feat: add OIDC config for Freshrss (#107)

2025-07-04 11:59:02 +00:00 · 2025-03-11 13:09:24 +00:00
parent b9020d4dfe
commit 8f2499b55e
4 changed files with 106 additions and 2 deletions
--- a/charts/freshrss/templates/deployment.yaml
+++ b/charts/freshrss/templates/deployment.yaml
@ -70,6 +70,61 @@ spec:
                {{- end }}
                --language {{ .Values.freshrss.autoInstall.language }}
            {{- end }}
+            {{- if .Values.freshrss.oidc.enabled }}
+            - name: OIDC_ENABLED
+              value: "true"
+            {{- with .Values.freshrss.oidc }}
+            - name: OIDC_PROVIDER_METADATA_URL
+              value: {{ .providerMetadataUrl }}
+            {{- if .existingClientSecret.name }}
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingClientSecret.name }}
+                  key: {{ .existingClientSecret.clientIdKey }}
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingClientSecret.name }}
+                  key: {{ .existingClientSecret.clientSecretKey }}
+            - name: OIDC_CLIENT_CRYPTO_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingClientSecret.name }}
+                  key: {{ .existingClientSecret.clientCryptoKeyKey }}
+            {{- else }}
+            - name: OIDC_CLIENT_ID
+              value: {{ .clientId }}
+            - name: OIDC_CLIENT_SECRET
+              value: {{ .clientSecretKey }}
+            - name: OIDC_CLIENT_CRYPTO_KEY
+              value: {{ .clientCryptoKey }}
+            {{- end }}
+            {{- if .remoteUserClaim }}
+            - name: OIDC_REMOTE_USER_CLAIM
+              value: {{ .remoteUserClaim }}
+            {{- end }}
+            {{- if .scopes }}
+            - name: OIDC_SCOPES
+              value: {{ printf "%s" (join " " .scopes) }}
+            {{- end }}
+            {{- if .xForwardedHeaders }}
+            - name: OIDC_X_FORWARDED_HEADERS
+              value: {{ printf "%s" (join " " .xForwardedHeaders) }}
+            {{- end }}
+            - name: OIDC_SESSION_INACTIVITY_TIMEOUT
+              # value: {{ printf "%d" (add .session.inactivityTimeout) }}
+              value: "{{ .session.inactivityTimeout }}"
+            {{- if ge .session.maxDuration 0.0 }}
+            - name: OIDC_SESSION_MAX_DURATION
+              value: "{{ .session.maxDuration }}"
+            {{- end }}
+            {{- if .session.type }}
+            - name: OIDC_SESSION_TYPE
+              value: {{ .session.type }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
          livenessProbe:
            httpGet:
              path: /i/