Furumi: Added web ui with OIDC SSO

2026-03-17 14:35:13 +00:00
parent cfda43e116
commit 1843cb2beb
2 changed files with 45 additions and 3 deletions
--- a/k8s/apps/furumi-server/deployment.yaml
+++ b/k8s/apps/furumi-server/deployment.yaml
@@ -24,8 +24,28 @@ spec:
            - name: FURUMI_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: furumi-ng-token
+                  name: furumi-ng-creds
                  key: TOKEN
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_ID
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_SECRET
+            - name: OIDC_ISSUER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_ISSUER_URL
+            - name: OIDC_REDIRECT_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_REDIRECT_URL
            - name: FURUMI_ROOT
              value: "/media"
          ports:
--- a/k8s/apps/furumi-server/external-secrets.yaml
+++ b/k8s/apps/furumi-server/external-secrets.yaml
@@ -2,16 +2,22 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: furumi-ng-token
+  name: furumi-ng-creds
 spec:
  target:
-    name: furumi-ng-token
+    name: furumi-ng-creds
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        TOKEN: |-
          {{ .token }}
+        OIDC_CLIENT_ID: |-
+          {{ .client_id }}
+        OIDC_CLIENT_SECRET: |-
+          {{ .client_secret }}
+        OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-ng-web/
+        OIDC_REDIRECT_URL: https://music.hexor.cy/auth/callback
  data:
    - secretKey: token
      sourceRef:
@@ -21,3 +27,19 @@ spec:
      remoteRef:
        key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f
        property: fields[0].value
+    - secretKey: client_id
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f
+        property: fields[1].value
+    - secretKey: client_secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f
+        property: fields[2].value