Created dex-azure-ad-connector

nce commented 1 year ago

[x] Create kubectl manifests for Rolebinding, Role, PSP
[x] Add aws arn for new created azure secret
[x] use helm-release dex -> https://charts.dexidp.io
[x] add provider.tf for gavinbunny

tim-tschiersch commented 1 year ago

Secret that will be used in the helm release

apiVersion: v1
kind: Secret
metadata:
  name: dex-azure-ad-connector
  namespace: ops-dex
type: Opaque
data:
  MICROSOFT_CLIENT_ID: ${base64encode(jsondecode(data.aws_secretsmanager_secret_version.azure.secret_string)["DEX_MICROSOFT_CLIENT_ID"])}
  MICROSOFT_CLIENT_SECRET: ${base64encode(jsondecode(data.aws_secretsmanager_secret_version.azure.secret_string)["DEX_MICROSOFT_CLIENT_SECRET"])}

helm release secret reference

envFrom:
 - secretRef:
     name: dex-azure-ad-connector

AWS Credential that was created at the aws sandbox secret-manager

tim-tschiersch commented 1 year ago

Important capabilities for the psp, so the pod can actually run

  defaultAddCapabilities:
    - CHOWN
    - NET_BIND_SERVICE
    - SETGID
    - SETUID

nce commented 1 year ago

working as expected.

adorsys / ops-adorsys-kubernetes-platform

Created dex-azure-ad-connector #19