGKXmgr6z+8yC3dmaK329wgSeten2
                LX/N3QvjfEWYiPQB2+utLvD2+ilsKzHsebtAmNn12Nq2Pho6+GIU/vvp1IZ1mxhZ
                3MC3DoocYk4P4HOVhDdibNYP0pzgOXJ3vvRwr8/tjF/Gpvxy5WPagHcHQy6+rWr2
                YU326XlpgV3IifxJrpOwqT+uTaJ7ADkvl0TfVr6xwiJHTpxZw44AaEvebYi2Iog1
                K9ORHX8ikOgRSPgInRJ5jgawZUfE5ga7NuE4
                -----END CERTIFICATE-----
                -----BEGIN CERTIFICATE-----
                MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
                TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
                cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
                WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
                RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
                AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
                R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
                sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
                NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
                Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
                /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
                AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
                Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
                FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
                AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
                Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
                gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
                PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
                ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
                CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
                lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
                avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
                yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
                yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
                hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
                HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
                MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
                nLRbwHOoq7hHwg==
                -----END CERTIFICATE-----
                -----BEGIN CERTIFICATE-----
                MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
                MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
                DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
                TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
                cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
                AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
                ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
                wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
                LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
                4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
                bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
                sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
                Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
                FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
                SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
                PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
                TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
                SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
                c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
                +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
                ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
                b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
                U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
                MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
                5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
                9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
                WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
                he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
                Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
                -----END CERTIFICATE-----
          tls.key: |
                -----BEGIN PRIVATE KEY-----
                MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCkUIZsy4xRZFfC
                /SpTbCzD0SlPjDpyueOZITeiBsAMCEIKFBSgObOuB1lWmvl4B2fYubq4efNHZ3/8
                yzEfhN0wGI4Z2k4QYtZLVJODM4EFnKCnD+9a6lRazjSHf49TdEhEqtHLOsD7dTs8
                Cx9dPeDshqy4QHVfPAOE/Q0LJhn6bGibmiLCNfUtx50S2Y7lrroCfyZUpZf+oYu+
                BoUbC0LEAKQbKrRlk6CfGfopkvj1dtTmF7ouRksJ6oZnnGbIGWzBbt2SIA9TLfrY
                LMonbLWb6Pm03S/vXyBxXrPLdpuobO5w5POEORqxb/AAtOAFuyCId+eEww6oZYg1
                4JHnFqqjAgMBAAECggEBAJ+MYTq62uEdYepAER036K+rJUXMj+Reg5VpH7AAhfIp
                ApbusKhz3viYwjLKAHqAFmHm1lvSbltjMG+yjVxhkrTk4vZPd4WJszMqSKIZHKrq
                T0RowK2y433YxEDdp7oNKy8h/twrjL+eMYo38piDQSfqDURLsqxqhbBYVpYAxTDX
                DLVpf9O9nTOrGF9vELdIdT9WRAKH0dHbR3gT1aZtnDZ/eZY59+yQmzCCl9hnZrJ7
                aSOKjGChQVyaBLu1L+i3bjNS6HKby0W2u4K6ggaqnqsf9NmmLFyizm11ZaCF21FM
                krX0l16wrCDh+E1UUjXGk4Gfnwb3osQViBOTCtj7TqECgYEA0w3idc4fCqf6Keyk
                vBtaivcyGB6DSAIHoqh73uWcRSVwR1nC/ODMmXdOBKKwVe/3Jz4f6Hx0gKycULXA
                b+Ygbq1Y1IMFe6NeDyHnuXpVuaPtv+cKeChXlE4e+sem30e/uxKY35TKwcb+r7sC
                bsoF5gkOILOgL//jdguIeBdQdH0CgYEAx06EZyz3nUMaHBFevb/Q/MqI2q7mzfoB
                jPZ4v5/NLgnQrgbj3tHvJSVDX3IAZMWbX5WTojY65GzeVgxA8LImupyaIbBjXgwz
                nm9EEH6RDJWOF9xLFygc67REMyhr+BSg4/6rB1KJ3ltEhyiBJ+VPM/71RXqeE1fO
                0612HiwdZZ8CgYEAwThB7nYxZxEX7w/uVSR5xSXAX+J3cBIjqV+0YAE4CvnWjAv6
                fobT6WAXNhk3dMXHMM8oaTCffDoKtb1fm1JEuO7Ml2oIOAP9lb8FpYIBP357qCe+
                JvlQDL9kj1T/SgUm2/6PpIlVAwjKnFmKRaGAuvPpUjkA21DajnTKkJ9PkgUCgYB9
                D3yvTR0W1fs1L4UWZZ1acjALoIH9L2n3rNS50SkrQUdrW7FyqKJ52Xb8Fgm/Meu7
                v5zCxWqQ2OtubQP2xKLep9NjXk4LvnZJbSH1g6W6ksF1oWqQ3j+/ev7sZunQ4gjO
                54cj8hvGpdhLQxRAF3hqdQosjbNRCeEjHA4pAp9zmwKBgQDSDDGBmiYL4Trd06eo
                tzglbusgN+4RqJnXb/BQPLgasMcfNWy5oVIsTaeMuDIA6rvMIQWNEmaKQBgIV+IA
                QWjhDDr69ESSeHXeSxW982dMP4voMP118o7JMLLI2tXmsce4thjG7U111eB6cLd6
                L2UrBNaSfkoRh9XCdsHbMfw2YQ==
                -----END PRIVATE KEY-----

 - name: dex
  namespace: default
  createNamespace: true
  chart: dex/dex
  version: 0.13.0
  needs:
  - default/wildcard-tls
  values:
  - config:
      issuer: https://dex-127-0-0-1.traefik.me
      storage:
        type: sqlite3
        config:
          file: /var/dex/dex.db
      staticClients:
      - id: pinniped
        name: pinniped
        secret: pinniped
        redirectURIs:
          - https://supervisor-127-0-0-1.traefik.me/callback
      connectors:
      - type: mockCallback
        id: mock
        name: Example
      enablePasswordDB: true
      staticPasswords:
      - email: "[email protected]"
        # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
        hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
        username: "admin"
        userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
  - ingress:
      enabled: true
      hosts:
        - host: dex-127-0-0-1.traefik.me
          paths:
          - path: /
            pathType: ImplementationSpecific
      tls: {}

 - name: pinniped
  namespace: default
  createNamespace: true
  chart: bitnami/pinniped
  version: 1.0.9
  disableValidation: true
  values:
    - concierge:
        enabled: false
    - supervisor:
        service:
          public:
            type: ClusterIP

 - name: pinniped-config
  namespace: default
  createNamespace: true
  chart: dysnix/raw
  version: 0.3.1
  disableValidation: true
  needs:
  - default/pinniped
  - default/wildcard-tls
  values:
    - resources:
      - apiVersion: traefik.containo.us/v1alpha1
        kind: IngressRoute
        metadata:
          name: supervisor
          namespace: default
        spec:
          entryPoints:
            - websecure
          routes:
          - match: Host(`supervisor-127-0-0-1.traefik.me`)
            kind: Rule
            services:
            - name: pinniped-supervisor
              namespace: default
              port: 443
          tls: 
            passthrough: true
      - apiVersion: config.supervisor.pinniped.dev/v1alpha1
        kind: FederationDomain
        metadata:
          name: federation-domain
          namespace: default
        spec:
          issuer: "https://supervisor-127-0-0-1.traefik.me/test"
          tls:
            secretName: wildcard-tls
      - apiVersion: idp.supervisor.pinniped.dev/v1alpha1
        kind: OIDCIdentityProvider
        metadata:
          name: dex
          namespace: default
        spec:
          issuer: https://dex-127-0-0-1.traefik.me 
          authorizationConfig:
            additionalScopes: [offline_access, groups, email]
            allowPasswordGrant: false
          claims:
            username: email
          client:
            secretName: dex-client-credentials
      - apiVersion: v1
        kind: Secret
        metadata:
          name: dex-client-credentials
          namespace: default
        type: secrets.pinniped.dev/oidc-client
        stringData:
          clientID: pinniped
          clientSecret: pinniped
	helmDefaults:
	wait: true

	repositories:
	- name: bitnami
	url: https://charts.bitnami.com/bitnami
	- name: dex
	url: https://charts.dexidp.io
	- name: dysnix
	url: https://dysnix.github.io/charts
	- name: traefik
	url: https://helm.traefik.io/traefik

	releases:
	- name: traefik
	namespace: default
	createNamespace: true
	chart: traefik/traefik
	version: 22.1.0
	values:
	- globalArguments:
	- --global.checknewversion=false
	- --global.sendanonymoususage=false
	- additionalArguments:
	- --log.level=DEBUG
	- --log.format=json
	- --accesslog
	- --accesslog.format=json
	- --metrics.prometheus
	- --entrypoints.websecure.forwardedHeaders.insecure
	- --entrypoints.web.http.redirections.entrypoint.to=:443
	- --entrypoints.web.http.redirections.entrypoint.permanent=true
	- --api.insecure
	- ingressRoute:
	dashboard:
	enabled: false
	- service:
	type: NodePort
	- ports:
	web:
	nodePort: 80
	websecure:
	nodePort: 443

	- name: wildcard-tls
	namespace: default
	createNamespace: true
	chart: dysnix/raw
	version: 0.3.1
	disableValidation: true
	needs:
	- default/traefik
	values:
	- resources:
	- apiVersion: traefik.containo.us/v1alpha1
	kind: TLSStore
	metadata:
	name: default
	namespace: default
	spec:
	defaultCertificate:
	secretName: wildcard-tls
	- apiVersion: v1
	kind: Secret
	metadata:
	name: wildcard-tls
	type: Opaque
	stringData:
	tls.crt: \|
	-----BEGIN CERTIFICATE-----
	MIIFJzCCBA+gAwIBAgISBObsyoZC19wN5TQrQrBBTQizMA0GCSqGSIb3DQEBCwUA
	MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
	EwJSMzAeFw0yMzAyMjMyMDIzMTFaFw0yMzA1MjQyMDIzMTBaMBUxEzARBgNVBAMT
	CnRyYWVmaWsubWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkUIZs
	y4xRZFfC/SpTbCzD0SlPjDpyueOZITeiBsAMCEIKFBSgObOuB1lWmvl4B2fYubq4
	efNHZ3/8yzEfhN0wGI4Z2k4QYtZLVJODM4EFnKCnD+9a6lRazjSHf49TdEhEqtHL
	OsD7dTs8Cx9dPeDshqy4QHVfPAOE/Q0LJhn6bGibmiLCNfUtx50S2Y7lrroCfyZU
	pZf+oYu+BoUbC0LEAKQbKrRlk6CfGfopkvj1dtTmF7ouRksJ6oZnnGbIGWzBbt2S
	IA9TLfrYLMonbLWb6Pm03S/vXyBxXrPLdpuobO5w5POEORqxb/AAtOAFuyCId+eE
	ww6oZYg14JHnFqqjAgMBAAGjggJSMIICTjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
	BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
	FBbFhsVrjG7x7QebZ8HXeYGreR1zMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
	r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
	bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCMG
	A1UdEQQcMBqCDCoudHJhZWZpay5tZYIKdHJhZWZpay5tZTBMBgNVHSAERTBDMAgG
	BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
	LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ALc++yTf
	nE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhoAook4AAAQDAEcwRQIgftV6
	fpiU+/muFPluREelD9YGkWTPhm95KEwGYwtZH88CIQDmM1lN2qJ6jdJ6NaNpHjv5
	1XtFQuHvZx4+LlSVXT3AKAB1AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlej
	UutSAAABhoAoolcAAAQDAEYwRAIgLWvw809VaM6VNOlFgqBFwpsWgO10dqHLy9ea
	H+Fhr8oCIEusi+UvwgjMrvNjMZa6wFI8yYAts40+TgaN3TbtJ54pMA0GCSqGSIb3
	DQEBCwUAA4IBAQAcr2AYacKVaLDWYDp5NF2DkFcJtOAJsPIQA8IyCbTQe8mo6A/b
	GIkIHthGBRF8Vo6GKMMJ17Q5bsa4GrMcYnpRGKXmgr6z+8yC3dmaK329wgSeten2
	LX/N3QvjfEWYiPQB2+utLvD2+ilsKzHsebtAmNn12Nq2Pho6+GIU/vvp1IZ1mxhZ
	3MC3DoocYk4P4HOVhDdibNYP0pzgOXJ3vvRwr8/tjF/Gpvxy5WPagHcHQy6+rWr2
	YU326XlpgV3IifxJrpOwqT+uTaJ7ADkvl0TfVr6xwiJHTpxZw44AaEvebYi2Iog1
	K9ORHX8ikOgRSPgInRJ5jgawZUfE5ga7NuE4
	-----END CERTIFICATE-----
	-----BEGIN CERTIFICATE-----
	MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
	TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
	cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
	WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
	RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
	AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
	R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
	sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
	NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
	Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
	/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
	AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
	Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
	FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
	AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
	Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
	gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
	PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
	ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
	CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
	lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
	avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
	yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
	yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
	hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
	HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
	MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
	nLRbwHOoq7hHwg==
	-----END CERTIFICATE-----
	-----BEGIN CERTIFICATE-----
	MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
	MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
	DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
	TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
	cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
	AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
	ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
	wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
	LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
	4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
	bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
	sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
	Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
	FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
	SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
	PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
	TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
	SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
	c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
	+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
	ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
	b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
	U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
	MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
	5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
	9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
	WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
	he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
	Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
	-----END CERTIFICATE-----
	tls.key: \|
	-----BEGIN PRIVATE KEY-----
	MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCkUIZsy4xRZFfC
	/SpTbCzD0SlPjDpyueOZITeiBsAMCEIKFBSgObOuB1lWmvl4B2fYubq4efNHZ3/8
	yzEfhN0wGI4Z2k4QYtZLVJODM4EFnKCnD+9a6lRazjSHf49TdEhEqtHLOsD7dTs8
	Cx9dPeDshqy4QHVfPAOE/Q0LJhn6bGibmiLCNfUtx50S2Y7lrroCfyZUpZf+oYu+
	BoUbC0LEAKQbKrRlk6CfGfopkvj1dtTmF7ouRksJ6oZnnGbIGWzBbt2SIA9TLfrY
	LMonbLWb6Pm03S/vXyBxXrPLdpuobO5w5POEORqxb/AAtOAFuyCId+eEww6oZYg1
	4JHnFqqjAgMBAAECggEBAJ+MYTq62uEdYepAER036K+rJUXMj+Reg5VpH7AAhfIp
	ApbusKhz3viYwjLKAHqAFmHm1lvSbltjMG+yjVxhkrTk4vZPd4WJszMqSKIZHKrq
	T0RowK2y433YxEDdp7oNKy8h/twrjL+eMYo38piDQSfqDURLsqxqhbBYVpYAxTDX
	DLVpf9O9nTOrGF9vELdIdT9WRAKH0dHbR3gT1aZtnDZ/eZY59+yQmzCCl9hnZrJ7
	aSOKjGChQVyaBLu1L+i3bjNS6HKby0W2u4K6ggaqnqsf9NmmLFyizm11ZaCF21FM
	krX0l16wrCDh+E1UUjXGk4Gfnwb3osQViBOTCtj7TqECgYEA0w3idc4fCqf6Keyk
	vBtaivcyGB6DSAIHoqh73uWcRSVwR1nC/ODMmXdOBKKwVe/3Jz4f6Hx0gKycULXA
	b+Ygbq1Y1IMFe6NeDyHnuXpVuaPtv+cKeChXlE4e+sem30e/uxKY35TKwcb+r7sC
	bsoF5gkOILOgL//jdguIeBdQdH0CgYEAx06EZyz3nUMaHBFevb/Q/MqI2q7mzfoB
	jPZ4v5/NLgnQrgbj3tHvJSVDX3IAZMWbX5WTojY65GzeVgxA8LImupyaIbBjXgwz
	nm9EEH6RDJWOF9xLFygc67REMyhr+BSg4/6rB1KJ3ltEhyiBJ+VPM/71RXqeE1fO
	0612HiwdZZ8CgYEAwThB7nYxZxEX7w/uVSR5xSXAX+J3cBIjqV+0YAE4CvnWjAv6
	fobT6WAXNhk3dMXHMM8oaTCffDoKtb1fm1JEuO7Ml2oIOAP9lb8FpYIBP357qCe+
	JvlQDL9kj1T/SgUm2/6PpIlVAwjKnFmKRaGAuvPpUjkA21DajnTKkJ9PkgUCgYB9
	D3yvTR0W1fs1L4UWZZ1acjALoIH9L2n3rNS50SkrQUdrW7FyqKJ52Xb8Fgm/Meu7
	v5zCxWqQ2OtubQP2xKLep9NjXk4LvnZJbSH1g6W6ksF1oWqQ3j+/ev7sZunQ4gjO
	54cj8hvGpdhLQxRAF3hqdQosjbNRCeEjHA4pAp9zmwKBgQDSDDGBmiYL4Trd06eo
	tzglbusgN+4RqJnXb/BQPLgasMcfNWy5oVIsTaeMuDIA6rvMIQWNEmaKQBgIV+IA
	QWjhDDr69ESSeHXeSxW982dMP4voMP118o7JMLLI2tXmsce4thjG7U111eB6cLd6
	L2UrBNaSfkoRh9XCdsHbMfw2YQ==
	-----END PRIVATE KEY-----

	- name: dex
	namespace: default
	createNamespace: true
	chart: dex/dex
	version: 0.13.0
	needs:
	- default/wildcard-tls
	values:
	- config:
	issuer: https://dex-127-0-0-1.traefik.me
	storage:
	type: sqlite3
	config:
	file: /var/dex/dex.db
	staticClients:
	- id: pinniped
	name: pinniped
	secret: pinniped
	redirectURIs:
	- https://supervisor-127-0-0-1.traefik.me/callback
	connectors:
	- type: mockCallback
	id: mock
	name: Example
	enablePasswordDB: true
	staticPasswords:
	- email: "[email protected]"
	# bcrypt hash of the string "password": $(echo password \| htpasswd -BinC 10 admin \| cut -d: -f2)
	hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
	username: "admin"
	userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
	- ingress:
	enabled: true
	hosts:
	- host: dex-127-0-0-1.traefik.me
	paths:
	- path: /
	pathType: ImplementationSpecific
	tls: {}

	- name: pinniped
	namespace: default
	createNamespace: true
	chart: bitnami/pinniped
	version: 1.0.9
	disableValidation: true
	values:
	- concierge:
	enabled: false
	- supervisor:
	service:
	public:
	type: ClusterIP

	- name: pinniped-config
	namespace: default
	createNamespace: true
	chart: dysnix/raw
	version: 0.3.1
	disableValidation: true
	needs:
	- default/pinniped
	- default/wildcard-tls
	values:
	- resources:
	- apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: supervisor
	namespace: default
	spec:
	entryPoints:
	- websecure
	routes:
	- match: Host(`supervisor-127-0-0-1.traefik.me`)
	kind: Rule
	services:
	- name: pinniped-supervisor
	namespace: default
	port: 443
	tls:
	passthrough: true
	- apiVersion: config.supervisor.pinniped.dev/v1alpha1
	kind: FederationDomain
	metadata:
	name: federation-domain
	namespace: default
	spec:
	issuer: "https://supervisor-127-0-0-1.traefik.me/test"
	tls:
	secretName: wildcard-tls
	- apiVersion: idp.supervisor.pinniped.dev/v1alpha1
	kind: OIDCIdentityProvider
	metadata:
	name: dex
	namespace: default
	spec:
	issuer: https://dex-127-0-0-1.traefik.me
	authorizationConfig:
	additionalScopes: [offline_access, groups, email]
	allowPasswordGrant: false
	claims:
	username: email
	client:
	secretName: dex-client-credentials
	- apiVersion: v1
	kind: Secret
	metadata:
	name: dex-client-credentials
	namespace: default
	type: secrets.pinniped.dev/oidc-client
	stringData:
	clientID: pinniped
	clientSecret: pinniped
No results found