rancher-charts/charts/epinio/100.0.5+up1.6.2/templates/dex.yaml

{{- if .Values.dex.enabled -}}

---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  annotations:
  name: dex-config
  namespace: {{ .Release.Namespace }}
stringData:
  issuer: "https://auth.{{ .Values.global.domain }}"
  endpoint: {{ printf "http://%s.%s.svc.cluster.local:5556" .Values.dex.fullnameOverride .Release.Namespace }}
  config.yaml: |-
    issuer: "https://auth.{{ .Values.global.domain }}"
    storage:
      type: kubernetes
      config:
        inCluster: true
    enablePasswordDB: true
    staticPasswords:
    - email: "admin@epinio.io"
      # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
      hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
      username: "admin"
      userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
    - email: "epinio@epinio.io"
      hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
      userID: "08a8684b-db88-4b73-90a9-3cd1661f5467"

    staticClients:
    - id: epinio-api
      name: 'Epinio API'
      public: true
      # The 'Epinio API' lets the 'Epinio cli' issue ID tokens on its behalf.
      # https://dexidp.io/docs/custom-scopes-claims-clients/#cross-client-trust-and-authorized-party
      trustedPeers:
      - epinio-cli

    - id: epinio-cli
      name: 'Epinio cli'
      public: true

---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  labels:
    epinio.io/api-user-credentials: "true"
    epinio.io/role: "admin"
  name: {{ include "epinio-truncate" (print "user-" "admin@epinio.io") }}
  namespace: {{ .Release.Namespace }}
stringData:
  username: "admin@epinio.io"

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dex
  namespace: {{ .Release.Namespace }}
  annotations:
    cert-manager.io/cluster-issuer: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }}
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    {{- range $key, $value := .Values.ingress.annotations }}
    {{ $key | quote }}: {{ $value | quote }}
    {{- end }}
spec:
  {{- if .Values.ingress.ingressClassName }}
  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
  {{- end }}
  rules:
  - host: "auth.{{ .Values.global.domain }}"
    http:
      paths:
      - backend:
          service:
            name: dex
            port:
              number: 5556
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - "auth.{{ .Values.global.domain }}"
    secretName: dex-tls

{{- end }}
[epinio] forward-port from v2.6 to v2.7 2023-03-22 20:40:02 +00:00			`{{- if .Values.dex.enabled -}}`

			`---`
			`apiVersion: v1`
			`kind: Secret`
			`type: Opaque`
			`metadata:`
			`annotations:`
			`name: dex-config`
			`namespace: {{ .Release.Namespace }}`
			`stringData:`
			`issuer: "https://auth.{{ .Values.global.domain }}"`
			`endpoint: {{ printf "http://%s.%s.svc.cluster.local:5556" .Values.dex.fullnameOverride .Release.Namespace }}`
			`config.yaml: \|-`
			`issuer: "https://auth.{{ .Values.global.domain }}"`
			`storage:`
			`type: kubernetes`
			`config:`
			`inCluster: true`
			`enablePasswordDB: true`
			`staticPasswords:`
			`- email: "admin@epinio.io"`
			`# bcrypt hash of the string "password": $(echo password \| htpasswd -BinC 10 admin \| cut -d: -f2)`
			`hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"`
			`username: "admin"`
			`userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"`
			`- email: "epinio@epinio.io"`
			`hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"`
			`userID: "08a8684b-db88-4b73-90a9-3cd1661f5467"`

			`staticClients:`
			`- id: epinio-api`
			`name: 'Epinio API'`
			`public: true`
			`# The 'Epinio API' lets the 'Epinio cli' issue ID tokens on its behalf.`
			`# https://dexidp.io/docs/custom-scopes-claims-clients/#cross-client-trust-and-authorized-party`
			`trustedPeers:`
			`- epinio-cli`

			`- id: epinio-cli`
			`name: 'Epinio cli'`
			`public: true`

			`---`
			`apiVersion: v1`
			`kind: Secret`
			`type: Opaque`
			`metadata:`
			`labels:`
			`epinio.io/api-user-credentials: "true"`
			`epinio.io/role: "admin"`
			`name: {{ include "epinio-truncate" (print "user-" "admin@epinio.io") }}`
			`namespace: {{ .Release.Namespace }}`
			`stringData:`
			`username: "admin@epinio.io"`

			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: dex`
			`namespace: {{ .Release.Namespace }}`
			`annotations:`
			`cert-manager.io/cluster-issuer: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer \| quote }}`
			`traefik.ingress.kubernetes.io/router.entrypoints: websecure`
			`traefik.ingress.kubernetes.io/router.tls: "true"`
			`{{- range $key, $value := .Values.ingress.annotations }}`
			`{{ $key \| quote }}: {{ $value \| quote }}`
			`{{- end }}`
			`spec:`
			`{{- if .Values.ingress.ingressClassName }}`
			`ingressClassName: "{{ .Values.ingress.ingressClassName }}"`
			`{{- end }}`
			`rules:`
			`- host: "auth.{{ .Values.global.domain }}"`
			`http:`
			`paths:`
			`- backend:`
			`service:`
			`name: dex`
			`port:`
			`number: 5556`
			`path: /`
			`pathType: Prefix`
			`tls:`
			`- hosts:`
			`- "auth.{{ .Values.global.domain }}"`
			`secretName: dex-tls`

			`{{- end }}`