A minimal configuration of the status page deployment.
Configure the allowed origins via api/api.env to include the domain from the web frontend. CORS origins need to include the protocol, too. Example: https://frontend.<your-domain>.
Set a password for the database at database/db-secrets.env and configure the connection string in api/api-secrets.env
Dex needs a GitHub Applications Client Secret in dex/dex-secrets.env, please refer to dex/dex-secrets-example.env.
Set the issuer and redirectURI at dex/config.yaml to your domain. Keep in mind, that dex needs it's own domain or subdomain.
Other Dex related configuration is located in dex/dex.env, web/web-secrets.env and web/web.env to fill the configuration template dex/config.yaml.
Set your domain in oathkeeper/config.yaml at authenticators.jwt.config.jwks_urls and authenticators.jwt.config.trusted_issuers to point towards Dex.
In web/web.env configure the OIDC authentication callback and the API url. The API URL must be pointing to the external domain, not the K8s service name.
In ingress.yaml set your domains for Dex, Oathkeeper and the web frontend respectively. Oathkeeper acts as the auth proxy for the API server. Exposing the API server directly, opens up the possibility of unsupervised write actions.
Set the e-mail address in issuer.yaml to your desired e-mail address.