Open midestefanis opened 2 years ago
I'm not sure if this is your issue, but this page https://dexidp.io/docs/connectors/gitlab/ indicates that name is not the parent of baseUrl...
I believe a config: is missing after name: but on the same level.
Probably among so many tests, it must have gone wrong, anyway I corrected it and it continues to throw the same error. @sigi4
dex.config: |
logger:
level: debug
format: json
connectors:
- type: github
id: github
name: GitHub
config:
clientID: <your ID>
clientSecret: <your secret>
orgs:
- name: <your org>
I hope it helps, it might be very similar to GitLab, although I use GitHub. It works.
Were you able to make this work ? my current config looks like this
dex.config: |
connectors:
- type: gitlab
id: gitlab
name: GitLab
baseURL: https://gitlab.com/
redirectURI: http://127.0.0.1:5556/dex/callback
config:
clientID: c6a63e543c.......
clientSecret: <REDACTED>
groups:
- 547.....
On gitlab side the app is configured A button on the login page does appear "LOG IN VIA GITLAB" but when i click it nothing happens.
I pointed redirectURI to my dex service
redirectURI: http://argocd-dex-server:5556/dex/callback
and now atleast the request goes to dex server. On gitlab I was asked to authorize my access to gitlab but then ArgoCD says "login failed"
Dex logs state
time="2022-08-18T16:32:28Z" level=error msg="Failed to authenticate: gitlab: get groups: gitlab: user \"FirstName.LastName\" is not in any of the required groups"
I got this working.
So my final config looks like
dex.config: |
connectors:
- type: gitlab
id: gitlab
name: GitLab
baseURL: https://gitlab.com
redirectURI: http://argocd-dex-server:5556/dex/callback # <---- Point to dex server
config:
clientID: <REDACTED> # <--- from gitlab app Application ID
clientSecret: <REDACTED> # <--- from gitlab app Secret
groups:
- "<GROUP_NAME>" # <--- name of group you are part of in gitlab
I was getting a 502 when redirected back so I added the following to the ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
nginx.ingress.kubernetes.io/proxy-buffers-number: "8"
And to make sure that members of the gitlab group are admins on ArgoCD, added the following cm
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
data:
policy.csv: |
g, <GROUP_NAME>, role:admin
I got this working.
So my final config looks like
dex.config: | connectors: - type: gitlab id: gitlab name: GitLab baseURL: https://gitlab.com redirectURI: http://argocd-dex-server:5556/dex/callback # <---- Point to dex server config: clientID: <REDACTED> # <--- from gitlab app Application ID clientSecret: <REDACTED> # <--- from gitlab app Secret groups: - "<GROUP_NAME>" # <--- name of group you are part of in gitlab
I was getting a 502 when redirected back so I added the following to the ingress
metadata: annotations: nginx.ingress.kubernetes.io/proxy-buffer-size: 8k nginx.ingress.kubernetes.io/proxy-buffers-number: "8"
And to make sure that members of the gitlab group are admins on ArgoCD, added the following cm
apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm data: policy.csv: | g, <GROUP_NAME>, role:admin
hi, how it working in private gitlab, my gitlab addr is : https://gitlab.xxxx.com
@gsgs-libin
I had the same question, and after a lot of tries this is our working configuration.
argocd-cm:
data:
dex.config: |-
connectors:
# GitLab
- type: gitlab
id: gitlab
name: Our Private GitLab
config:
baseURL: http://gitlab.ourdomain.com
clientID: <GITLAB APP ID>
clientSecret: <GITLAB APP SECRET>
groups:
- "<GROUP>"
useLoginAsID: false
url: https://argocd.ourdomain.com
argocd-rbac-cm:
data:
policy.csv: |
p, role:org-admin, applications, *, */*, allow
p, role:org-admin, clusters, get, *, allow
p, role:org-admin, repositories, get, *, allow
p, role:org-admin, repositories, create, *, allow
p, role:org-admin, repositories, update, *, allow
p, role:org-admin, repositories, delete, *, allow
p, role:org-admin, logs, get, *, allow
p, role:org-admin, exec, create, */*, allow
g, <GROUP>, role:org-admin
policy.default: role:readonly
argocd-dex-server:
volumeMounts:
- mountPath: /etc/ssl/certs/
name: my-ca
[...]
volumes:
- name: my-ca
secret:
defaultMode: 420
secretName: ca-root
I had to delete the argocd-server pod for it to work correctly though, and if I remove the --insecure arg in the deployment things are broken.... I hope it helps!
Describe the bug
I can't enable SSO with Gitlab and dex
Following the following documentation:
https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#dex https://dexidp.io/docs/connectors/gitlab/
I'm trying to activate SSO with Gitlab but both the server and the dex always give me the following error:
time="2022-04-07T16:33:04Z" level=warning msg="invalid dex yaml config"
To Reproduce
What I did was just edit the configmap 'argocd-cm'
Expected behavior
Login with SOO
Screenshots
Version
Logs