FEAT(authelia): configure immich oidc

- Add ExternalSecret for OIDC client secret - Add OAuth environment variables - Remove Authelia middleware (using direct OIDC)
2026-01-02 21:09:39 +09:00
parent fbe5734fc1
commit dba1ae56a0
3 changed files with 32 additions and 1 deletions
--- a/immich/helm-values.yaml
+++ b/immich/helm-values.yaml
@@ -18,6 +18,19 @@ controllers:
              secretKeyRef:
                name: immich-postgres-password
                key: password
+          # OAuth/OIDC configuration
+          OAUTH_ENABLED: "true"
+          OAUTH_ISSUER_URL: https://auth0213.kro.kr
+          OAUTH_CLIENT_ID: immich
+          OAUTH_CLIENT_SECRET:
+            valueFrom:
+              secretKeyRef:
+                name: immich-oidc
+                key: OAUTH_CLIENT_SECRET
+          OAUTH_SCOPE: "openid profile email"
+          OAUTH_AUTO_REGISTER: "true"
+          OAUTH_BUTTON_TEXT: "Login with Authelia"
+          OAUTH_AUTO_LAUNCH: "true"

 # Immich configuration
 immich:
@@ -55,7 +68,6 @@ server:
      className: traefik
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
-        traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
      hosts:
        - host: immich0213.kro.kr
          paths: