Skip to content

Spantree/dex-demo-github

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
create-dex-tls.sh
create-dex-tls.sh
 
 
create-github-credentials.sh
create-github-credentials.sh
 
 
dex.yaml
dex.yaml
 
 
gencert.sh
gencert.sh
 
 

Repository files navigation

Minikube dex

Prerequisites

  • Clone the tutorial repo git clone <repourl> ~/dex-demo
  • Run go get -v github.com/dexidp/dex and cd $GOPATH/src/github.com/dexidp/dex/ and make.
  • Minikube 0.33.1 or 1.0.0 installed on your workstation or machine that you are using for this demo
  • Create a new OAuth app setting in github https://github.com/organizations/[YOURORG]/settings/applications and save the client id and the client secret for later use.

It should look like this:

image

Installation instructions

  • Run ./gencert.sh to create the certificates for dex (it will create the necessary certs for the demo)

  • Make the certificate file available inside the minikube vm

mkdir -p ~/.minikube/files/var/lib/minikube/certs/ && \
 cp -a ./ssl/* ~/.minikube/files/var/lib/minikube/certs/
  • Create the minikube cluster.
minikube start --vm-driver=virtualbox --memory=4096 \
--network-plugin=cni \
--enable-default-cni \
--extra-config=apiserver.authorization-mode=RBAC \
--extra-config=apiserver.oidc-issuer-url=https://dex.example.com:32000 \
--extra-config=apiserver.oidc-username-claim=email \
--extra-config=apiserver.oidc-ca-file=/var/lib/minikube/certs/ca.pem \
--extra-config=apiserver.oidc-client-id=example-app \
--extra-config=apiserver.oidc-groups-claim=groups

The option --extra-config=apiserver.apiserver.oidc-client-id=example-app will match the default value (example-app) of the example app that comes with dex.

  • Add dex.example.com to /etc/hosts: sudo -v && echo $(minikube ip) dex.example.com | sudo tee -a /etc/hosts
  • Add the TLS certs to kubernetes ./create-dex-tls.sh
  • Add the github clientid and clientsecret create-github-credentials.sh <clientid> <clientsecret>
  • Edit the file /etc/hosts of the minikube host by using minikube ssh -- "echo '127.0.2.1 dex.example.com' | sudo tee -a /etc/hosts".
  • Install and configure Dex kubectl apply -f dex.yaml
  • Verify dex is running by doing kubectl logs deploy/dex -f
  • Create cluster role binding for your user kubectl create clusterrolebinding github-feniix --clusterrole=cluster-admin [email protected]

Run the example client app

  • cd $GOPATH/src/github.com/coreos/dex/

  • ./bin/example-app --issuer=https://dex.example.com:32000 --issuer-root-ca=/Users/otaegui/dex-demo/ssl/ca.pem

  • Hit https://127.0.0.1:5555 in your web browser

  • Click on login

image

  • Click on Grant

image

  • Copy the ID Token somewhere (that is your token for access)

image

Configure and test kubectl

  • Open ~/.kube/config and search for - name: minikube
  • Delete the entries for client-certificate and client-key from the config
  • Run kubectl --token=<Token copied earlier> get pods

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

5 stars

Watchers

5 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages