MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add paramaters in Helm chart to load OIDC clientSecret from Secret Resource (#17784)

This commit is contained in:
Alik 2023-09-30 22:44:38 +02:00 committed by GitHub
parent 6d20ec3bea
commit c053e57068
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
helm/minio/templates/deployment.yaml
View File

@ -120,7 +120,14 @@ spec:
- name: MINIO_IDENTITY_OPENID_CLIENT_ID - name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: {{ .Values.oidc.clientId }} value: {{ .Values.oidc.clientId }}
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
{{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
valueFrom:
secretKeyRef:
name: {{ .Values.oidc.existingClientSecretName }}
key: {{ .Values.oidc.existingClientSecretKey }}
{{- else }}
value: {{ .Values.oidc.clientSecret }} value: {{ .Values.oidc.clientSecret }}
{{- end }}
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: {{ .Values.oidc.claimName }} value: {{ .Values.oidc.claimName }}
- name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX

7
helm/minio/templates/statefulset.yaml
View File

@ -158,7 +158,14 @@ spec:
- name: MINIO_IDENTITY_OPENID_CLIENT_ID - name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: {{ .Values.oidc.clientId }} value: {{ .Values.oidc.clientId }}
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
{{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
valueFrom:
secretKeyRef:
name: {{ .Values.oidc.existingClientSecretName }}
key: {{ .Values.oidc.existingClientSecretKey }}
{{- else }}
value: {{ .Values.oidc.clientSecret }} value: {{ .Values.oidc.clientSecret }}
{{- end }}
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: {{ .Values.oidc.claimName }} value: {{ .Values.oidc.claimName }}
- name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX

3
helm/minio/values.yaml
View File

@ -486,6 +486,9 @@ oidc:
configUrl: "https://identity-provider-url/.well-known/openid-configuration" configUrl: "https://identity-provider-url/.well-known/openid-configuration"
clientId: "minio" clientId: "minio"
clientSecret: "" clientSecret: ""
# Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientSecret`
existingClientSecretName: ""
existingClientSecretKey: ""
claimName: "policy" claimName: "policy"
scopes: "openid,profile,email" scopes: "openid,profile,email"
redirectUri: "https://console-endpoint-url/oauth_callback" redirectUri: "https://console-endpoint-url/oauth_callback"