apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: dex
  name: dex
  namespace: dex
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: dex
    spec:
      serviceAccountName: dex
      containers:
      - image: quay.io/coreos/dex:v2.4.1
        name: dex
        command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]

        ports:
        - name: http
          containerPort: 5556

        volumeMounts:
        - name: config
          mountPath: /etc/dex/cfg
        - name: tls
          mountPath: /etc/dex/tls

        env:
        - name: GITLAB_CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: gitlab-client
              key: client-id
        - name: GITLAB_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: gitlab-client
              key: client-secret
      volumes:
      - name: config
        configMap:
          name: dex
          items:
          - key: config.yaml
            path: config.yaml
      - name: tls
        secret:
          secretName: dex.cluster.gsi.dit.upm.es.tls
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: dex
  namespace: dex
data:
  config.yaml: |
    issuer: https://dex.cluster.gsi.dit.upm.es:32000
    storage:
      # type: sqlite3
      # config:
      #   file: /tmp/dex.db
      type: kubernetes
      config:
        inCluster: true
    web:
      https: 0.0.0.0:5556
      tlsCert: /etc/dex/tls/tls.crt
      tlsKey: /etc/dex/tls/tls.key
    connectors:
    - type: gitlab
      id: gitlab
      name: GitLab
      config:
        baseURL: https://lab.cluster.gsi.dit.upm.es
        clientID: $GITLAB_CLIENT_ID
        clientSecret: $GITLAB_CLIENT_SECRET
        redirectURI: https://dex.cluster.gsi.dit.upm.es:32000/callback
    oauth2:
      skipApprovalScreen: true

    staticClients:
    - id: example-app
      redirectURIs:
      - 'http://localhost:5555/callback'
      name: 'Example App'
      secret: ZXhhbXBsZS1hcHAtc2VjcmV0

    enablePasswordDB: true
    staticPasswords:
    - email: "admin@example.com"
      # bcrypt hash of the string "password"
      hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
      username: "admin"
      userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
---
apiVersion: v1
kind: Service
metadata:
  name: dex
  namespace: dex
spec:
  type: NodePort
  ports:
  - name: dex
    port: 5556
    protocol: TCP
    targetPort: 5556
    nodePort: 32000
  selector:
    app: dex
# ---
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
#   name: dex-ingress
#   namespace: dex
# spec:
#   rules:
#   - host: dex.cluster.gsi.dit.upm.es
#     http:
#       paths:
#       - path: /
#         backend:
#           serviceName: dex
#           servicePort: 5556