Merge pull request #6 from swisscom/develop

add dex connectors

README.md

@@ -187,7 +187,7 @@ This repository has so far only been tested running under Linux and MacOSX. Your
 
 All configuration data for the entire project and all its components has been consolidated into a single configuration file: `config.yaml`.
 
-To get you started quickly there is also an example configuration file included, [`config.example.yaml`](/config.example.yaml]), which contains all the properties and variables required.
+To get you started quickly there is also an example configuration file included, [`config.example.yaml`](/config.example.yaml), which contains all the properties and variables required.
 
 You can just copy this file over to `config.yaml` and start editing it to fill in your values:
 ```bash
@@ -444,7 +444,30 @@ The static admin credentials will have `admin@<hostname>` as the username, and t
 
 The entire OIDC setup is done via a combination of Dex and oauth2-proxy.
 
-Please refer to [Dex Connectors](https://dexidp.io/docs/connectors/) for further documentation on how to configure and integrate your IDP into Dex. The necessary modifications will need to be done in [/deployments/dex.sh](/deployments/dex.sh).
+To integrate or add additional identity providers, you can configure [Dex connectors](https://dexidp.io/docs/connectors/) in the main `config.yaml` under `kubernetes.dex.connectors`.
+
+For example:
+```yaml
+kubernetes:
+  ...
+  dex:
+    connectors:
+    - type: github
+      id: github
+      name: GitHub
+      config:
+        clientID: a6324d7bda05daec7ec2
+        clientSecret: eecfce1c786d0fcc426edea89ebf56790c5e8169
+        redirectURI: https://dex.my-kubernetes.my-domain.com/dex/callback
+        orgs:
+        - name: my-company-org
+          teams:
+          - team-a
+          - team-b
+        - name: other-org
+```
+
+Please refer to the [Dex connectors documentation](https://dexidp.io/docs/connectors/) on how to configure additional connectors for the IDP of your choice into Dex.
 
 ## Up and running
 

config.example.yaml

@@ -8,6 +8,21 @@ kubernetes:
     secret: "hSPJw9AyyJMh3iQLF2V0RBGCkdRw7qSI" # generate a new secret with: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c32
     cookie: "R2ltbFNBTlV4MWs1UGxzUTNKZkZNOGpnUnNUWjRuc2g=" # generate a new cookie secret with: openssl rand -base64 32 | head -c 32 | base64
   admin_password: "$2y$10$qZjfVBeMRHlRZPwX2uDrIe4zjLyU8SPmz6ww6zoCxctoNrHIUfq7u" # generate a new password hash with: echo "<my-password>" | htpasswd -BinC 10 admin | cut -d: -f2
+  dex:
+    connectors: [] # see https://dexidp.io/docs/connectors/ for documentation
+    # - type: github # see https://dexidp.io/docs/connectors/github/ for documentation
+    #   id: github
+    #   name: GitHub
+    #   config:
+    #     clientID: my_github_client
+    #     clientSecret: my_github_client_secret
+    #     redirectURI: https://dex.my-kubernetes.my-domain.com/dex/callback
+    #     orgs:
+    #     - name: my-organization
+    #     - name: my-organization-with-teams
+    #       teams:
+    #       - red-team
+    #       - blue-team
 
 # vCD settings
 vcd:

deployments/dex.sh

@@ -71,19 +71,9 @@ config:
     - 'https://grafana.${cluster_hostname}/login/generic_oauth'
     secret: "${oidc_secret}"
 
-  # connectors:
-  #   - type: github
-  #     id: github
-  #     name: GitHub
-  #     config:
-  #       clientID: <your github app client ID here>
-  #       clientSecret: <your github app client secret here>
-  #       redirectURI: https://dex.${cluster_hostname}/dex/callback
-  #       # you can configure the connector further, for example by restricting it to only a certain org or team.
-  #       # These restrictions depend on the provider, check the Dex documentation for more info.
-  #       #orgs:
-  #       #- name: exampleorg
+  connectors: []
 EOF
+yq -e eval '.config.connectors = (load("config.yaml") | .kubernetes.dex.connectors // [])' -i "deployments/${chart}.values.yaml"
 deployments/install-chart.sh "${repository}" "${chart}" "${namespace}" "${version}" "deployments/${chart}.values.yaml"
 
 echo " "

deployments/install-chart.sh

@@ -28,9 +28,7 @@ if helm history --kubeconfig "${KUBECONFIG}" --max 1 --namespace "${namespace}"
 	helm uninstall --kubeconfig "${KUBECONFIG}" --wait --namespace "${namespace}" "${chart}"
 fi
 
-echo "installing chart [${chart}] with values.yaml configuration:"
-cat "${values}" || true
-echo " "
+echo "installing chart [${chart}] ..."
 helm upgrade --kubeconfig "${KUBECONFIG}" \
 	--install --create-namespace --dependency-update \
 	--cleanup-on-fail --atomic --wait --timeout "10m" \