Dex

Dex supports a wide range of identity providers such as LDAP, SAML, and OAuth2 and implements OpenID Connect (OIDC) , allowing your application to plug in any upstream identity provider, but implement only OIDC.

Whether you're looking to secure your internal applications, provide seamless Single Sign-On (SSO) across your organization, or create a secure public-facing platform, Dex can be tailored to meet your unique requirements.

Default Credentials

Username	Email	Password	Provider	Groups
admin	`[email protected]`	`password`	Static (Dex)	—
john	`[email protected]`	`babayaga`	LDAP	admins
tony	`[email protected]`	`ironman`	LDAP	developers

LDAP bind credentials: cn=admin,dc=example,dc=com / admin

Endpoints

The nip.io IP is auto-detected by scripts/get-nipio-ip.sh (Tailscale first, then Traefik LB IP). Deploy via Makefile:

make deploy-dex

Or manually with placeholder substitution:

sed -e 's%__LB_IP__%$(kubectl get svc traefik -n kube-system -o jsonpath='{$.status.loadBalancer.ingress[0].ip}')%g' \
    -e 's%__NIPIO_IP__%$(scripts/get-nipio-ip.sh)%g' \
    dex/dex-k8s.yaml | kubectl apply -f -

# Healthcheck
curl -sL "http://dex.$(NIPIO_IP).nip.io/dex/healthz"

# OpenID Config
curl -sL "http://dex.$(NIPIO_IP).nip.io/dex/.well-known/openid-configuration"

Configuration

Dex is preconfigured with static clients in dex/dex-k8s.yaml:

Client	Redirect URI	Secret
tekton	`http://tekton.$(LB_IP).nip.io/oauth2/callback`, `http://tekton.$(NIPIO_IP).nip.io/oauth2/callback`	`tekton-oidc-secret`
automatiko	`http://automatiko.$(NIPIO_IP).nip.io/oauth2/callback`	`automatiko-oidc-secret`
argocd	`https://argocd.$(NIPIO_IP).nip.io/auth/callback`	`YWdvY2Qtc2VjcmV0`
grafana	`http://grafana.$(NIPIO_IP).nip.io/login/generic_oauth`	`SrEzVU2WVqhIJiJsenDAONnDcira5F1DRfFW64UI`
test	`http://oidc-test.$(NIPIO_IP).nip.io/auth/callback`	`SrEzVU2WVqhIJiJsenDAONnDcira5F1DRfFW64UI`

To configure additional clients simply add static clients to dex config map in file dex/dex-k8s.yaml and apply:

kubectl apply -f dex/dex-k8s.yaml && kubectl rollout restart deployment dex -n dex

Note: Replace $(NIPIO_IP) and $(LB_IP) with actual IPs from scripts/get-nipio-ip.sh and kubectl get svc traefik -n kube-system ... respectively when running manually.