Configuring Minikube with GitHub Authentication

On Minikube, chectl provides a default OpenID Connect (OIDC) issuer, which can serve as a bridge to third party Keycloak, such as GitHub. Dex is the default OIDC issuer, preconfigured with static users. Configure Dex to use GitHub authentication.

Prerequisites
Procedure
  1. Get Minikube IP and remember it as <minikube_ip>:

    $ minikube ip
  2. Create an OAuth App for your Minikube instance in GitHub. See GitHub documentation.

    Application name: Che (1)
    Homepage URL: https://<minikube_ip>.nip.io (2)
    Authorization callback URL: https://dex.<minikube_ip>.nip.io/callback (3)
    1 Name is only displayed on GitHub. It is not used internally so it can be any name.
    2 Main URL to Che instance.
    3 Callback URL to Dex. chectl deploys Dex on dex. subdomain.
  3. In the GitHub OAuth application page, click Generate a new client secret and remember the value of the generated client secret as <client_secret>.

  4. Edit the Dex config map:

    $ kubectl edit configmap dex -n dex
    connectors:
    - type: github
      id: github
      name: GitHub
      config:
        clientID: <client_id> (1)
        clientSecret: <client_secret> (2)
        redirectURI: https://dex.<minikube_ip>.nip.io/callback (3)
    1 OAuth client id copied from GitHub OAuth application
    2 OAuth client secret, generated at GitHub in previous step
    3 Callback URL to Dex. This must match configuration in GitHub OAuth application from step 1.

Note: To remove Dex static users, delete all enablePasswordDB and staticPasswords sections.

  1. Restart the Dex pod:

    $ kubectl delete pod dex -n dex
Verification steps
  • Open Che URL. The dashboard displays GitHub login prompt.