| Giorgi Lekveishvili | cc56ae9 | 2023-05-31 17:50:39 +0400 | [diff] [blame] | 1 | {{- $secret := include "clientSecret" . -}} |
| 2 | apiVersion: hydra.ory.sh/v1alpha1 |
| 3 | kind: OAuth2Client |
| 4 | metadata: |
| 5 | name: headscale |
| 6 | namespace: {{ .Release.Namespace }} |
| 7 | spec: |
| 8 | grantTypes: |
| 9 | - authorization_code |
| 10 | responseTypes: |
| 11 | - code |
| 12 | scope: "openid profile email" |
| 13 | secretName: {{ .Values.oauth2.secretName }} |
| 14 | redirectUris: |
| Giorgi Lekveishvili | e390a14 | 2023-06-01 11:52:39 +0400 | [diff] [blame] | 15 | - https://{{ .Values.domain }}/oidc/callback |
| Giorgi Lekveishvili | cc56ae9 | 2023-05-31 17:50:39 +0400 | [diff] [blame] | 16 | hydraAdmin: |
| 17 | url: {{ .Values.oauth2.hydraAdmin }} |
| 18 | port: 80 |
| Giorgi Lekveishvili | e390a14 | 2023-06-01 11:52:39 +0400 | [diff] [blame] | 19 | endpoint: /admin/clients |
| Giorgi Lekveishvili | cc56ae9 | 2023-05-31 17:50:39 +0400 | [diff] [blame] | 20 | forwardedProto: https |
| Giorgi Lekveishvili | e390a14 | 2023-06-01 11:52:39 +0400 | [diff] [blame] | 21 | --- |
| 22 | apiVersion: v1 |
| 23 | kind: Secret |
| 24 | metadata: |
| 25 | name: {{ .Values.oauth2.secretName }} |
| 26 | namespace: {{ .Release.Namespace }} |
| 27 | data: |
| 28 | client_id: {{ .Values.oauth2.clientId | b64enc}} |
| 29 | client_secret: {{ $secret | b64enc }} |