Giter Club home page Giter Club logo

handson-dex's Introduction

Hands on dex

Examples using dex in K8s with the connectors:

  • mock
  • LDAP

The example is more or less a K8s variant of the example from the official dex documentation

prerequsites

The examples assume that you have access to an k8s cluster with a Kong Ingress Controller listening on a public IP 11.22.33.44. Check your ip e.g. if your kong is installed via helm with the release kong in namespace kong with kubectl -n kong get svc kong-kong-proxy -o json | jq -r .status.loadBalancer.ingress[0].ip. You need to adapt the configurations for this IP accordingly.

We are working on the namespace auth using the following tools:

  • kubectl with plugin ns
  • kustomize
  • helm
kubectl create namespace auth
kubectl-ns auth

mock connector

# install dex with mock connector config
helm upgrade dex banzaicloud-stable/dex -f dex/dex-mock-values.yaml --install

# install dex-clientapp
kubectl apply -k dex-clients/dex-clientapp

Browse to http://dex-clientapp.11.22.33.44.xip.io/ and log in for client-id dex-clientapp and connector ID mock. The dex-clientapp requests at least access for the scopes "openid", "profile", "email" and "offline access" if the provider does not support any additional scopes ( which is the case for the mock connector). Now, dex redirects you to the dex-clientapp which shows you the content of the Openconnect-ID token.

ldap connector

install open ldap server

kubectl apply -k ldap/l1
# check LDAP content
LDAP_POD=$(kubectl get pod -l app.kubernetes.io/name=openldap-1 -o=name | head -1)
kubectl exec -i -t $LDAP_POD -- bash
ldapsearch -x -b "dc=example,dc=org" -H ldap://localhost:389 -D "cn=admin,dc=example,dc=org" -w admin

install dex with ldap connector

# install dex with mock connector config
helm upgrade dex banzaicloud-stable/dex -f dex/dex-ldap-values.yaml --install

# install dex-clientapp
kubectl apply -k dex-clients/dex-clientapp

Browse to http://dex-clientapp.11.22.33.44.xip.io/ and log in for client-id dex-clientapp, additional scopes groups and connector ID ldap. Authenticate with user john and password bar and you get the user attributes and his group memberships (admins, developer).

test oid consumer

# install dex-client-oidconsumer
kubectl apply -k dex-clients/dex-client-oidconsumer
# copy ID-Token from the authenticated user in dex-clientapp (see the step above)
OID_TOKEN=<...>
curl -H "Authorization: Bearer $OID_TOKEN" http://dex-client-oidconsumer.11.22.33.44.xip.io

handson-dex's People

Contributors

alitari avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.