diff --git a/k8s/apps/furumi-server/deployment.yaml b/k8s/apps/furumi-server/deployment.yaml index 561da11..a4a78b2 100644 --- a/k8s/apps/furumi-server/deployment.yaml +++ b/k8s/apps/furumi-server/deployment.yaml @@ -24,8 +24,28 @@ spec: - name: FURUMI_TOKEN valueFrom: secretKeyRef: - name: furumi-ng-token + name: furumi-ng-creds key: TOKEN + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_CLIENT_ID + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_CLIENT_SECRET + - name: OIDC_ISSUER_URL + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_ISSUER_URL + - name: OIDC_REDIRECT_URL + valueFrom: + secretKeyRef: + name: furumi-ng-creds + key: OIDC_REDIRECT_URL - name: FURUMI_ROOT value: "/media" ports: diff --git a/k8s/apps/furumi-server/external-secrets.yaml b/k8s/apps/furumi-server/external-secrets.yaml index 6b0bca3..be4abfa 100644 --- a/k8s/apps/furumi-server/external-secrets.yaml +++ b/k8s/apps/furumi-server/external-secrets.yaml @@ -2,16 +2,22 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: furumi-ng-token + name: furumi-ng-creds spec: target: - name: furumi-ng-token + name: furumi-ng-creds deletionPolicy: Delete template: type: Opaque data: TOKEN: |- {{ .token }} + OIDC_CLIENT_ID: |- + {{ .client_id }} + OIDC_CLIENT_SECRET: |- + {{ .client_secret }} + OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-ng-web/ + OIDC_REDIRECT_URL: https://music.hexor.cy/auth/callback data: - secretKey: token sourceRef: @@ -21,3 +27,19 @@ spec: remoteRef: key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f property: fields[0].value + - secretKey: client_id + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f + property: fields[1].value + - secretKey: client_secret + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f + property: fields[2].value