diff --git a/charts/freshrss/Chart.yaml b/charts/freshrss/Chart.yaml index a0974dc..087511e 100644 --- a/charts/freshrss/Chart.yaml +++ b/charts/freshrss/Chart.yaml @@ -23,7 +23,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.5.0 +version: 1.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/freshrss/templates/deployment.yaml b/charts/freshrss/templates/deployment.yaml index d66db64..84e3b37 100644 --- a/charts/freshrss/templates/deployment.yaml +++ b/charts/freshrss/templates/deployment.yaml @@ -70,6 +70,59 @@ spec: {{- end }} --language {{ .Values.freshrss.autoInstall.language }} {{- end }} + {{- if .Values.freshrss.oidc.enabled }} + - name: OIDC_ENABLED + value: true + {{- with .Values.freshrss.oidc }} + - name: OIDC_PROVIDER_METADATA_URL + value: {{ .providerMetadataUrl }} + {{- if .existingClientSecret.name }} + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .existingClientSecret.name }} + key: {{ .existingClientSecret.clientIdKey }} + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .existingClientSecret.name }} + key: {{ .existingClientSecret.clientSecretKey }} + - name: OIDC_CLIENT_CRYPTO_KEY + valueFrom: + secretKeyRef: + name: {{ .existingClientSecret.name }} + key: {{ .existingClientSecret.clientCryptoKeyKey }} + {{- else }} + - name: OIDC_CLIENT_ID + value: {{ .clientId }} + - name: OIDC_CLIENT_SECRET + value: {{ .clientSecretKey }} + - name: OIDC_CLIENT_CRYPTO_KEY + value: {{ .clientCryptoKey }} + {{- end }} + {{- if .remoteUserClaim }} + - name: OIDC_REMOTE_USER_CLAIM + value: {{ .remoteUserClaim }} + {{- end }} + {{- if .scopes }} + - name: OIDC_SCOPES + value: {{ printf "%s" (join " " .scopes) }} + {{- end }} + {{- if .xForwardedHeaders }} + - name: OIDC_X_FORWARDED_HEADERS + value: {{ printf "%s" (join " " .xForwardedHeaders) }} + {{- end }} + - name: OIDC_SESSION_INACTIVITY_TIMEOUT + value: {{ .session.inactivityTimeout }} + {{- if .session.maxDuration > -1 }} + - name: OIDC_SESSION_MAX_DURATION + value: {{ printf "%d" (add .session.maxDuration) }} + {{- end }} + {{- if .session.type }} + - name: OIDC_SESSION_TYPE + value: {{ .session.type }} + {{- end }} + {{- end }} livenessProbe: httpGet: path: /i/ diff --git a/charts/freshrss/values.yaml b/charts/freshrss/values.yaml index 5b97211..fed37eb 100644 --- a/charts/freshrss/values.yaml +++ b/charts/freshrss/values.yaml @@ -78,6 +78,29 @@ freshrss: enabled: false # -- Minute(s) past the hour to run cron cronMin: "13,43" + oidc: + enabled: false + providerMetadataUrl: "" + clientId: "" + clientSecret: "" + clientCryptoKey: "" + existingClientSecret: + name: "" + clientIdKey: clientId + clientSecretKey: clientSecret + clientCryptoKeyKey: clientCryptoKey + remoteUserClaim: "" + scopes: [] + # - openid + xForwardedHeaders: [] + # - Forwarded + # - X-Forwarded-Host + # - X-Forwarded-Port + # - X-Forwarded-Proto + session: + inactivityTimeout: 300 + maxDuration: -1 + type: "" persistence: enabled: false