Last active
April 24, 2023 22:06
-
-
Save lukasmrtvy/74f028f5414851a06c5f01431e4e0509 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| helmDefaults: | |
| wait: true | |
| repositories: | |
| - name: bitnami | |
| url: https://charts.bitnami.com/bitnami | |
| - name: dex | |
| url: https://charts.dexidp.io | |
| - name: dysnix | |
| url: https://dysnix.github.io/charts | |
| - name: traefik | |
| url: https://helm.traefik.io/traefik | |
| releases: | |
| - name: traefik | |
| namespace: default | |
| createNamespace: true | |
| chart: traefik/traefik | |
| version: 22.1.0 | |
| values: | |
| - globalArguments: | |
| - --global.checknewversion=false | |
| - --global.sendanonymoususage=false | |
| - additionalArguments: | |
| - --log.level=DEBUG | |
| - --log.format=json | |
| - --accesslog | |
| - --accesslog.format=json | |
| - --metrics.prometheus | |
| - --entrypoints.websecure.forwardedHeaders.insecure | |
| - --entrypoints.web.http.redirections.entrypoint.to=:443 | |
| - --entrypoints.web.http.redirections.entrypoint.permanent=true | |
| - --api.insecure | |
| - ingressRoute: | |
| dashboard: | |
| enabled: false | |
| - service: | |
| type: NodePort | |
| - ports: | |
| web: | |
| nodePort: 80 | |
| websecure: | |
| nodePort: 443 | |
| - name: wildcard-tls | |
| namespace: default | |
| createNamespace: true | |
| chart: dysnix/raw | |
| version: 0.3.1 | |
| disableValidation: true | |
| needs: | |
| - default/traefik | |
| values: | |
| - resources: | |
| - apiVersion: traefik.containo.us/v1alpha1 | |
| kind: TLSStore | |
| metadata: | |
| name: default | |
| namespace: default | |
| spec: | |
| defaultCertificate: | |
| secretName: wildcard-tls | |
| - apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: wildcard-tls | |
| type: Opaque | |
| stringData: | |
| tls.crt: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIFJzCCBA+gAwIBAgISBObsyoZC19wN5TQrQrBBTQizMA0GCSqGSIb3DQEBCwUA | |
| MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD | |
| EwJSMzAeFw0yMzAyMjMyMDIzMTFaFw0yMzA1MjQyMDIzMTBaMBUxEzARBgNVBAMT | |
| CnRyYWVmaWsubWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkUIZs | |
| y4xRZFfC/SpTbCzD0SlPjDpyueOZITeiBsAMCEIKFBSgObOuB1lWmvl4B2fYubq4 | |
| efNHZ3/8yzEfhN0wGI4Z2k4QYtZLVJODM4EFnKCnD+9a6lRazjSHf49TdEhEqtHL | |
| OsD7dTs8Cx9dPeDshqy4QHVfPAOE/Q0LJhn6bGibmiLCNfUtx50S2Y7lrroCfyZU | |
| pZf+oYu+BoUbC0LEAKQbKrRlk6CfGfopkvj1dtTmF7ouRksJ6oZnnGbIGWzBbt2S | |
| IA9TLfrYLMonbLWb6Pm03S/vXyBxXrPLdpuobO5w5POEORqxb/AAtOAFuyCId+eE | |
| ww6oZYg14JHnFqqjAgMBAAGjggJSMIICTjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l | |
| BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE | |
| FBbFhsVrjG7x7QebZ8HXeYGreR1zMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf | |
| r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u | |
| bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCMG | |
| A1UdEQQcMBqCDCoudHJhZWZpay5tZYIKdHJhZWZpay5tZTBMBgNVHSAERTBDMAgG | |
| BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz | |
| LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ALc++yTf | |
| nE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhoAook4AAAQDAEcwRQIgftV6 | |
| fpiU+/muFPluREelD9YGkWTPhm95KEwGYwtZH88CIQDmM1lN2qJ6jdJ6NaNpHjv5 | |
| 1XtFQuHvZx4+LlSVXT3AKAB1AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlej | |
| UutSAAABhoAoolcAAAQDAEYwRAIgLWvw809VaM6VNOlFgqBFwpsWgO10dqHLy9ea | |
| H+Fhr8oCIEusi+UvwgjMrvNjMZa6wFI8yYAts40+TgaN3TbtJ54pMA0GCSqGSIb3 | |
| DQEBCwUAA4IBAQAcr2AYacKVaLDWYDp5NF2DkFcJtOAJsPIQA8IyCbTQe8mo6A/b | |
| GIkIHthGBRF8Vo6GKMMJ17Q5bsa4GrMcYnpRGKXmgr6z+8yC3dmaK329wgSeten2 | |
| LX/N3QvjfEWYiPQB2+utLvD2+ilsKzHsebtAmNn12Nq2Pho6+GIU/vvp1IZ1mxhZ | |
| 3MC3DoocYk4P4HOVhDdibNYP0pzgOXJ3vvRwr8/tjF/Gpvxy5WPagHcHQy6+rWr2 | |
| YU326XlpgV3IifxJrpOwqT+uTaJ7ADkvl0TfVr6xwiJHTpxZw44AaEvebYi2Iog1 | |
| K9ORHX8ikOgRSPgInRJ5jgawZUfE5ga7NuE4 | |
| -----END CERTIFICATE----- | |
| -----BEGIN CERTIFICATE----- | |
| MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw | |
| TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh | |
| cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw | |
| WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg | |
| RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK | |
| AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP | |
| R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx | |
| sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm | |
| NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg | |
| Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG | |
| /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC | |
| AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB | |
| Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA | |
| FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw | |
| AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw | |
| Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB | |
| gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W | |
| PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl | |
| ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz | |
| CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm | |
| lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 | |
| avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 | |
| yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O | |
| yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids | |
| hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ | |
| HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv | |
| MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX | |
| nLRbwHOoq7hHwg== | |
| -----END CERTIFICATE----- | |
| -----BEGIN CERTIFICATE----- | |
| MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ | |
| MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | |
| DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow | |
| TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh | |
| cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB | |
| AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC | |
| ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL | |
| wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D | |
| LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK | |
| 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 | |
| bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y | |
| sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ | |
| Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 | |
| FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc | |
| SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql | |
| PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND | |
| TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw | |
| SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 | |
| c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx | |
| +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB | |
| ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu | |
| b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E | |
| U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu | |
| MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC | |
| 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW | |
| 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG | |
| WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O | |
| he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC | |
| Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 | |
| -----END CERTIFICATE----- | |
| tls.key: | | |
| -----BEGIN PRIVATE KEY----- | |
| MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCkUIZsy4xRZFfC | |
| /SpTbCzD0SlPjDpyueOZITeiBsAMCEIKFBSgObOuB1lWmvl4B2fYubq4efNHZ3/8 | |
| yzEfhN0wGI4Z2k4QYtZLVJODM4EFnKCnD+9a6lRazjSHf49TdEhEqtHLOsD7dTs8 | |
| Cx9dPeDshqy4QHVfPAOE/Q0LJhn6bGibmiLCNfUtx50S2Y7lrroCfyZUpZf+oYu+ | |
| BoUbC0LEAKQbKrRlk6CfGfopkvj1dtTmF7ouRksJ6oZnnGbIGWzBbt2SIA9TLfrY | |
| LMonbLWb6Pm03S/vXyBxXrPLdpuobO5w5POEORqxb/AAtOAFuyCId+eEww6oZYg1 | |
| 4JHnFqqjAgMBAAECggEBAJ+MYTq62uEdYepAER036K+rJUXMj+Reg5VpH7AAhfIp | |
| ApbusKhz3viYwjLKAHqAFmHm1lvSbltjMG+yjVxhkrTk4vZPd4WJszMqSKIZHKrq | |
| T0RowK2y433YxEDdp7oNKy8h/twrjL+eMYo38piDQSfqDURLsqxqhbBYVpYAxTDX | |
| DLVpf9O9nTOrGF9vELdIdT9WRAKH0dHbR3gT1aZtnDZ/eZY59+yQmzCCl9hnZrJ7 | |
| aSOKjGChQVyaBLu1L+i3bjNS6HKby0W2u4K6ggaqnqsf9NmmLFyizm11ZaCF21FM | |
| krX0l16wrCDh+E1UUjXGk4Gfnwb3osQViBOTCtj7TqECgYEA0w3idc4fCqf6Keyk | |
| vBtaivcyGB6DSAIHoqh73uWcRSVwR1nC/ODMmXdOBKKwVe/3Jz4f6Hx0gKycULXA | |
| b+Ygbq1Y1IMFe6NeDyHnuXpVuaPtv+cKeChXlE4e+sem30e/uxKY35TKwcb+r7sC | |
| bsoF5gkOILOgL//jdguIeBdQdH0CgYEAx06EZyz3nUMaHBFevb/Q/MqI2q7mzfoB | |
| jPZ4v5/NLgnQrgbj3tHvJSVDX3IAZMWbX5WTojY65GzeVgxA8LImupyaIbBjXgwz | |
| nm9EEH6RDJWOF9xLFygc67REMyhr+BSg4/6rB1KJ3ltEhyiBJ+VPM/71RXqeE1fO | |
| 0612HiwdZZ8CgYEAwThB7nYxZxEX7w/uVSR5xSXAX+J3cBIjqV+0YAE4CvnWjAv6 | |
| fobT6WAXNhk3dMXHMM8oaTCffDoKtb1fm1JEuO7Ml2oIOAP9lb8FpYIBP357qCe+ | |
| JvlQDL9kj1T/SgUm2/6PpIlVAwjKnFmKRaGAuvPpUjkA21DajnTKkJ9PkgUCgYB9 | |
| D3yvTR0W1fs1L4UWZZ1acjALoIH9L2n3rNS50SkrQUdrW7FyqKJ52Xb8Fgm/Meu7 | |
| v5zCxWqQ2OtubQP2xKLep9NjXk4LvnZJbSH1g6W6ksF1oWqQ3j+/ev7sZunQ4gjO | |
| 54cj8hvGpdhLQxRAF3hqdQosjbNRCeEjHA4pAp9zmwKBgQDSDDGBmiYL4Trd06eo | |
| tzglbusgN+4RqJnXb/BQPLgasMcfNWy5oVIsTaeMuDIA6rvMIQWNEmaKQBgIV+IA | |
| QWjhDDr69ESSeHXeSxW982dMP4voMP118o7JMLLI2tXmsce4thjG7U111eB6cLd6 | |
| L2UrBNaSfkoRh9XCdsHbMfw2YQ== | |
| -----END PRIVATE KEY----- | |
| - name: dex | |
| namespace: default | |
| createNamespace: true | |
| chart: dex/dex | |
| version: 0.13.0 | |
| needs: | |
| - default/wildcard-tls | |
| values: | |
| - config: | |
| issuer: https://dex-127-0-0-1.traefik.me | |
| storage: | |
| type: sqlite3 | |
| config: | |
| file: /var/dex/dex.db | |
| staticClients: | |
| - id: pinniped | |
| name: pinniped | |
| secret: pinniped | |
| redirectURIs: | |
| - https://supervisor-127-0-0-1.traefik.me/callback | |
| connectors: | |
| - type: mockCallback | |
| id: mock | |
| name: Example | |
| enablePasswordDB: true | |
| staticPasswords: | |
| - email: "admin@example.com" | |
| # bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2) | |
| hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" | |
| username: "admin" | |
| userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" | |
| - ingress: | |
| enabled: true | |
| hosts: | |
| - host: dex-127-0-0-1.traefik.me | |
| paths: | |
| - path: / | |
| pathType: ImplementationSpecific | |
| tls: {} | |
| - name: pinniped | |
| namespace: default | |
| createNamespace: true | |
| chart: bitnami/pinniped | |
| version: 1.0.9 | |
| disableValidation: true | |
| values: | |
| - concierge: | |
| enabled: false | |
| - supervisor: | |
| service: | |
| public: | |
| type: ClusterIP | |
| - name: pinniped-config | |
| namespace: default | |
| createNamespace: true | |
| chart: dysnix/raw | |
| version: 0.3.1 | |
| disableValidation: true | |
| needs: | |
| - default/pinniped | |
| - default/wildcard-tls | |
| values: | |
| - resources: | |
| - apiVersion: traefik.containo.us/v1alpha1 | |
| kind: IngressRoute | |
| metadata: | |
| name: supervisor | |
| namespace: default | |
| spec: | |
| entryPoints: | |
| - websecure | |
| routes: | |
| - match: Host(`supervisor-127-0-0-1.traefik.me`) | |
| kind: Rule | |
| services: | |
| - name: pinniped-supervisor | |
| namespace: default | |
| port: 443 | |
| tls: | |
| passthrough: true | |
| - apiVersion: config.supervisor.pinniped.dev/v1alpha1 | |
| kind: FederationDomain | |
| metadata: | |
| name: federation-domain | |
| namespace: default | |
| spec: | |
| issuer: "https://supervisor-127-0-0-1.traefik.me/test" | |
| tls: | |
| secretName: wildcard-tls | |
| - apiVersion: idp.supervisor.pinniped.dev/v1alpha1 | |
| kind: OIDCIdentityProvider | |
| metadata: | |
| name: dex | |
| namespace: default | |
| spec: | |
| issuer: https://dex-127-0-0-1.traefik.me | |
| authorizationConfig: | |
| additionalScopes: [offline_access, groups, email] | |
| allowPasswordGrant: false | |
| claims: | |
| username: email | |
| client: | |
| secretName: dex-client-credentials | |
| - apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: dex-client-credentials | |
| namespace: default | |
| type: secrets.pinniped.dev/oidc-client | |
| stringData: | |
| clientID: pinniped | |
| clientSecret: pinniped |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment