Update oidc configuration in helm (#693)

2025-07-09 03:04:20 -04:00 · 2024-11-27 01:13:21 -08:00 · 2024-11-27 01:13:21 -08:00 · 7d1f227531
commit 7d1f227531
parent b79ab3cf4e
2 changed files with 34 additions and 33 deletions
--- a/chart/templates/back/deployment.yaml
+++ b/chart/templates/back/deployment.yaml
@ -127,31 +127,31 @@ spec:
                secretKeyRef:
                  key: {{ .Values.global.meilisearch.kyoo_back.masterkeyKey }}
                  name: {{ .Values.global.meilisearch.kyoo_back.existingSecret }}
-            {{- if .Values.kyoo.oidc.enabled }}
+            {{- range $index, $provider := .Values.kyoo.oidc_providers }}
-            - name: OIDC_SERVICE_NAME
+            - name: OIDC_{{ $provider.name | upper }}_NAME
-              value: {{ .Values.kyoo.oidc.name | quote }}
+              value: {{ $provider.name | quote }}
-            - name: OIDC_SERVICE_LOGO
+            - name: OIDC_{{ $provider.name | upper }}_LOGO
-              value: {{ .Values.kyoo.oidc.logo | quote }}
+              value: {{ $provider.logo | quote }}
-            - name: OIDC_SERVICE_CLIENTID
+            - name: OIDC_{{ $provider.name | upper }}_CLIENTID
              valueFrom:
                secretKeyRef:
-                  key: {{ .Values.kyoo.oidc.clientIdKey }}
+                  key: {{ $provider.clientIdKey }}
-                  name: {{ .Values.kyoo.oidc.existingSecret }}
+                  name: {{ $provider.existingSecret }}
-            - name: OIDC_SERVICE_SECRET
+            - name: OIDC_{{ $provider.name | upper }}_SECRET
              valueFrom:
                secretKeyRef:
-                  key: {{ .Values.kyoo.oidc.clientSecretKey }}
+                  key: {{ $provider.clientSecretKey }}
-                  name: {{ .Values.kyoo.oidc.existingSecret }}
+                  name: {{ $provider.existingSecret }}
-            - name: OIDC_SERVICE_AUTHORIZATION
+            - name: OIDC_{{ $provider.name | upper }}_AUTHORIZATION
-              value: {{ .Values.kyoo.oidc.authorizationAddress | quote }}
+              value: {{ $provider.authorizationAddress | quote }}
-            - name: OIDC_SERVICE_TOKEN
+            - name: OIDC_{{ $provider.name | upper }}_TOKEN
-              value: {{ .Values.kyoo.oidc.tokenAddress | quote }}
+              value: {{ $provider.tokenAddress | quote }}
-            - name: OIDC_SERVICE_PROFILE
+            - name: OIDC_{{ $provider.name | upper }}_PROFILE
-              value: {{ .Values.kyoo.oidc.profileAddress | quote }}
+              value: {{ $provider.profileAddress | quote }}
-            - name: OIDC_SERVICE_SCOPE
+            - name: OIDC_{{ $provider.name | upper }}_SCOPE
-              value: {{ .Values.kyoo.oidc.scope | quote }}
+              value: {{ $provider.scope | quote }}
-            - name: OIDC_SERVICE_AUTHMETHOD
+            - name: OIDC_{{ $provider.name | upper }}_AUTHMETHOD
-              value: {{ .Values.kyoo.oidc.authMethod | quote }}
+              value: {{ $provider.authMethod | default "ClientSecretBasic" | quote }}
            {{- end }}
            {{- with (concat .Values.global.extraEnv .Values.back.kyoo_back.extraEnv) }}
              {{- toYaml . | nindent 12 }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@ -121,18 +121,19 @@ kyoo:
  apikey:
    existingSecret: bigsecret
    apikeyKey: kyoo_apikeys
-  oidc:
+  # oidc_providers is a list of oidc providers that you want to use for authentication.
-    enabled: false
+  # see the example below for how to configure an oidc provider.
-    existingSecret: bigsecret
+  oidc_providers: []
-    clientIdKey: clientId
+    # - name: example
-    clientSecretKey: clientSecret
+    #   existingSecret: bigsecret
-    name: YourPrettyName
+    #   clientIdKey: clientId
-    logo: https://url-of-your-logo.com
+    #   clientSecretKey: clientSecret
-    authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
+    #   logo: https://url-of-your-logo.com
-    tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
+    #   authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
-    profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
+    #   tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
-    scope: "email openid profile"
+    #   profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
-    authMethod: ClientSecretBasic
+    #   scope: "email openid profile"
    #   authMethod: ClientSecretBasic
 # configures workloads that require access to media
 media: