-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdex.tf
56 lines (51 loc) · 1.36 KB
/
dex.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Create Dex
data "template_file" "config_yaml" {
template = <<-EOT
issuer: http://dex.auth.svc.cluster.local:5556/dex
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
logger:
level: "debug"
format: text
oauth2:
skipApprovalScreen: true
enablePasswordDB: true
staticPasswords:
- email: ${var.dex_user_email}
hash: ${var.dex_user_hash}
# https://github.com/dexidp/dex/pull/1601/commits
# FIXME: Use hashFromEnv instead
username: ${var.dex_user_name}
userID: "${var.dex_user_id}"
staticClients:
# https://github.com/dexidp/dex/pull/1664
- idEnv: OIDC_CLIENT_ID
redirectURIs: ["/login/oidc"]
name: 'Dex Login Application'
secretEnv: OIDC_CLIENT_SECRET
EOT
}
data "kustomization_overlay" "dex" {
config_map_generator {
name = "dex"
behavior = "merge"
literals = [
"config.yaml=${data.template_file.config_yaml.rendered}"
]
}
resources = [
"github.com/kubeflow/manifests.git/common/dex/overlays/istio?ref=${var.kf_version}",
]
}
resource "kustomization_resource" "dex" {
for_each = data.kustomization_overlay.dex.ids
manifest = data.kustomization_overlay.dex.manifests[each.value]
depends_on = [
kustomization_resource.istio-base,
kustomization_resource.istio-ingress,
]
}