dragon
/
argocd-example-apps
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Example Apps to Demonstrate Argo CD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 Commits
1 Branch
8 Tags
1.1 MiB
 
 
Tree: 2e7344a75f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2e7344a75f'
${ noResults }
argocd-example-apps/kustomize/dex/overlays/ldap/config-map.yaml

97 lines
4.1 KiB
Raw Blame History

---
apiVersion: v1
kind: ConfigMap
metadata:
name: dex
data:
config.yaml: |
issuer: $(issuer)
storage:
type: kubernetes
config:
inCluster: true
web:
https: 0.0.0.0:5556
tlsCert: /etc/dex/tls/tls.crt
tlsKey: /etc/dex/tls/tls.key
# For HTTP configuration remove tls configs and add
#http: 0.0.0.0:5556
logger:
level: "debug"
format: text
connectors:
- type: ldap
# Required field for connector id.
id: ldap
# Required field for connector name.
name: LDAP
config:
# Host and optional port of the LDAP server in the form "host:port".
# If the port is not supplied, it will be guessed based on "insecureNoSSL",
# and "startTLS" flags. 389 for insecure or StartTLS connections, 636
# otherwise.
host: $(ldap_host)
# Following field is required if the LDAP host is not using TLS (port 389).
# Because this option inherently leaks passwords to anyone on the same network
# as dex, THIS OPTION MAY BE REMOVED WITHOUT WARNING IN A FUTURE RELEASE.
#
insecureNoSSL: true
# If a custom certificate isn't provide, this option can be used to turn on
# TLS certificate checks. As noted, it is insecure and shouldn't be used outside
# of explorative phases.
#
insecureSkipVerify: true
# When connecting to the server, connect using the ldap:// protocol then issue
# a StartTLS command. If unspecified, connections will use the ldaps:// protocol
#
# startTLS: true
# Path to a trusted root certificate file. Default: use the host's root CA.
#rootCA: /etc/dex/ldap.ca
# A raw certificate file can also be provided inline.
#rootCAData:
# The DN and password for an application service account. The connector uses
# these credentials to search for users and groups. Not required if the LDAP
# server provides access for anonymous auth.
# Please note that if the bind password contains a '$', it has to be saved in an
# environment variable which should be given as the value to 'bindPW'.
bindDN: $(ldap_bind_dn)
bindPW: $(ldap_bind_pw)
# User search maps a username and password entered by a user to a LDAP entry.
userSearch:
# BaseDN to start the search from. It will translate to the query
# "(&(objectClass=person)(uid=<username>))".
baseDN: $(ldap_user_base_dn)
# Optional filter to apply when searching the directory.
filter: "(objectClass=posixAccount)"
# username attribute used for comparing user entries. This will be translated
# and combine with the other filter as "(<attr>=<username>)".
username: mail
# The following three fields are direct mappings of attributes on the user entry.
# String representation of the user.
idAttr: uid
# Required. Attribute to map to Email.
emailAttr: mail
# Maps to display name of users. No default value.
nameAttr: uid
# Group search queries for groups given a user entry.
groupSearch:
# BaseDN to start the search from. It will translate to the query
# "(&(objectClass=group)(member=<user uid>))".
baseDN: $(ldap_group_base_dn)
# Optional filter to apply when searching the directory.
filter: "(objectClass=posixGroup)"
# Following two fields are used to match a user to a group. It adds an additional
# requirement to the filter that an attribute in the group must match the user's
# attribute value.
userAttr: gidNumber
groupAttr: gidNumber
# Represents group name.
nameAttr: cn
oauth2:
skipApprovalScreen: true
staticClients:
- id: $(client_id)
redirectURIs: $(oidc_redirect_uris)
name: 'Dex Login Application'
secret: $(application_secret)