Erich Blume
8765ee8706
Adds Dex as a central OIDC identity provider running on ringtail's k3s cluster. Grafana is integrated as the first SSO client via generic_oauth. Dex uses Kubernetes CRD storage and ExternalSecrets for all sensitive config (bcrypt hash, client secrets from 1Password). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
12 lines
271 B
YAML
12 lines
271 B
YAML
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: dex
|
|
rules:
|
|
- apiGroups: ["dex.coreos.com"]
|
|
resources: ["*"]
|
|
verbs: ["*"]
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources: ["customresourcedefinitions"]
|
|
verbs: ["create"]
|