incalculable-ocean-74010
03/25/2021, 8:28 PMbig-carpet-38439
03/29/2021, 2:47 AMincalculable-ocean-74010
03/29/2021, 8:46 AMbig-carpet-38439
03/29/2021, 2:02 PMacceptable-architect-70237
04/02/2021, 8:39 PMgreen-train-47894
06/11/2021, 1:12 PMbig-carpet-38439
06/11/2021, 2:24 PMgreen-train-47894
06/11/2021, 3:13 PMbig-carpet-38439
06/11/2021, 3:19 PMbig-carpet-38439
06/11/2021, 3:43 PMgreen-train-47894
06/14/2021, 6:08 AMstale-jewelry-2440
09/17/2021, 7:40 AMbig-carpet-38439
09/17/2021, 4:58 PMbig-carpet-38439
09/17/2021, 4:58 PMstale-jewelry-2440
09/21/2021, 8:44 AMstale-jewelry-2440
09/21/2021, 12:44 PMbig-carpet-38439
10/08/2021, 6:32 PMincalculable-ocean-74010
10/08/2021, 10:01 PM{{- if (index .Values "datahub-frontend" "auth" "oidc" "enabled")}}
apiVersion: v1
kind: Secret
metadata:
name: auth-oidc-secrets
labels:
app: {{ include "datahub.fullname" . }}
chart: {{ include "datahub.chart" . }}
type: Opaque
data:
AUTH_OIDC_CLIENT_ID: {{ (index .Values "datahub-frontend" "auth" "oidc" "clientId") | b64enc | quote }}
AUTH_OIDC_CLIENT_SECRET: {{ (index .Values "datahub-frontend" "auth" "oidc" "clientSecret") | b64enc | quote }}
AUTH_OIDC_DISCOVERY_URI: {{ (index .Values "datahub-frontend" "auth" "oidc" "discoveryUri") | b64enc | quote }}
{{- end}}
My values.yaml enables this secret like so:
datahub-frontend:
resources:
limits:
cpu: 300m
memory: 600Mi
requests:
cpu: 300m
memory: 600Mi
ingress:
enabled: true
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
hosts:
- host: ****************
paths: ["/"]
auth:
oidc:
enabled: true
clientId: "{{DATAHUB-OIDC-CLIENT-ID}}"
clientSecret: "{{DATAHUB-OIDC-CLIENT-SECRET}}"
discoveryUri: "<https://login.microsoftonline.com/*******-****-****-****-************/v2.0/.well-known/openid-configuration>"
extraEnvs:
- name: JAAS_ENABLED # Disable /login url with dummy validation
value: "false"
- name: AUTH_OIDC_ENABLED
value: "true"
- name: AUTH_OIDC_BASE_URL
value: "https://****************"
- name: AUTH_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: auth-oidc-secrets
key: AUTH_OIDC_CLIENT_ID
- name: AUTH_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: auth-oidc-secrets
key: AUTH_OIDC_CLIENT_SECRET
- name: AUTH_OIDC_DISCOVERY_URI
valueFrom:
secretKeyRef:
name: auth-oidc-secrets
key: AUTH_OIDC_DISCOVERY_URI
The double brackets template is to retrieve the actual values from an internal key vault. Anonymized potentially sensitive data. Does it help?incalculable-ocean-74010
10/08/2021, 10:12 PMbig-carpet-38439
10/08/2021, 10:32 PMstale-jewelry-2440
10/10/2021, 9:16 AMbig-carpet-38439
10/11/2021, 3:30 PMAUTH_OIDC_CLIENT_AUTHENTICATION_METHOD=client_secret_post
?