forked from streamshub/console
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path040-Secret-console-dex.yaml
53 lines (42 loc) · 1.43 KB
/
040-Secret-console-dex.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---
kind: Secret
apiVersion: v1
metadata:
name: console-dex
stringData:
config.yaml: |
issuer: https://console-dex.${CLUSTER_DOMAIN}
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
oauth2:
skipApprovalScreen: true
staticClients:
- id: streamshub-console
name: 'StreamsHub Console'
secret: ${STATIC_CLIENT_SECRET}
redirectURIs:
- 'https://example-console.${CLUSTER_DOMAIN}/api/auth/callback/oidc'
- 'http://localhost:3000/api/auth/callback/oidc'
connectors:
- type: openshift
id: openshift
name: OpenShift
config:
# OpenShift API, e.g. `https://api.example.com:6443`
# Get from kubectl via `kubectl config view --minify=true --flatten=false -o json | jq -r .clusters[0].cluster.server`
issuer: ${CLUSTER_APISERVER}
# OpenShift root CA
rootCA: /etc/ssl/openshift.pem
# Communicate to OpenShift without validating SSL certificates
insecureCA: false
# Credentials can be string literals or pulled from the environment.
clientID: ${${X}OPENSHIFT_OAUTH_CLIENT_ID}
clientSecret: ${${X}OPENSHIFT_OAUTH_CLIENT_SECRET}
# Optional list of required groups a user must be a member of
groups: []
# Redirect to the console's callback following authentication
redirectURI: https://console-dex.${CLUSTER_DOMAIN}/callback