chnage oidc config

2024-07-02 11:07:01 -05:00
parent 58559f5b74
commit 318990ce84
2 changed files with 19 additions and 18 deletions
--- a/clusters/cl01tl/management/headlamp/templates/external-secret.yaml
+++ b/clusters/cl01tl/management/headlamp/templates/external-secret.yaml
@@ -4,7 +4,7 @@ metadata:
  name: headlamp-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: headlamp-oidc-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
@@ -14,17 +14,31 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: HEADLAMP_CONFIG_OIDC_CLIENT_ID
+    - secretKey: clientID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/headlamp
        metadataPolicy: None
        property: client
-    - secretKey: HEADLAMP_CONFIG_OIDC_CLIENT_SECRET
+    - secretKey: clientSecret
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/headlamp
        metadataPolicy: None
        property: secret
+    - secretKey: issuerURL
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/headlamp
+        metadataPolicy: None
+        property: issuer
+    - secretKey: scopes
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/headlamp
+        metadataPolicy: None
+        property: scopes
--- a/clusters/cl01tl/management/headlamp/values.yaml
+++ b/clusters/cl01tl/management/headlamp/values.yaml
@@ -2,21 +2,8 @@ headlamp:
  config:
    oidc:
      secret:
-        create: true
-        name: headlamp-oidc-generated-secret
-  env:
-    - name: HEADLAMP_CONFIG_OIDC_CLIENT_ID
-      valueFrom:
-        secretKeyRef:
-          key: HEADLAMP_CONFIG_OIDC_CLIENT_ID
-          name: headlamp-oidc-secret
-    - name: HEADLAMP_CONFIG_OIDC_CLIENT_SECRET
-      valueFrom:
-        secretKeyRef:
-          key: HEADLAMP_CONFIG_OIDC_CLIENT_SECRET
-          name: headlamp-oidc-secret
-    - name: HEADLAMP_CONFIG_OIDC_IDP_ISSUER_URL
-      value: https://authentik.alexlebens.net/application/o/headlamp/
+        create: false
+        name: headlamp-oidc-secret
  persistentVolumeClaim:
    enabled: true
    accessModes: