You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 lines
2.7 KiB
YAML
128 lines
2.7 KiB
YAML
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: dex
|
|
name: dex
|
|
namespace: dex
|
|
spec:
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: dex
|
|
spec:
|
|
serviceAccountName: dex
|
|
containers:
|
|
- image: quay.io/coreos/dex:v2.4.1
|
|
name: dex
|
|
command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
|
|
|
|
ports:
|
|
- name: http
|
|
containerPort: 5556
|
|
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/dex/cfg
|
|
- name: tls
|
|
mountPath: /etc/dex/tls
|
|
|
|
env:
|
|
- name: GITLAB_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitlab-client
|
|
key: client-id
|
|
- name: GITLAB_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitlab-client
|
|
key: client-secret
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: dex
|
|
items:
|
|
- key: config.yaml
|
|
path: config.yaml
|
|
- name: tls
|
|
secret:
|
|
secretName: dex.cluster.gsi.dit.upm.es.tls
|
|
---
|
|
kind: ConfigMap
|
|
apiVersion: v1
|
|
metadata:
|
|
name: dex
|
|
namespace: dex
|
|
data:
|
|
config.yaml: |
|
|
issuer: https://dex.cluster.gsi.dit.upm.es:32000
|
|
storage:
|
|
# type: sqlite3
|
|
# config:
|
|
# file: /tmp/dex.db
|
|
type: kubernetes
|
|
config:
|
|
inCluster: true
|
|
web:
|
|
https: 0.0.0.0:5556
|
|
tlsCert: /etc/dex/tls/tls.crt
|
|
tlsKey: /etc/dex/tls/tls.key
|
|
connectors:
|
|
- type: gitlab
|
|
id: gitlab
|
|
name: GitLab
|
|
config:
|
|
baseURL: https://lab.cluster.gsi.dit.upm.es
|
|
clientID: $GITLAB_CLIENT_ID
|
|
clientSecret: $GITLAB_CLIENT_SECRET
|
|
redirectURI: https://dex.cluster.gsi.dit.upm.es:32000/callback
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
|
|
staticClients:
|
|
- id: example-app
|
|
redirectURIs:
|
|
- 'http://localhost:5555/callback'
|
|
name: 'Example App'
|
|
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
|
|
|
enablePasswordDB: true
|
|
staticPasswords:
|
|
- email: "admin@example.com"
|
|
# bcrypt hash of the string "password"
|
|
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
|
|
username: "admin"
|
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: dex
|
|
namespace: dex
|
|
spec:
|
|
type: NodePort
|
|
ports:
|
|
- name: dex
|
|
port: 5556
|
|
protocol: TCP
|
|
targetPort: 5556
|
|
nodePort: 32000
|
|
selector:
|
|
app: dex
|
|
# ---
|
|
# apiVersion: extensions/v1beta1
|
|
# kind: Ingress
|
|
# metadata:
|
|
# name: dex-ingress
|
|
# namespace: dex
|
|
# spec:
|
|
# rules:
|
|
# - host: dex.cluster.gsi.dit.upm.es
|
|
# http:
|
|
# paths:
|
|
# - path: /
|
|
# backend:
|
|
# serviceName: dex
|
|
# servicePort: 5556 |