Update kubernetes example to go throught the entrypoint

[benjamin-bergia]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

2.30.0

Storage Type

Kubernetes

Installation Type

Official container image

Expected Behavior

After reading #1099 (comment), I tried to add templating to my configuration file and constantly had the following error:
error parse config file /etc/dex/config.yaml: error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{".Env.GITHUB_CONNECTOR_CLIENT_ID":interface {}(nil)}

My config file, kubernetes deployment, environment variables, etc were all correct and based on the kubernetes example from this repository. After going again through the documentation, docker entrypoint, Dockerfile and sample config file, I realized that the kubernetes example is over writing the entrypoint.

Actual Behavior

To avoid this, the container specs should be:

      containers:
      - image: ghcr.io/dexidp/dex:v2.30.0
        name: dex
        args: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]

This will preserve the entrypoint defined in the Dockerfile.

Steps To Reproduce

No response

Additional Information

No response

Configuration

No response

Logs

No response

[tiwarisanjay]

I am keep on getting following error when trying to use the secret from Env. Secret works if I hard code the same.

invalid client_secret on token request for client 

Tried all ways :

clientSecret: $CLIENT_SECRET
or 
clientSecret: {{ Env.CLIENT_SECRET }} 
or 
${CLIENT_SECRET}

I validated the variable CLIENT_SECRET which is there in the environment.

@nabokihms
@sagikazarmark

[nabokihms]

Related issue #2237 (it seems that it conflicts with the current one)

[nabokihms]

@tiwarisanjay, it is better to open a new issue or a discussion because we need more data to debug the problem. I assume the minimal will be the Dex version and how you deploy it.

[tiwarisanjay]

@nabokihms #2553

[phoerious]

Same. I'm trying to use a secret for a staticClient from an environment variable in Dex 2.32.0 (deployed in Kubernetes). My Dex config.yaml is mounted from a ConfigMap and looks like this in the container:

issuer: https://XXX
storage:
  type: kubernetes
  config:
    inCluster: true
web:
  http: 0.0.0.0:5556
expiry:
  idTokens: 1h
connectors:
  - type: gitlab
    id: gitlab
    name: GitLab
    config:
      baseURL: XXX
      clientID: $GITLAB_APPLICATION_ID   # I can use this syntax here, but not down there
      clientSecret: $GITLAB_CLIENT_SECRET
      redirectURI: XXX
oauth2:
  skipApprovalScreen: true
staticClients:
  - id: abc
    secret: '{{ .Env.ABC_SECRET }}'   # Doesn't work
    name: 'ABC'
    redirectURIs:
      - XXX

My workaround is to do ad-hoc string replacement in the container startup command.

[phoerious]

Any progress?