From b1b565243cbe8bc188a8a8d4242964006250f6ec Mon Sep 17 00:00:00 2001
From: Waldemar <waldemar.kindler@think-ahead.tech>
Date: Wed, 13 Aug 2025 13:11:16 +0200
Subject: [PATCH] feat(dex): readded dex after pipeline run

---
 otc/observability.t09.de/stacks/core/dex.yaml | 29 ++++++++
 .../stacks/core/dex/values.yaml               | 71 +++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 otc/observability.t09.de/stacks/core/dex.yaml
 create mode 100644 otc/observability.t09.de/stacks/core/dex/values.yaml

diff --git a/otc/observability.t09.de/stacks/core/dex.yaml b/otc/observability.t09.de/stacks/core/dex.yaml
new file mode 100644
index 0000000..d64175a
--- /dev/null
+++ b/otc/observability.t09.de/stacks/core/dex.yaml
@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dex
+  namespace: argocd
+  labels:
+    env: dev
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: -1
+  destination:
+    name: in-cluster
+    namespace: dex
+  sources:
+    - repoURL: https://charts.dexidp.io
+      chart: dex
+      targetRevision: 0.23.0
+      helm:
+        valueFiles:
+          - $values/otc/observability.t09.de/stacks/core/dex/values.yaml
+    - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      ref: values
diff --git a/otc/observability.t09.de/stacks/core/dex/values.yaml b/otc/observability.t09.de/stacks/core/dex/values.yaml
new file mode 100644
index 0000000..435a7d6
--- /dev/null
+++ b/otc/observability.t09.de/stacks/core/dex/values.yaml
@@ -0,0 +1,71 @@
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: main
+  hosts:
+    - host: dex.observability.t09.de
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - hosts:
+        - dex.observability.t09.de
+      secretName: dex-cert
+
+envVars:
+  - name: FORGEJO_CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: dex-forgejo-client
+        key: clientSecret
+  - name: FORGEJO_CLIENT_ID
+    valueFrom:
+      secretKeyRef:
+        name: dex-forgejo-client
+        key: clientID
+  - name: OIDC_DEX_GRAFANA_CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: dex-grafana-client
+        key: clientSecret
+  - name: OIDC_DEX_ARGO_CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: dex-argo-client
+        key: clientSecret
+
+config:
+  # Set it to a valid URL
+  issuer: https://dex.observability.t09.de
+
+  # See https://dexidp.io/docs/storage/ for more options
+  storage:
+    type: memory
+
+  oauth2:
+    skipApprovalScreen: true
+    alwaysShowLoginScreen: false
+
+  connectors:
+    - type: gitea
+      id: gitea
+      name: Forgejo
+      config:
+        clientID: "{{`{{ .Env.FORGEJO_CLIENT_ID }}`}}"
+        clientSecret: "{{`{{ .Env.FORGEJO_CLIENT_SECRET }}`}}"
+        redirectURI: https://dex.observability.t09.de/callback
+        baseURL: https://edp.buildth.ing
+  enablePasswordDB: false
+
+  staticClients:
+    - id: controller-argocd-dex
+      name: ArgoCD Client
+      redirectURIs:
+        - "http://argocd.observability.t09.de/auth/callback"
+      secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
+    - id: grafana
+      redirectURIs:
+        - "https://grafana.observability.t09.de/login/generic_oauth"
+      name: "Grafana"
+      secret: "{{`{{ .Env.OIDC_DEX_GRAFANA_CLIENT_SECRET }}`}}"