--- # tasks file for dex - name: Add Dex repo kubernetes.core.helm_repository: name: dex repo_url: https://charts.dexidp.io register: repo - name: Update Helm repos command: helm repo update when: repo.changed - name: Deploy PostgreSQL kubernetes.core.helm: name: postgresql chart_ref: bitnami/postgresql release_namespace: dex create_namespace: true values: auth: enablePostgresUser: true postgresPassword: "{{ postgresql_admin_password }}" username: "dex" password: "{{ dex_admin_password }}" database: "dex" primary: name: primary initdb: scripts: {} persistence: enabled: true volumeName: "data" size: 256Gi - name: Deploy Dex kubernetes.core.helm: name: dex chart_ref: dex/dex release_namespace: dex create_namespace: true values: config: issuer: https://dex.eom.dev/ storage: type: postgres config: host: postgresql port: 5432 databbase: dex user: dex password: "{{ dex_admin_password }}" ssl: mode: disable connectors: - type: ldap id: ldap name: LDAP config: host: openldap.openldap.svc.cluster.local insecureNoSSL: true bindDN: cn=readonly,dc=example,dc=com bindPW: "{{ openldap_readonly_password }}" userSearch: baseDN: dc=example,dc=com filter: "(&(objectClass=posixAccount)(memberOf=cn=Dex Users,ou=Dex,ou=Services,dc=eom,dc=dev))" username: uid idAttr: uid emailAttr: mail nameAttr: givenName preferredUsernameAttr: uid groupSearch: baseDN: dc=eom,dc=dev filter: "(objectClass=groupOfUniqueNames)" userMatchers: - userAttr: cn groupAttr: uniqueMember nameAttr: cn ingress: enabled: true annotations: cert-manager.io/cluster-issuer: ca-issuer hosts: - host: dex.eom.dev paths: - path: / tls: - hosts: - dex.eom.dev secretName: dex