mirror of https://github.com/minio/minio.git
Add OIDC to the HelmChart (#15469)
This commit is contained in:
parent
3bd9615d0e
commit
a46baddbc4
|
@ -118,6 +118,24 @@ spec:
|
|||
- name: MINIO_PROMETHEUS_AUTH_TYPE
|
||||
value: "public"
|
||||
{{- end}}
|
||||
{{- if .Values.oidc.enabled }}
|
||||
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
|
||||
value: {{ .Values.oidc.configUrl }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
|
||||
value: {{ .Values.oidc.clientId }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLIENTs_SECRET
|
||||
value: {{ .Values.oidc.clientSecret }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
|
||||
value: {{ .Values.oidc.claimName }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX
|
||||
value: {{ .Values.oidc.claimPrefix }}
|
||||
- name: MINIO_IDENTITY_OPENID_SCOPES
|
||||
value: {{ .Values.oidc.scopes }}
|
||||
- name: MINIO_IDENTITY_OPENID_REDIRECT_URI
|
||||
value: {{ .Values.oidc.redirectUri }}
|
||||
- name: MINIO_IDENTITY_OPENID_COMMENT
|
||||
value: {{ .Values.oidc.comment }}
|
||||
{{- end}}
|
||||
{{- if .Values.etcd.endpoints }}
|
||||
- name: MINIO_ETCD_ENDPOINTS
|
||||
value: {{ join "," .Values.etcd.endpoints | quote }}
|
||||
|
|
|
@ -154,6 +154,24 @@ spec:
|
|||
- name: MINIO_PROMETHEUS_AUTH_TYPE
|
||||
value: "public"
|
||||
{{- end}}
|
||||
{{- if .Values.oidc.enabled }}
|
||||
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
|
||||
value: {{ .Values.oidc.configUrl }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
|
||||
value: {{ .Values.oidc.clientId }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
|
||||
value: {{ .Values.oidc.clientSecret }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
|
||||
value: {{ .Values.oidc.claimName }}
|
||||
- name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX
|
||||
value: {{ .Values.oidc.claimPrefix }}
|
||||
- name: MINIO_IDENTITY_OPENID_SCOPES
|
||||
value: {{ .Values.oidc.scopes }}
|
||||
- name: MINIO_IDENTITY_OPENID_REDIRECT_URI
|
||||
value: {{ .Values.oidc.redirectUri }}
|
||||
- name: MINIO_IDENTITY_OPENID_COMMENT
|
||||
value: {{ .Values.oidc.comment }}
|
||||
{{- end}}
|
||||
{{- range $key, $val := .Values.environment }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $val | quote }}
|
||||
|
|
|
@ -421,6 +421,21 @@ environment:
|
|||
##
|
||||
# extraSecret: minio-extraenv
|
||||
|
||||
## OpenID Identity Management
|
||||
## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider.
|
||||
## See https://docs.min.io/minio/baremetal/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these variables.
|
||||
oidc:
|
||||
enabled: false
|
||||
configUrl: "https://identity-provider-url/.well-known/openid-configuration"
|
||||
clientId: "minio"
|
||||
clientSecret: ""
|
||||
claimName: "policy"
|
||||
scopes: "openid,profile,email"
|
||||
redirectUri: "https://console-endpoint-url/oauth_callback"
|
||||
# Can leave empty
|
||||
claimPrefix: ""
|
||||
comment: ""
|
||||
|
||||
networkPolicy:
|
||||
enabled: false
|
||||
allowExternal: true
|
||||
|
|
Loading…
Reference in New Issue