fixup! feat: freshrss sso

2025-09-17 18:24:14 +02:00 · 2024-06-14 11:13:00 +02:00
parent 2251b45a31
commit 1bfdbab4e7
7 changed files with 95 additions and 67 deletions
--- a/kubernetes/apps/default/freshrss/app/externalsecret.yaml
+++ b/kubernetes/apps/default/freshrss/app/externalsecret.yaml
@@ -15,7 +15,8 @@ spec:
      engineVersion: v2
      data:
        # App
-        OIDC_CLIENT_CRYPTO_KEY: "{{ .FRESHRSS_OAUTH_CLIENT_SECRET }}"
+        OIDC_CLIENT_SECRET: "{{ .FRESHRSS_OAUTH_CLIENT_SECRET }}"
+        OIDC_CLIENT_CRYPTO_KEY: "{{ .FRESHRSS_OIDC_CLIENT_CRYPTO_KEY}}"
        # Postgres Init
        INIT_POSTGRES_DBNAME: freshrss
        INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local
@@ -24,7 +25,7 @@ spec:
        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
  dataFrom:
    - extract:
-        key: autthelia
+        key: authelia
    - extract:
        key: cloudnative-pg
    - extract:
--- a/kubernetes/apps/default/freshrss/app/helmrelease.yaml
+++ b/kubernetes/apps/default/freshrss/app/helmrelease.yaml
@@ -52,10 +52,10 @@ spec:
              OIDC_ENABLED: 1
              OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration
              OIDC_CLIENT_ID: freshrss
-              OIDC_CLIENT_SECRET: insecure_secret
              OIDC_REMOTE_USER_CLAIM: preferred_username
              OIDC_SCOPES: openid groups email profile
              OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
+            envFrom: *envFrom
            resources:
              requests:
                cpu: 50m