oauth2-client: migrate apps to use oauth2-client helm chart (#90)
* headscale: use oauth2-client helm chart
* pihole: use oauth2-client helm chart
* matrix: use oauth2-client helm chart
* oauth2: pass issuer address to pihole, headscale and matrix apps
* pihole: fix secret name
* matrix: fix version to v1.98.0
* headscale: make oauth2-client depend on auth release
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/core/installer/values-tmpl/pihole.cue b/core/installer/values-tmpl/pihole.cue
index c9cc61d..a1ec66a 100644
--- a/core/installer/values-tmpl/pihole.cue
+++ b/core/installer/values-tmpl/pihole.cue
@@ -21,6 +21,14 @@
}
charts: {
+ oauth2Client: {
+ chart: "charts/oauth2-client"
+ sourceRef: {
+ kind: "GitRepository"
+ name: "pcloud"
+ namespace: global.id
+ }
+ }
pihole: {
chart: "charts/pihole"
sourceRef: {
@@ -31,7 +39,21 @@
}
}
+_oauth2ClientSecretName: "oauth2-client"
+
helm: {
+ "oauth2-client": {
+ chart: charts.oauth2Client
+ values: {
+ name: "oauth2-client"
+ secretName: _oauth2ClientSecretName
+ grantTypes: ["authorization_code"]
+ responseTypes: ["code"]
+ scope: "openid profile email"
+ redirectUris: ["https://\(_domain)/oauth2/callback"]
+ hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
+ }
+ }
pihole: {
chart: charts.pihole
values: {
@@ -81,11 +103,11 @@
}
}
oauth2: {
- secretName: "oauth2-secret"
- configName: "oauth2-proxy"
- hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc"
+ cookieSecret: "1234123443214321"
+ secretName: _oauth2ClientSecretName
+ issuer: "https://hydra.\(global.domain)"
}
- hydraPublic: "https://hydra.\(global.domain)"
+ configName: "oauth2-proxy"
profileUrl: "https://accounts-ui.\(global.domain)"
ingressClassName: input.network.ingressClass
certificateIssuer: input.network.certificateIssuer