Skip to content

alitari/handson-dex

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

dex-clients

dex-clients

 
 

dex

dex

 
 

ldap

ldap

 
 

README.md

README.md

 
 

Repository files navigation

Hands on dex

Examples using dex in K8s with the connectors:

  • mock
  • LDAP

The example is more or less a K8s variant of the example from the official dex documentation

prerequsites

The examples assume that you have access to an k8s cluster with a Kong Ingress Controller listening on a public IP 11.22.33.44. Check your ip e.g. if your kong is installed via helm with the release kong in namespace kong with kubectl -n kong get svc kong-kong-proxy -o json | jq -r .status.loadBalancer.ingress[0].ip. You need to adapt the configurations for this IP accordingly.

We are working on the namespace auth using the following tools:

  • kubectl with plugin ns
  • kustomize
  • helm
kubectl create namespace auth
kubectl-ns auth

mock connector

# install dex with mock connector config
helm upgrade dex banzaicloud-stable/dex -f dex/dex-mock-values.yaml --install

# install dex-clientapp
kubectl apply -k dex-clients/dex-clientapp

Browse to http://dex-clientapp.11.22.33.44.xip.io/ and log in for client-id dex-clientapp and connector ID mock. The dex-clientapp requests at least access for the scopes "openid", "profile", "email" and "offline access" if the provider does not support any additional scopes ( which is the case for the mock connector). Now, dex redirects you to the dex-clientapp which shows you the content of the Openconnect-ID token.

ldap connector

install open ldap server

kubectl apply -k ldap/l1
# check LDAP content
LDAP_POD=$(kubectl get pod -l app.kubernetes.io/name=openldap-1 -o=name | head -1)
kubectl exec -i -t $LDAP_POD -- bash
ldapsearch -x -b "dc=example,dc=org" -H ldap://localhost:389 -D "cn=admin,dc=example,dc=org" -w admin

install dex with ldap connector

# install dex with mock connector config
helm upgrade dex banzaicloud-stable/dex -f dex/dex-ldap-values.yaml --install

# install dex-clientapp
kubectl apply -k dex-clients/dex-clientapp

Browse to http://dex-clientapp.11.22.33.44.xip.io/ and log in for client-id dex-clientapp, additional scopes groups and connector ID ldap. Authenticate with user john and password bar and you get the user attributes and his group memberships (admins, developer).

test oid consumer

# install dex-client-oidconsumer
kubectl apply -k dex-clients/dex-client-oidconsumer
# copy ID-Token from the authenticated user in dex-clientapp (see the step above)
OID_TOKEN=<...>
curl -H "Authorization: Bearer $OID_TOKEN" http://dex-client-oidconsumer.11.22.33.44.xip.io

About

examples for using dex in K8s

Topics

ldap openidconnect k8s ldap-authentication openid openid-connect openid-provider dex

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages