gitea-bot
7a96d06727
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2259 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
---
|
|
# Source: headlamp/templates/external-secret.yaml
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: headlamp-oidc-secret
|
|
namespace: headlamp
|
|
labels:
|
|
app.kubernetes.io/name: headlamp-oidc-secret
|
|
app.kubernetes.io/instance: headlamp
|
|
app.kubernetes.io/part-of: headlamp
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault
|
|
data:
|
|
- secretKey: OIDC_CLIENT_ID
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /authentik/oidc/headlamp
|
|
metadataPolicy: None
|
|
property: client
|
|
- secretKey: OIDC_CLIENT_SECRET
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /authentik/oidc/headlamp
|
|
metadataPolicy: None
|
|
property: secret
|
|
- secretKey: OIDC_ISSUER_URL
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /authentik/oidc/headlamp
|
|
metadataPolicy: None
|
|
property: issuer
|
|
- secretKey: OIDC_SCOPES
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /authentik/oidc/headlamp
|
|
metadataPolicy: None
|
|
property: scopes
|
|
- secretKey: OIDC_VALIDATOR_ISSUER_URL
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /authentik/oidc/headlamp
|
|
metadataPolicy: None
|
|
property: validator-issuer-url
|
|
- secretKey: OIDC_VALIDATOR_CLIENT_ID
|
|
remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: /authentik/oidc/headlamp
|
|
metadataPolicy: None
|
|
property: validator-client-id
|