index.ts

import * as pulumi from "@pulumi/pulumi";
import * as kubernetes from "@pulumi/kubernetes";

import { makeDexConfig } from './config';

let dexContainerImage = "docker.io/colemickens/dex:latest"; // shame!
//let dexNamespace = "dex"; // add the ns object first

// TODO: load securely? e should load these "securely"?
// TODO: look into Pulumi config objects?
//
let dexConfig = makeDexConfig(
    "https://dex.cluster.lol",
    "1819471b-ba20-4d7f-aff9-967a57f5be96",
    "okpeuUOR173-:wvQFBY45~~"
);

let dexLabels = { app: "dex", };
const dexService = new kubernetes.core.v1.Service("dex", {
    metadata: {
        name: "dex",
        labels: dexLabels,
    },
    spec: {
        ports: [{ protocol: 'TCP', port: 5556, targetPort: 5556 }],
        selector: dexLabels,
    },
});

const dexSecret = new kubernetes.core.v1.Secret("dex", {
    metadata: {
        name: "dex",
        labels: dexLabels,
    },
    type: "Opaque",
    data: {
        "config.yaml": Buffer.from(dexConfig).toString('base64'),
    },
});

const dexDeployment = new kubernetes.apps.v1.Deployment("dex", {
    metadata: {
        labels: dexLabels,
        name: "dex",
    },
    spec: {
        selector: {
            matchLabels: dexLabels,
        },
        replicas: 1,
        template: {
            metadata: {
                labels: dexLabels,
            },
            spec: {
                containers: [{
                    name: "dex",
                    image: dexContainerImage,
                    command: [ "/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml" ],
                    ports: [{ name: "https", containerPort: 5556 }],
                    volumeMounts: [{ name: "config", mountPath: "/etc/dex/cfg" }],
                }],
                volumes: [{
                    name: "config",
                    secret: { secretName: "dex" },
                }],
            },
        },
    },
}, {dependsOn: dexSecret});