Add auth issuer uri

.github/workflows/build-push-charts.yaml

@@ -42,6 +42,17 @@ jobs:
           HELM_INTERNAL_REGISTRY_USERNAME: ${{ secrets.HELM_INTERNAL_REGISTRY_USERNAME }}
           HELM_INTERNAL_REGISTRY_PASSWORD: ${{ secrets.HELM_INTERNAL_REGISTRY_PASSWORD }}
 
-      - name: Push chart
+      - name: Push chart to verses
         run: |-
           helm push dist/${{ matrix.chart }}-${{ matrix.version }}.tgz oci://registry.develop.verses.io/helm-internal
+      
+      - name: Login to ghcr
+        run: |-
+          echo "${HELM_GHCR_REGISTRY_PASSWORD}" | helm registry login ghcr.io/versestech/helm-charts --username "${HELM_GHCR_REGISTRY_USERNAME}" --password-stdin
+        env:
+          HELM_GHCR_REGISTRY_USERNAME: ${{ github.actor }}
+          HELM_GHCR_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push chart to ghcr
+        run: |-
+          helm push dist/${{ matrix.chart }}-${{ matrix.version }}.tgz oci://ghcr.io/versestech/helm-charts

charts/genius-core/README.md

@@ -64,7 +64,8 @@ license:
 ### Authentication
 Authentication to Genius Core can be configured by setting variables to point to an existing OIDC provider.
 The following parameters in the values file:
-- `auth.jwksUri`: JWKS URI for your auth provider
+- `auth.issuerUri`: Auth issuer URI for your auth provider (usually `<ISSUER_DOMAIN>/.well-known/openid-configuration`)
+  - (alternatively) `auth.jwksUri`: JWKS URI for your auth provider
 - `auth.defaultProvider`: Name of your auth provider
 - `auth.initialAdminUserId`: The `sub` claim from the initial admin user's auth token/id token.
 
@@ -155,10 +156,12 @@ ingress:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| additionalEnv | list | `[]` |  |
 | affinity | object | `{}` |  |
 | allowedOrigins | string | `"*"` |  |
 | auth.defaultProvider | string | `"auth0"` |  |
 | auth.initialAdminUserId | string | `""` |  |
+| auth.issuerUri | string | `"https://kosm-dev-verses.us.auth0.com/.well-known/openid-configuration"` |  |
 | auth.jwksUri | string | `"https://kosm-dev-verses.us.auth0.com/.well-known/jwks.json"` |  |
 | auth.skipValidateJwtExpiry | bool | `false` |  |
 | extraObjects | list | `[]` | Extra K8s manifests to deploy # Note: Supports use of custom Helm templates |

charts/genius-core/README.md.gotmpl

@@ -70,7 +70,8 @@ license:
 ### Authentication
 Authentication to Genius Core can be configured by setting variables to point to an existing OIDC provider.
 The following parameters in the values file:
-- `auth.jwksUri`: JWKS URI for your auth provider
+- `auth.issuerUri`: Auth issuer URI for your auth provider (usually `<ISSUER_DOMAIN>/.well-known/openid-configuration`)
+  - (alternatively) `auth.jwksUri`: JWKS URI for your auth provider
 - `auth.defaultProvider`: Name of your auth provider
 - `auth.initialAdminUserId`: The `sub` claim from the initial admin user's auth token/id token.
 

charts/genius-core/templates/statefulset.yaml

@@ -46,8 +46,13 @@ spec:
               value: "0.0.0.0:8080"
             - name: MODELS_DIR
               value: /app/models
+            {{- if .Values.auth.issuerUri }}
+            - name: AUTH_OIDC_URI
+              value: {{ .Values.auth.issuerUri | quote }}
+            {{- else if .Values.auth.jwksUri }}
             - name: JWKS_URI
               value: {{ .Values.auth.jwksUri | quote }}
+            {{- end }}
             - name: DEFAULT_ADMIN_ID
               value: {{ .Values.auth.initialAdminUserId | quote }}
             - name: DEFAULT_ADMIN_PROVIDER

charts/genius-core/values.yaml

@@ -3,6 +3,7 @@ serviceHostname: genius-core
 loglevel: info
 
 auth:
+  issuerUri: https://kosm-dev-verses.us.auth0.com/.well-known/openid-configuration
   jwksUri: https://kosm-dev-verses.us.auth0.com/.well-known/jwks.json
   initialAdminUserId: ""
   defaultProvider: auth0
@@ -256,4 +257,4 @@ pdb:
 extraObjects: []
 
 additionalEnv: []
-# key: value
+# key: value