Github

Requirements

To run Terrakube in Docker Desktop you wil need the following:

Create Github
Create Github and add some
Create a team called TERRAKUBE_ADMIN and add the members
Install
Nginx Ingress for
Azure Storage Account/AWS S3 Bucket/GCP Storage Bucket

To get more information about the Dex Configuration for Github you can check this

Setup

Create a new Github Oauth application with the authorization callback URL "" in this
Copy the values for Client Id and Client Secret
Update the HOSTS file adding the following

# Linux Path /etc/hosts
# Windows Path c:\Windows\System32\Drivers\etc\hosts


127.0.0.1 ui.terrakube.docker.com
127.0.0.1 registry.terrakube.docker.com

YAML Example

Replace <<CHANGE_THIS>> with the real values, create the values.yaml file and run the helm install

## Global Name
name: "terrakube"

## Terrakube Security
security:
  adminGroup: "<<CHANGE_THIS>>" # This should be your Github team the format is OrganizationName:TeamName (Example: MyOrg:TERRAKUBE_ADMIN)
  patSecret: "<<CHANGE_THIS>>"  # Sample Key 32 characters z6QHX!y@Nep2QDT!53vgH43^PjRXyC3X 
  internalSecret: "<<CHANGE_THIS>>" # Sample Key 32 characters Kb^8cMerPNZV6hS!9!kcD*KuUPUBa^B3 
  dexClientId: "github"
  dexClientScope: "email openid profile offline_access groups"
  dexIssuerUri: "http://host.docker.internal/dex" # Change for your real domain

## Terraform Storage
storage:
  # SELECT THE TYPE OF STORAGE THAT YOU WANT TO USE AND REPLACE THE VALUES
  
  #azure:
  #  storageAccountName: "<<CHANGE_THIS>>"
  #  storageAccountResourceGroup: "<<CHANGE_THIS>>"
  #  storageAccountAccessKey: "<<CHANGE_THIS>>"
  #aws:
  #  accessKey: "<<CHANGE_THIS>>"
  #  secretKey: "<<CHANGE_THIS>>"
  #  bucketName: "<<CHANGE_THIS>>"
  #  region: "<<CHANGE_THIS>>"
  #gcp:
  #  projectId: "<<CHANGE_THIS>>"
  #  bucketName: "<<CHANGE_THIS>>"
  #  credentials: |
  #    ## GCP JSON CREDENTIALS for service account with access to read/write to the storage bucket
  #    {
  #      "type": "service_account",
  #      "project_id": "",
  #      "private_key_id": "",
  #      "private_key": "",
  #      "client_email": "",
  #      "client_id": "",
  #      "auth_uri": "",
  #      "token_uri": "",
  #      "auth_provider_x509_cert_url": "",
  #      "client_x509_cert_url": ""
  #    } 

## Dex
dex:
  enabled: true
  version: "v2.32.0"
  replicaCount: "1"
  serviceType: "ClusterIP"
  resources:
    limits:
      cpu: 512m
      memory: 256Mi
    requests:
      cpu: 256m
      memory: 128Mi
  properties:
    config:
      issuer: http://host.docker.internal/dex
      storage:
        type: memory
      oauth2:
        responseTypes: ["code", "token", "id_token"] 
        skipApprovalScreen: true
      web:
        allowedOrigins: ["*"]
  
      staticClients:
      - id: github
        redirectURIs:
        - 'http://ui.terrakube.docker.com'
        - 'http://localhost:10001/login'
        - 'http://localhost:10000/login'
        - '/device/callback'
        name: 'github'
        public: true

      connectors:
      - type: github
        id: github
        name: gitHub
        config:
          clientID: "<<CHANGE_THIS>>" 
          clientSecret: "<<CHANGE_THIS>>"
          redirectURI: "http://host.docker.internal/dex/callback"
          loadAllGroups: true

## API properties
api:
  enabled: true
  version: "2.6.0"
  replicaCount: "1"
  serviceType: "ClusterIP"
  properties:
    databaseType: "H2"

## Executor properties
executor:
  enabled: true
  version: "2.6.0"  
  replicaCount: "1"
  serviceType: "ClusterIP"
  properties:
    toolsRepository: "https://github.com/AzBuilder/terrakube-extensions"
    toolsBranch: "main"

## Registry properties
registry:
  enabled: true
  version: "2.6.0"
  replicaCount: "1"
  serviceType: "ClusterIP"

## UI Properties
ui:
  enabled: true
  version: "2.6.0"
  replicaCount: "1"
  serviceType: "ClusterIP"

## Ingress properties
ingress:
  useTls: false
  ui:
    enabled: true
    domain: "ui.terrakube.docker.com"
    path: "/(.*)"
    pathType: "Prefix" 
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      cert-manager.io/cluster-issuer: letsencrypt
  api:
    enabled: true
    domain: "host.docker.internal"
    path: "/(.*)"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
  registry:
    enabled: true
    domain: "registry.terrakube.docker.com"
    path: "/(.*)"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
  dex:
    enabled: true
    path: "/dex/(.*)"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"

Run the installation

helm install --debug --values ./values.yaml terrakube ./terrakube-helm-chart/ -n terrakube

PreviousAmazon Cognito NextOrganizations

Last updated 1 year ago

Was this helpful?

## Global Name name: "terrakube" ## Terrakube Security security: adminGroup: "<<CHANGE_THIS>>" # This should be your Github team the format is OrganizationName:TeamName (Example: MyOrg:TERRAKUBE_ADMIN) patSecret: "<<CHANGE_THIS>>" # Sample Key 32 characters z6QHX!y@Nep2QDT!53vgH43^PjRXyC3X internalSecret: "<<CHANGE_THIS>>" # Sample Key 32 characters Kb^8cMerPNZV6hS!9!kcD*KuUPUBa^B3 dexClientId: "github" dexClientScope: "email openid profile offline_access groups" dexIssuerUri: "http://host.docker.internal/dex" # Change for your real domain ## Terraform Storage storage: # SELECT THE TYPE OF STORAGE THAT YOU WANT TO USE AND REPLACE THE VALUES #azure: # storageAccountName: "<<CHANGE_THIS>>" # storageAccountResourceGroup: "<<CHANGE_THIS>>" # storageAccountAccessKey: "<<CHANGE_THIS>>" #aws: # accessKey: "<<CHANGE_THIS>>" # secretKey: "<<CHANGE_THIS>>" # bucketName: "<<CHANGE_THIS>>" # region: "<<CHANGE_THIS>>" #gcp: # projectId: "<<CHANGE_THIS>>" # bucketName: "<<CHANGE_THIS>>" # credentials: | # ## GCP JSON CREDENTIALS for service account with access to read/write to the storage bucket # { # "type": "service_account", # "project_id": "", # "private_key_id": "", # "private_key": "", # "client_email": "", # "client_id": "", # "auth_uri": "", # "token_uri": "", # "auth_provider_x509_cert_url": "", # "client_x509_cert_url": "" # } ## Dex dex: enabled: true version: "v2.32.0" replicaCount: "1" serviceType: "ClusterIP" resources: limits: cpu: 512m memory: 256Mi requests: cpu: 256m memory: 128Mi properties: config: issuer: http://host.docker.internal/dex storage: type: memory oauth2: responseTypes: ["code", "token", "id_token"] skipApprovalScreen: true web: allowedOrigins: ["*"] staticClients: - id: github redirectURIs: - 'http://ui.terrakube.docker.com' - 'http://localhost:10001/login' - 'http://localhost:10000/login' - '/device/callback' name: 'github' public: true connectors: - type: github id: github name: gitHub config: clientID: "<<CHANGE_THIS>>" clientSecret: "<<CHANGE_THIS>>" redirectURI: "http://host.docker.internal/dex/callback" loadAllGroups: true ## API properties api: enabled: true version: "2.6.0" replicaCount: "1" serviceType: "ClusterIP" properties: databaseType: "H2" ## Executor properties executor: enabled: true version: "2.6.0" replicaCount: "1" serviceType: "ClusterIP" properties: toolsRepository: "https://github.com/AzBuilder/terrakube-extensions" toolsBranch: "main" ## Registry properties registry: enabled: true version: "2.6.0" replicaCount: "1" serviceType: "ClusterIP" ## UI Properties ui: enabled: true version: "2.6.0" replicaCount: "1" serviceType: "ClusterIP" ## Ingress properties ingress: useTls: false ui: enabled: true domain: "ui.terrakube.docker.com" path: "/(.*)" pathType: "Prefix" annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" cert-manager.io/cluster-issuer: letsencrypt api: enabled: true domain: "host.docker.internal" path: "/(.*)" pathType: "Prefix" annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;" registry: enabled: true domain: "registry.terrakube.docker.com" path: "/(.*)" pathType: "Prefix" annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;" dex: enabled: true path: "/dex/(.*)" pathType: "Prefix" annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"