Skip to content

Commit

Permalink
feature: allow multiple OIDC providers and different domains
Browse files Browse the repository at this point in the history
  • Loading branch information
@cedricve
cedricve committed Jan 30, 2024
1 parent 372f129 commit d4da312
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 18 deletions.
18 changes: 10 additions & 8 deletions charts/hub/templates/kerberos-hub/hub-api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,14 +172,16 @@ spec:
value: "{{ .Values.kerberoshub.api.jwtSecret }}"

# SSO (OIDC) setup
- name: SSO_ISSUER
value: "{{ .Values.kerberoshub.api.sso.issuer }}"
- name: SSO_CLIENTID
value: "{{ .Values.kerberoshub.api.sso.clientId }}"
- name: SSO_CLIENTSECRET
value: "{{ .Values.kerberoshub.api.sso.clientSecret }}"
- name: SSO_REDIRECTURL
value: "{{ .Values.kerberoshub.api.schema }}://{{ .Values.kerberoshub.api.url }}{{ .Values.kerberoshub.api.sso.redirectUrl }}"
- name: SSO_DOMAINS
value: "{{- range .Values.kerberoshub.api.sso }}{{ .domain }};{{- end }}"
- name: SSO_REDIRECTURLS
value: "{{- range .Values.kerberoshub.api.sso }}{{ .redirectUrl }};{{- end }}"
- name: SSO_ISSUERS
value: "{{- range .Values.kerberoshub.api.sso }}{{ .issuer }};{{- end }}"
- name: SSO_CLIENTIDS
value: "{{- range .Values.kerberoshub.api.sso }}{{ .clientId }};{{- end }}"
- name: SSO_CLIENTSECRETS
value: "{{- range .Values.kerberoshub.api.sso }}{{ .clientSecret }};{{- end }}"

# Kerberos pipeline
- name: QUEUE_SYSTEM
Expand Down
5 changes: 3 additions & 2 deletions charts/hub/templates/kerberos-hub/hub-frontend.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
env:
- name: SSO_DOMAIN
value: "{{ .Values.kerberoshub.frontend.ssoDomain }}"
- name: SSO_DOMAINS
# get the domain attribute from the list of sso domains
value: "{{- range .Values.kerberoshub.api.sso }}{{ .domain }};{{- end }}"
- name: TITLE
value: "{{ .Values.kerberoshub.frontend.title }}"
- name: LOGO_NAME
Expand Down
20 changes: 12 additions & 8 deletions charts/hub/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ kerberoshub:
api:
repository: kerberos/hub-api
pullPolicy: IfNotPresent
tag: "1.0.1065879492"
tag: "1.0.1158276216"
replicas: 2
jwtSecret: "this-is-a-secret-please-change-to-random-string" # change to a random value, this is for generating JWT tokens.
schema: "https"
Expand Down Expand Up @@ -203,14 +203,20 @@ kerberoshub:
username: ""
password: ""
sso: # OIDC settings for allowing SSO.
issuer: "" #"https://accounts.google.com"
clientId: "" # 4294xxxxsk4no3.apps.googleusercontent.com"
clientSecret: "" # UksvZ-QKGdB1W2mOu5l_Jg3R"
redirectUrl: "/sso/response"
- domain: "uug.ai"
redirectUrl: "https://api.cloud.kerberos.io/sso/callback/uug.ai"
issuer: "https://xxx.eu.auth0.com/"
clientId: "xxx"
clientSecret: "xxx"
- domain: "kerberos.io"
redirectUrl: "https://api.cloud.kerberos.io/sso/callback/kerberos.io"
issuer: "https://accounts.google.com"
clientId: "xxx"
clientSecret: "xxx"
frontend:
repository: kerberos/hub-frontend
pullPolicy: IfNotPresent
tag: "1.0.1070125878"
tag: "1.0.1158265189"
replicas: 2
schema: "https"
url: "yourdomain.com"
Expand All @@ -235,7 +241,6 @@ kerberoshub:
# - hosts:
# - "demo.yourdomain.com"
# secretName: kerberoshub-demo
ssoDomain: "@yourdomain.com"
mixpanel: # We can keep track logging in Mixpanel as well
apikey: "xxx"
sentry: # We can trace errors in Sentry
Expand All @@ -250,7 +255,6 @@ kerberoshub:
key: "xxx"
url: "https://posthog.domain.com"


# You can disable the Kerberos agent buttons, this make sense
# in a white-label setup, or where you are managing the Kerberos Agents for your customers.
hideAddAgent: "false"
Expand Down

0 comments on commit d4da312

Please sign in to comment.