Add Authentik OIDC provider K8s manifests and wire deployment
- deploy/authentik.yaml: PostgreSQL StatefulSet, Redis, Authentik server (NodePort 30900) and worker, all in cameleer namespace - deploy/server.yaml: Add CAMELEER_JWT_SECRET and CAMELEER_OIDC_* env vars from secrets (all optional for backward compat) - ci.yml: Create authentik-credentials and cameleer-oidc secrets, deploy Authentik before the server - HOWTO.md: Authentik setup instructions, updated architecture diagram and Gitea secrets list Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -52,6 +52,36 @@ spec:
|
||||
optional: true
|
||||
- name: CAMELEER_UI_ORIGIN
|
||||
value: "http://192.168.50.86:30090"
|
||||
- name: CAMELEER_JWT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cameleer-auth
|
||||
key: CAMELEER_JWT_SECRET
|
||||
optional: true
|
||||
- name: CAMELEER_OIDC_ENABLED
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cameleer-oidc
|
||||
key: CAMELEER_OIDC_ENABLED
|
||||
optional: true
|
||||
- name: CAMELEER_OIDC_ISSUER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cameleer-oidc
|
||||
key: CAMELEER_OIDC_ISSUER
|
||||
optional: true
|
||||
- name: CAMELEER_OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cameleer-oidc
|
||||
key: CAMELEER_OIDC_CLIENT_ID
|
||||
optional: true
|
||||
- name: CAMELEER_OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cameleer-oidc
|
||||
key: CAMELEER_OIDC_CLIENT_SECRET
|
||||
optional: true
|
||||
resources:
|
||||
requests:
|
||||
memory: "256Mi"
|
||||
|
||||
Reference in New Issue
Block a user