c53507809d
- Rename the test/deploy/dex directory to test/deploy/tools - Rename the dex namespace to tools - Add a new ytt value called `pinny_ldap_password` for the tools ytt templates - This new value is not used on main at this time. We intend to use it in the forthcoming ldap branch. We're defining it on main so that the CI scripts can use it across all branches and PRs. Signed-off-by: Ryan Richard <richardry@vmware.com>
109 lines
2.2 KiB
YAML
109 lines
2.2 KiB
YAML
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
|
#! SPDX-License-Identifier: Apache-2.0
|
|
|
|
#@ load("@ytt:data", "data")
|
|
#@ load("@ytt:sha256", "sha256")
|
|
#@ load("@ytt:yaml", "yaml")
|
|
|
|
#@ def dexConfig():
|
|
issuer: https://dex.tools.svc.cluster.local/dex
|
|
storage:
|
|
type: sqlite3
|
|
config:
|
|
file: ":memory:"
|
|
web:
|
|
https: 0.0.0.0:8443
|
|
tlsCert: /var/certs/dex.pem
|
|
tlsKey: /var/certs/dex-key.pem
|
|
oauth2:
|
|
skipApprovalScreen: true
|
|
staticClients:
|
|
- id: pinniped-cli
|
|
name: 'Pinniped CLI'
|
|
public: true
|
|
redirectURIs:
|
|
- #@ "http://127.0.0.1:" + str(data.values.ports.cli) + "/callback"
|
|
- #@ "http://[::1]:" + str(data.values.ports.cli) + "/callback"
|
|
- id: pinniped-supervisor
|
|
name: 'Pinniped Supervisor'
|
|
secret: pinniped-supervisor-secret
|
|
redirectURIs: #@ data.values.supervisor_redirect_uris
|
|
enablePasswordDB: true
|
|
staticPasswords:
|
|
- username: "pinny"
|
|
email: "pinny@example.com"
|
|
hash: #@ data.values.pinny_bcrypt_passwd_hash
|
|
userID: "061d23d1-fe1e-4777-9ae9-59cd12abeaaa"
|
|
#@ end
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: dex-config
|
|
namespace: tools
|
|
labels:
|
|
app: dex
|
|
data:
|
|
config.yaml: #@ yaml.encode(dexConfig())
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: dex
|
|
namespace: tools
|
|
labels:
|
|
app: dex
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: dex
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: dex
|
|
annotations:
|
|
dexConfigHash: #@ sha256.sum(yaml.encode(dexConfig()))
|
|
spec:
|
|
containers:
|
|
- name: dex
|
|
image: ghcr.io/dexidp/dex:v2.27.0
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- /usr/local/bin/dex
|
|
- serve
|
|
- /etc/dex/cfg/config.yaml
|
|
ports:
|
|
- name: https
|
|
containerPort: 8443
|
|
volumeMounts:
|
|
- name: dex-config
|
|
mountPath: /etc/dex/cfg
|
|
- name: certs
|
|
mountPath: /var/certs
|
|
readOnly: true
|
|
volumes:
|
|
- name: dex-config
|
|
configMap:
|
|
name: dex-config
|
|
- name: certs
|
|
secret:
|
|
secretName: certs
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: dex
|
|
namespace: tools
|
|
labels:
|
|
app: dex
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: dex
|
|
ports:
|
|
- name: https
|
|
port: 443
|
|
targetPort: 8443
|