- Dex on Kubernetes
- Kubernetes 1.19+
- Helm 3.2.0+
helm repo add dex https://charts.dexidp.io
helm repo update
- Create dex-values.yaml
_DOMAIN="dev-t.xyz"
_CLIENTID="ID"
_CLIENTSECRET="PASSWORD"
cat <<EOF > dex-values.yaml
config:
# Set it to a valid URL
issuer: https://sso.${_DOMAIN}
# See https://dexidp.io/docs/storage/ for more options
storage:
# type: memory
# type: sqlite3
# config:
# file: /var/dex/dex.db
type: kubernetes
config:
inCluster: true
# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true
# Enable at least one connector
# See https://dexidp.io/docs/connectors/ for more options
connectors:
# - type: mockCallback
# id: mock
# name: Example connector
- type: "github"
name: "Github"
id: "github"
config:
clientID: ${_CLIENTID}
clientSecret: ${_CLIENTSECRET}
redirectURI: https://sso.${_DOMAIN}/callback
staticClients:
- id: example-app
redirectURIs:
- 'https://sso.${_DOMAIN}/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: 'HTTPS'
hosts:
- host: sso.${_DOMAIN}
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- sso.${_DOMAIN}
secretName: dex-domain-tls
EOF
(Option) hash
# bcrypt hash of the string "password": $(echo password | htpasswd -bnBC 10 "" admin | tr -d ':\n')
install
helm install dex dex/dex \
--create-namespace \
--namespace dex \
-f dex-values.yaml
(Option) Test
_DOMAIN="dev-t.xyz"
./bin/example-app --issuer https://sso.${_DOMAIN} --listen "http://0.0.0.0:5555" --redirect-uri https://sso.${_DOMAIN}/callback --client-id eclipse-che