dex-operator

command module
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

README

dex-operator

An operator that automates the management of dex connector configurations

functionality

The dex-operator can be deployed to giant swarm management clusters. The app-controller then reconciles all application.giantswarm.io custom resources for the dex-app which are present on the management cluster. This also includes dex-app instances deployed to workload clusters. dex-operator automates management of identity provider app registrations for these dex instances. To do this it can be configured with a list of identity provider credentials to set up applications in. The app controller configures callback URIs and other settings and writes the resulting connectors back into the dex-app instances configuration.

providers

Providers need to implement the provider.Provider interface.

azure active directory

Configures app registration in an azure active directory tenant. To configure this identity provider, first add two app registrations to the tenant.

  • Name: giantswarm-dex. It needs delegated Permissions Directory.Read.All and User.Read. Delegated permissions set here will cascade to dex apps registered by the dex-operator.
  • Name: dex-operator. It needs Application Permissions Application.ReadWrite.All. Permissions set here will cascade to dex-operator instances registered by the user.

The following configuration is needed in values:

oidc:
  $OWNER:
    providers:
    - name: ad
      credentials:
        client-id: $CLIENTID
        client-secret: $CLIENTSECRET
        tenant-id: $TENANTID
  • $OWNER: Owner of the azure tenant. giantswarm or customer.
  • $TENANTID: The ID of the azure tenant that should be used for the configuration.
  • $CLIENTID: ID of the client (application) configured in the tenant for dex-operator.
  • $CLIENTSECRET: Secret configured for dex-operator client for the management cluster dex-operator runs on.

When the configuration is added, a microsoft connector should be added to each installed dex-app and the application registration with callback URI should be visible in the active directory. The operator will automatically renew the client-secret in case it expires or is removed from a connector. It will also automatically update other configuration such as permissions, claims and redirect URI.

adding azure ad credentials for gs installations

An existing set of dex-operator credentials as well as the azure active directory tenant are needed. Each dex-operator instance should have its own credentials and service principal. Utility to easily create, update and clean up credentials can be found in the setup package. this script can be used to call it for azure.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
dex
idp
idp/provider
idp/provider/azure
idp/provider/github
idp/provider/github/manifest
idp/provider/mockprovider
key
tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.