Terrakube
2.20.0
2.20.0
  • Introduction
  • Updates
  • Getting started
    • 📐Architecture
    • 🔐Security
    • 🚀Getting Started
    • 💿Docker Images
    • 🌐Docker Compose
    • 🚗Docker Compose + Traefik
    • 📥Deployment
      • 🔨Helm Chart
      • 🚀Minikube
      • 🔑Minikube + HTTPS
      • ✈️Ingress Configuration
      • 🔐User Authentication (DEX)
      • 💾Storage backend
        • Azure Storage Account
        • Amazon Cloud Storage
        • Google Cloud Storage
        • Minio (S3 compatible)
      • 🛰️Database Backend
        • SQL Azure
        • PostgreSQL
        • MySQL
        • H2
      • 🔐Custom CA Certs
      • ⚙️Custom Terraform CLI Builds
      • 👮Self-Hosted Agents
      • 📶Proxy Configuration
      • 🛡️Token Security
      • 🚦Open Telemetry
    • 🤵User Management
      • Azure Active Directory
      • Google Cloud Identity
      • Amazon Cognito
      • Github
  • 📓User Guide
    • Organizations
      • Creating an Organization
      • Global Variables
      • Team Management
      • API Tokens
      • Templates
        • Default Templates
        • Persistent Context
        • Import Templates
        • UI Templates
        • Filter global variables in jobs
        • Template Scheduling in Jobs
      • Tags
    • VCS Providers
      • Github
      • Github Enterprise
      • GitLab
      • Gitlab EE and CE
      • Bitbucket
      • Azure DevOps
      • SSH
    • Workspaces
      • Overview
      • Creating Workspaces
      • Terraform State
      • Share Workspace State
      • Variables
      • Workspace scheduler
      • API-driven Workflow
      • CLI-driven Workflow
      • Ephemeral Workspaces
    • Private Registry
      • Publishing Private Modules
      • Using Private Modules
    • Policy Enforcement (OPA)
    • Cost Estimation
    • Drift Detection
    • CI/CD Integration
      • Github Actions
      • Bitbucket
    • Terrakube CLI
      • Getting started
      • Installation
      • Commands
        • terrakube login
        • terrakube logout
        • terrakube organization
          • organization list
          • organization create
          • organization update
          • organization delete
        • terrakube team
          • team list
          • team create
          • team update
          • team delete
        • terrakube workspace
          • workspace list
          • workspace create
          • workspace update
          • workspace delete
          • workspace variable
            • variable list
        • terrakube variable
          • variable update
          • variable delete
          • variable create
        • terrakube job
          • job list
          • job create
        • terrakube module
          • module list
          • module create
          • module update
          • module delete
    • Reference
      • Executor
        • Terraform Execution Flow
        • Terraform Versions
    • Migrating to Terrakube
  • 🎓Learn
    • What is Terrakube
      • Section Overview
      • Terraform in a Nutshell
      • Terraform Challenges at Enterprise Level
      • Introducing Terrakube
      • Summary and Up Next
    • Deploying using Terrakube
  • 📖API
    • 🌟Getting started
    • ⚙️Methods
      • Globalvar
      • Organization
      • Teams
      • Workspace
      • Variables
      • History
      • Jobs
      • Template
      • Schedule
      • Step
      • Module
      • Vcs
      • Provider
      • Personal Access Token
      • Team API Tokens
      • SSH Key
      • Agent
Powered by GitBook
On this page
  • Requirements
  • Setup Azure Authentication
  1. Getting started
  2. User Management

Azure Active Directory

PreviousUser ManagementNextGoogle Cloud Identity

Last updated 1 year ago

Azure Authentication with Dex Connecor require Terrakube >= 2.6.0 and Helm Chart >= 2.0.0

Requirements

  • Azure Active Directory

  • Azure Storage Account

For this example lets image that you will be using the following domains to deploy Terrakube.

  • registry.terrakube.azure.com

  • ui.terrakube.azure.com

  • api.terrakube.azure.com

Setup Azure Authentication

You need to complete the Azure authentication setup for Dex. You can found information in this

You need to go to your Azure and create a new Application

After the application is created you need to add the redirect URL.

You will also need to add the permission Directory.Read.All and ask a Azure administrator to approve the permission.

Now you can create the DEX configuration, you will use this config later when deploying the helm chart.

## Dex
dex:
  config:
    issuer: https://api.terrakube.azure.com/dex
    storage:
      type: memory
    oauth2:
      responseTypes: ["code", "token", "id_token"] 
      skipApprovalScreen: true
    web:
      allowedOrigins: ['*']
  
    staticClients:
    - id: microsoft
      redirectURIs:
      - 'https://ui.terrakube.azure.com'
      - 'http://localhost:10001/login'
      - 'http://localhost:10000/login'
      - '/device/callback'
      name: 'microsoft'
      public: true

    connectors:
    - type: microsoft
      id: microsoft
      name: microsoft
      config:
        clientID: "<<CHANGE_THIS>>"
        clientSecret: "<<CHANGE_THIS>>"
        redirectURI: "https://api.terrakube.azure.com/dex/callback"
        tenant: "<<CHANGE_THIS>>"

The firt step is to clone the repository.

git clone https://github.com/AzBuilder/terrakube-helm-chart.git

Replace <<CHANGE_THIS>> with the real values, create the values.yaml file and run the helm install

## Global Name
name: "terrakube"

## Terrakube Security
security:
  adminGroup: "<<CHANGE_THIS>>" # The value should be a valida azure ad group (example: TERRAKUBE_ADMIN)
  patSecret: "<<CHANGE_THIS>>"  # Sample Key 32 characters z6QHX!y@Nep2QDT!53vgH43^PjRXyC3X 
  internalSecret: "<<CHANGE_THIS>>" # Sample Key 32 characters Kb^8cMerPNZV6hS!9!kcD*KuUPUBa^B3 
  dexClientId: "microsoft"
  dexClientScope: "email openid profile offline_access groups"
  
## Terraform Storage
storage:
  azure:
    storageAccountName: "XXXXXXX" # <<CHANGE_THIS>>
    storageAccountResourceGroup: "XXXXXXX" # <<CHANGE_THIS>>
    storageAccountAccessKey: "XXXXXXX" # <<CHANGE_THIS>>

## Dex
dex:
  config:
    issuer: https://api.terrakube.azure.com/dex
    storage:
      type: memory
    oauth2:
      responseTypes: ["code", "token", "id_token"] 
      skipApprovalScreen: true
    web:
      allowedOrigins: ['*']
  
    staticClients:
    - id: microsoft
      redirectURIs:
      - 'https://ui.terrakube.azure.com'
      - 'http://localhost:10001/login'
      - 'http://localhost:10000/login'
      - '/device/callback'
      name: 'microsoft'
      public: true

    connectors:
    - type: microsoft
      id: microsoft
      name: microsoft
      config:
        clientID: "<<CHANGE_THIS>>"
        clientSecret: "<<CHANGE_THIS>>"
        redirectURI: "https://api.terrakube.azure.com/dex/callback"
        tenant: "<<CHANGE_THIS>>"

## API properties
api:
  enabled: true
  replicaCount: "1"
  serviceType: "ClusterIP"
  properties:
    databaseType: "H2"

## Executor properties
executor:
  enabled: true  
  replicaCount: "1"
  serviceType: "ClusterIP"
  properties:
    toolsRepository: "https://github.com/AzBuilder/terrakube-extensions"
    toolsBranch: "main"

## Registry properties
registry:
  enabled: true
  replicaCount: "1"
  serviceType: "ClusterIP"

## UI Properties
ui:
  enabled: true
  replicaCount: "1"
  serviceType: "ClusterIP"

## Ingress properties
ingress:
  useTls: true
  ui:
    enabled: true
    domain: "ui.terrakube.azure.com"
    path: "/(.*)"
    pathType: "Prefix" 
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      cert-manager.io/cluster-issuer: letsencrypt
  api:
    enabled: true
    domain: "api.terrakube.azure.com"
    path: "/(.*)"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
      cert-manager.io/cluster-issuer: letsencrypt
  registry:
    enabled: true
    domain: "registry.terrakube.azure.com"
    path: "/(.*)"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
      cert-manager.io/cluster-issuer: letsencrypt
  dex:
    enabled: true
    path: "/dex/(.*)"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
      cert-manager.io/cluster-issuer: letsencrypt

Run the installation

helm install --debug --values ./values.yaml terrakube ./terrakube-helm-chart/ -n terrakube

For any question or feedback please open an issue in our

🤵
helm chart repository
here
link