add oidc settings

2025-07-09 03:04:20 -04:00 · 2024-09-28 14:14:10 +00:00 · 2024-09-28 14:14:10 +00:00 · 88f997011e
commit 88f997011e
parent 9ed4e7570d
2 changed files with 38 additions and 0 deletions
--- a/chart/templates/back/deployment.yaml
+++ b/chart/templates/back/deployment.yaml
@ -127,6 +127,32 @@ spec:
                secretKeyRef:
                  key: {{ .Values.global.meilisearch.kyoo_back.masterkeyKey }}
                  name: {{ .Values.global.meilisearch.kyoo_back.existingSecret }}
+            {{- if .Values.kyoo.oidc.enabled }}
+            - name: OIDC_SERVICE_NAME
+              value: {{ .Values.kyoo.oidc.name }}
+            - name: OIDC_SERVICE_LOGO
+              value: {{ .Values.kyoo.oidc.logo }}
+            - name: OIDC_SERVICE_CLIENTID
+              valueFrom:
+                secretKeyRef:
+                  key: {{ .Values.kyoo.oidc.clientIDkey }}
+                  name: {{ .Values.kyoo.oidc.existingSecret }}
+            - name: OIDC_SERVICE_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: {{ .Values.kyoo.oidc.clientSecretKey }}
+                  name: {{ .Values.kyoo.oidc.existingSecret }}
+            - name: OIDC_SERVICE_AUTHORIZATION
+              value: {{ .Values.kyoo.oidc.authorizationAddress }}
+            - name: OIDC_SERVICE_TOKEN
+              value: {{ .Values.kyoo.oidc.tokenAddress }}
+            - name: OIDC_SERVICE_PROFILE
+              value: {{ .Values.kyoo.oidc.profileAddress }}
+            - name: OIDC_SERVICE_SCOPE
+              value: {{ .Values.kyoo.oidc.scope }}
+            - name: OIDC_SERVICE_AUTHMETHOD
+              value: {{ .Values.kyoo.oidc.authMethod }}
+            {{- end }}
            {{- with (concat .Values.global.extraEnv .Values.back.kyoo_back.extraEnv) }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@ -95,6 +95,18 @@ kyoo:
  apikey:
    existingSecret: bigsecret
    apikeyKey: kyoo_apikeys
+  oidc:
+    enabled: false
+    existingSecret: bigsecret
+    clientIDkey: clientID
+    clientSecretKey: clientSecret
+    name: YourPrettyName
+    logo: https://url-of-your-logo.com
+    authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
+    tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
+    profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
+    scope: "email openid profile"
+    authMethod: ClientSecretBasic

 media:
  volumes: