feat: freshrss sso

2025-09-17 18:24:14 +02:00 · 2024-06-14 11:09:58 +02:00
parent c0af3863e7
commit daf03459c5
3 changed files with 30 additions and 31 deletions
--- a/kubernetes/apps/default/freshrss/app/externalsecret.yaml
+++ b/kubernetes/apps/default/freshrss/app/externalsecret.yaml
@@ -14,6 +14,8 @@ spec:
    template:
      engineVersion: v2
      data:
+        # App
+        OIDC_CLIENT_CRYPTO_KEY: "{{ .FRESHRSS_OAUTH_CLIENT_SECRET }}"
        # Postgres Init
        INIT_POSTGRES_DBNAME: freshrss
        INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local
@@ -21,6 +23,8 @@ spec:
        INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
  dataFrom:
+    - extract:
+        key: autthelia
    - extract:
        key: cloudnative-pg
    - extract:
--- a/kubernetes/apps/default/freshrss/app/helmrelease.yaml
+++ b/kubernetes/apps/default/freshrss/app/helmrelease.yaml
@@ -49,6 +49,13 @@ spec:
              TZ: ${TIMEZONE}
              CRON_MIN: 18,48
              DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/"
+              OIDC_ENABLED: 1
+              OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration
+              OIDC_CLIENT_ID: freshrss
+              OIDC_CLIENT_SECRET: insecure_secret
+              OIDC_REMOTE_USER_CLAIM: preferred_username
+              OIDC_SCOPES: openid groups email profile
+              OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
            resources:
              requests:
                cpu: 50m