feat(kuwubernetes): provide dex secrets as prep for dex install

2026-02-09 12:29:19 -08:00 · 2024-01-21 12:30:53 -08:00 · 2024-01-21 12:30:53 -08:00 · 6103dfe0f1
commit 6103dfe0f1
parent 26f1631d71
4 changed files with 40 additions and 7 deletions
--- a/nixos/k8s.nix
+++ b/nixos/k8s.nix
@ -41,6 +41,11 @@ in {
      advertiseAddress = kubeMasterIP;
      extraOpts = escapeShellArgs [
        "--service-node-port-range=1-65535"
+        "--oidc-issuer-url=https://dex.gensokyo.zone:32000"
+        "--oidc-client-id=kuwubernetes"
+        "--oidc-ca-file=/etc/dex-ssl/ca.pem"
+        "--oidc-username-claim=email"
+        "--oidc-groups-claim=groups"
      ];
      allowPrivileged = true;
    };