{"id":21278576,"url":"https://github.com/wdalmut/k8s-dex-example","last_synced_at":"2026-04-28T01:32:04.090Z","repository":{"id":142589609,"uuid":"233373207","full_name":"wdalmut/k8s-dex-example","owner":"wdalmut","description":"Example of DEX for Kubernetes","archived":false,"fork":false,"pushed_at":"2020-01-12T14:17:15.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-22T04:02:29.872Z","etag":null,"topics":["dex","k8s","kubernetes","oidc"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wdalmut.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-12T10:16:17.000Z","updated_at":"2020-01-12T14:56:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"ed87e70e-d416-4976-9895-4719cdefb946","html_url":"https://github.com/wdalmut/k8s-dex-example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/wdalmut/k8s-dex-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdalmut%2Fk8s-dex-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdalmut%2Fk8s-dex-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdalmut%2Fk8s-dex-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdalmut%2Fk8s-dex-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wdalmut","download_url":"https://codeload.github.com/wdalmut/k8s-dex-example/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdalmut%2Fk8s-dex-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32362781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"ssl_error","status_checked_at":"2026-04-27T20:07:00.910Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dex","k8s","kubernetes","oidc"],"created_at":"2024-11-21T10:15:10.321Z","updated_at":"2026-04-28T01:32:04.085Z","avatar_url":"https://github.com/wdalmut.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DEX configuration\n\nThe dex deployment is available at `dex.192.168.1.110.xip.io:32000`\n\nSet the TLS secrets.\n\n**Remember to Update the CN section before generate your clients (from\n`dex.example.com` to something else)**.\n\nHere your `gencert.sh` script: https://github.com/dexidp/dex/blob/master/examples/k8s/gencert.sh\n\n## Bring up your cluster\n\nIn this example we will use kind\n\n```sh\nkind create cluster --config kind.yaml\n```\n\n## Prepare Dex\n\n```sh\nkubectl create secret tls dex.example.com.tls --cert=ssl/cert.pem --key=ssl/key.pem\n```\n\nCreate the Github secret\n\n```sh\nexport GITHUB_CLIENT_ID=something\nexport GITHUB_CLIENT_SECRET=other_secrets\n\nkubectl create secret \\\ngeneric github-client \\\n--from-literal=client-id=$GITHUB_CLIENT_ID \\\n--from-literal=client-secret=$GITHUB_CLIENT_SECRET\n```\n\nNow we are ready to deploy Dex\n\n```sh\nkubectl apply -f dex.yaml\nNAME                   READY   STATUS    RESTARTS   AGE\ndex-77bcfc5588-8rvhd   1/1     Running   0          3h8m\ndex-77bcfc5588-njb46   1/1     Running   0          3h8m\ndex-77bcfc5588-wdpwr   1/1     Running   0          3h8m\n```\n\n## Login from the CLI\n\nFirst of all you need the `oidc-login` plugin\n(https://github.com/int128/kubelogin) (grab the binary and put it into the bin\nfolder)\n\nThen update your `~/.kube/config` configuration file with a new user (_users\nsection_)\n\n```yaml\n- name: oidc\n  user:\n    exec:\n      apiVersion: client.authentication.k8s.io/v1beta1\n      args:\n      - oidc-login\n      - get-token\n      - --oidc-issuer-url=ISSUER_URL\n      - --oidc-client-id=CLIENT_ID\n      - --oidc-client-secret=OIDC_SECRET\n      - --certificate-authority=CA_ABSOLUTE_PATH\n      - --oidc-extra-scope=email\n      - --oidc-extra-scope=profile\n      - --oidc-extra-scope=groups\n      command: kubectl\n      env: null\n```\n\nThen set this new user as the current user\n\n```sh\nkubectl config set-context --user oidc --current\n```\n\nAnd try to use the cluster\n\n```sh\nkubectl get pods\nOpen http://localhost:8000 for authentication\n\nNAME                   READY   STATUS    RESTARTS   AGE\ndex-77bcfc5588-8rvhd   1/1     Running   0          3h8m\ndex-77bcfc5588-njb46   1/1     Running   0          3h8m\ndex-77bcfc5588-wdpwr   1/1     Running   0          3h8m\n```\n\nor try to get our deployments\n\n```sh\nkubectl get deployments\nError from server (Forbidden): deployments.apps is forbidden: User \"walter.dalmut@gmail.com\" cannot list resource \"deployments\" in API group \"apps\" in the namespace \"default\"\n```\n\n## Login App\n\nThe login app is exposed at: `https://loginapp.192.168.1.110.xip.io:5555`\n\n```sh\ndocker run \\\n--add-host=\"dex.192.168.1.110.xip.io:192.168.1.110\" \\\n-p 5555:5555 \\\n-v `pwd`/ssl/:/ssl \\\n-v `pwd`/config-loginapp-docker.yaml:/config-loginapp-docker.yaml \\\nquay.io/fydrah/loginapp:2.7.0 serve /config-loginapp-docker.yaml\n```\n\n---\n\nSetup reference: https://github.com/dexidp/dex/blob/master/Documentation/kubernetes.md#configuring-the-openid-connect-plugin\n\nHere the project: https://github.com/fydrah/loginapp\n\n## Play with RBAC\n\nJust apply Roles and RoleBindings, for example\n\n```sh\nkubectl apply -f examples/role.yaml\n```\n\nthen try to get deployments or things outside the `default` namespace\n\n```sh\nkubectl get deployments --as=walter.dalmut@gmail.com\nError from server (Forbidden): deployments.apps is forbidden: User \"walter.dalmut@gmail.com\" cannot list resource \"deployments\" in API group \"apps\" in the namespace \"default\"\n```\n\nBut if you try with pods everything works fine\n\n```sh\nkubectl get pods --as=walter.dalmut@gmail.com\nNAME                   READY   STATUS    RESTARTS   AGE\ndex-77bcfc5588-8rvhd   1/1     Running   0          3h8m\ndex-77bcfc5588-njb46   1/1     Running   0          3h8m\ndex-77bcfc5588-wdpwr   1/1     Running   0          3h8m\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwdalmut%2Fk8s-dex-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwdalmut%2Fk8s-dex-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwdalmut%2Fk8s-dex-example/lists"}