thumbscrw/k8s-charts
1
0
Fork 0
mirror of https://github.com/Thumbscrew/k8s-charts.git synced 2025-04-04 14:23:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add OIDC config for Freshrss (#107)

Browse Source
This commit is contained in:
James 2025-03-11 13:09:24 +00:00 committed by GitHub
parent b9020d4dfe
commit 8f2499b55e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 106 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/freshrss/Chart.yaml
View File

@ -23,7 +23,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.5.0 version: 1.6.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to

15
charts/freshrss/README.md
View File

@ -1,6 +1,6 @@
# freshrss # freshrss
![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square) ![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square)
A Helm chart for FreshRSS A Helm chart for FreshRSS
@ -30,6 +30,19 @@ A Helm chart for FreshRSS
| freshrss.cron.cronMin | string | `"13,43"` | Minute(s) past the hour to run cron | | freshrss.cron.cronMin | string | `"13,43"` | Minute(s) past the hour to run cron |
| freshrss.cron.enabled | bool | `false` | Enable Cron to periodically refresh feeds | | freshrss.cron.enabled | bool | `false` | Enable Cron to periodically refresh feeds |
| freshrss.freshEnv | string | `"production"` | Enables additional development information if set to `development` (increases the level of logging and ensures that errors are displayed) | | freshrss.freshEnv | string | `"production"` | Enables additional development information if set to `development` (increases the level of logging and ensures that errors are displayed) |
| freshrss.oidc | object | `{"clientCryptoKey":"","clientId":"","clientSecret":"","enabled":false,"existingClientSecret":{"clientCryptoKeyKey":"clientCryptoKey","clientIdKey":"clientId","clientSecretKey":"clientSecret","name":""},"providerMetadataUrl":"","remoteUserClaim":"","scopes":[],"session":{"inactivityTimeout":300,"maxDuration":-1,"type":""},"xForwardedHeaders":[]}` | See Configuration Environment Variables at https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html |
| freshrss.oidc.clientCryptoKey | string | `""` | Sets OIDC_CLIENT_CRYPTO_KEY |
| freshrss.oidc.clientId | string | `""` | Sets OIDC_CLIENT_ID |
| freshrss.oidc.clientSecret | string | `""` | Sets OIDC_CLIENT_SECRET |
| freshrss.oidc.enabled | bool | `false` | Sets OIDC_ENABLED to true |
| freshrss.oidc.existingClientSecret | object | `{"clientCryptoKeyKey":"clientCryptoKey","clientIdKey":"clientId","clientSecretKey":"clientSecret","name":""}` | A Kubernetes secret that contains the clientId, clientSecret and clientCryptoKey |
| freshrss.oidc.providerMetadataUrl | string | `""` | Sets OIDC_PROVIDER_METADATA_URL |
| freshrss.oidc.remoteUserClaim | string | `""` | Sets OIDC_REMOTE_USER_CLAIM |
| freshrss.oidc.scopes | list | `[]` | Sets OIDC_SCOPES (list is concatenated) |
| freshrss.oidc.session.inactivityTimeout | int | `300` | Sets OIDC_SESSION_INACTIVITY_TIMEOUT |
| freshrss.oidc.session.maxDuration | int | `-1` | Sets OIDC_SESSION_MAX_DURATION |
| freshrss.oidc.session.type | string | `""` | Sets OIDC_SESSION_TYPE |
| freshrss.oidc.xForwardedHeaders | list | `[]` | Sets OIDC_X_FORWARDED_HEADERS (list is concatenated) |
| freshrss.timezone | string | `"UTC"` | PHP Timezone - see https://www.php.net/timezones | | freshrss.timezone | string | `"UTC"` | PHP Timezone - see https://www.php.net/timezones |
| fullnameOverride | string | `""` | | | fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | | | image.pullPolicy | string | `"IfNotPresent"` | |

55
charts/freshrss/templates/deployment.yaml
View File

@ -70,6 +70,61 @@ spec:
{{- end }} {{- end }}
--language {{ .Values.freshrss.autoInstall.language }} --language {{ .Values.freshrss.autoInstall.language }}
{{- end }} {{- end }}
{{- if .Values.freshrss.oidc.enabled }}
- name: OIDC_ENABLED
value: "true"
{{- with .Values.freshrss.oidc }}
- name: OIDC_PROVIDER_METADATA_URL
value: {{ .providerMetadataUrl }}
{{- if .existingClientSecret.name }}
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .existingClientSecret.name }}
key: {{ .existingClientSecret.clientIdKey }}
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .existingClientSecret.name }}
key: {{ .existingClientSecret.clientSecretKey }}
- name: OIDC_CLIENT_CRYPTO_KEY
valueFrom:
secretKeyRef:
name: {{ .existingClientSecret.name }}
key: {{ .existingClientSecret.clientCryptoKeyKey }}
{{- else }}
- name: OIDC_CLIENT_ID
value: {{ .clientId }}
- name: OIDC_CLIENT_SECRET
value: {{ .clientSecretKey }}
- name: OIDC_CLIENT_CRYPTO_KEY
value: {{ .clientCryptoKey }}
{{- end }}
{{- if .remoteUserClaim }}
- name: OIDC_REMOTE_USER_CLAIM
value: {{ .remoteUserClaim }}
{{- end }}
{{- if .scopes }}
- name: OIDC_SCOPES
value: {{ printf "%s" (join " " .scopes) }}
{{- end }}
{{- if .xForwardedHeaders }}
- name: OIDC_X_FORWARDED_HEADERS
value: {{ printf "%s" (join " " .xForwardedHeaders) }}
{{- end }}
- name: OIDC_SESSION_INACTIVITY_TIMEOUT
# value: {{ printf "%d" (add .session.inactivityTimeout) }}
value: "{{ .session.inactivityTimeout }}"
{{- if ge .session.maxDuration 0.0 }}
- name: OIDC_SESSION_MAX_DURATION
value: "{{ .session.maxDuration }}"
{{- end }}
{{- if .session.type }}
- name: OIDC_SESSION_TYPE
value: {{ .session.type }}
{{- end }}
{{- end }}
{{- end }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /i/ path: /i/

36
charts/freshrss/values.yaml
View File

@ -78,6 +78,42 @@ freshrss:
enabled: false enabled: false
# -- Minute(s) past the hour to run cron # -- Minute(s) past the hour to run cron
cronMin: "13,43" cronMin: "13,43"
# -- See Configuration Environment Variables at https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html
oidc:
# -- Sets OIDC_ENABLED to true
enabled: false
# -- Sets OIDC_PROVIDER_METADATA_URL
providerMetadataUrl: ""
# -- Sets OIDC_CLIENT_ID
clientId: ""
# -- Sets OIDC_CLIENT_SECRET
clientSecret: ""
# -- Sets OIDC_CLIENT_CRYPTO_KEY
clientCryptoKey: ""
# -- A Kubernetes secret that contains the clientId, clientSecret and clientCryptoKey
existingClientSecret:
name: ""
clientIdKey: clientId
clientSecretKey: clientSecret
clientCryptoKeyKey: clientCryptoKey
# -- Sets OIDC_REMOTE_USER_CLAIM
remoteUserClaim: ""
# -- Sets OIDC_SCOPES (list is concatenated)
scopes: []
# - openid
# -- Sets OIDC_X_FORWARDED_HEADERS (list is concatenated)
xForwardedHeaders: []
# - Forwarded
# - X-Forwarded-Host
# - X-Forwarded-Port
# - X-Forwarded-Proto
session:
# -- Sets OIDC_SESSION_INACTIVITY_TIMEOUT
inactivityTimeout: 300
# -- Sets OIDC_SESSION_MAX_DURATION
maxDuration: -1
# -- Sets OIDC_SESSION_TYPE
type: ""
persistence: persistence:
enabled: false enabled: false