Skip to content

Instantly share code, notes, and snippets.

@taking
Created November 24, 2022 03:51
Show Gist options
  • Save taking/0d17017f7b6e3e56a08571587a206028 to your computer and use it in GitHub Desktop.
Save taking/0d17017f7b6e3e56a08571587a206028 to your computer and use it in GitHub Desktop.

Dex Installation with Helm

  • Dex on Kubernetes

Repo

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+

helm update

helm repo add dex https://charts.dexidp.io
helm repo update

values Override

  • Create dex-values.yaml
_DOMAIN="dev-t.xyz"
_CLIENTID="ID"
_CLIENTSECRET="PASSWORD"
cat <<EOF > dex-values.yaml
config:
  # Set it to a valid URL
  issuer: https://sso.${_DOMAIN}

  # See https://dexidp.io/docs/storage/ for more options
  storage:
    # type: memory
    # type: sqlite3
    # config:
    #   file: /var/dex/dex.db
    type: kubernetes
    config:
      inCluster: true

  # Let dex keep a list of passwords which can be used to login to dex.
  enablePasswordDB: true
  
  # Enable at least one connector
  # See https://dexidp.io/docs/connectors/ for more options
  connectors:
    # - type: mockCallback
    #   id: mock
    #   name: Example connector
    - type: "github"
      name: "Github"
      id: "github"
      config:
        clientID: ${_CLIENTID}
        clientSecret: ${_CLIENTSECRET}
        redirectURI: https://sso.${_DOMAIN}/callback
  staticClients:
    - id: example-app
      redirectURIs:
      - 'https://sso.${_DOMAIN}/callback'
      name: 'Example App'
      secret: ZXhhbXBsZS1hcHAtc2VjcmV0

ingress:
  enabled: true

  annotations:
    kubernetes.io/ingress.class: "nginx"    
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/backend-protocol: 'HTTPS'

  hosts:
    - host: sso.${_DOMAIN}
      paths:
        - path: /
          pathType: ImplementationSpecific

  tls:
    - hosts:
        - sso.${_DOMAIN}
      secretName: dex-domain-tls
EOF

(Option) hash

# bcrypt hash of the string "password": $(echo password | htpasswd -bnBC 10 "" admin | tr -d ':\n')

install

helm install dex dex/dex \
    --create-namespace \
    --namespace dex \
    -f dex-values.yaml

(Option) Test

_DOMAIN="dev-t.xyz"
./bin/example-app --issuer https://sso.${_DOMAIN} --listen "http://0.0.0.0:5555" --redirect-uri https://sso.${_DOMAIN}/callback --client-id eclipse-che
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment