diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index 23cf114..952998f 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -26,6 +26,8 @@ pod: path: HEADLAMP_CLIENT_SECRET - key: VAULT_CLIENT_SECRET path: VAULT_CLIENT_SECRET + - key: IMMICH_CLIENT_SECRET + path: IMMICH_CLIENT_SECRET - key: identity_providers.oidc.jwks.key path: jwks.pem extraVolumeMounts: @@ -41,6 +43,10 @@ pod: mountPath: /secrets/VAULT_CLIENT_SECRET subPath: VAULT_CLIENT_SECRET readOnly: true + - name: oidc-secrets + mountPath: /secrets/IMMICH_CLIENT_SECRET + subPath: IMMICH_CLIENT_SECRET + readOnly: true - name: oidc-secrets mountPath: /secrets/jwks.pem subPath: jwks.pem @@ -141,6 +147,21 @@ configMap: - email - groups token_endpoint_auth_method: client_secret_post + - client_id: immich + client_name: Immich + client_secret: + path: /secrets/IMMICH_CLIENT_SECRET + public: false + authorization_policy: one_factor + redirect_uris: + - https://immich0213.kro.kr/auth/login + - https://immich0213.kro.kr/user-settings + - app.immich:///oauth-callback + scopes: + - openid + - profile + - email + token_endpoint_auth_method: client_secret_post # Secret configuration - use existing secret from Vault secret: diff --git a/authelia/vault/authelia-secrets.yaml b/authelia/vault/authelia-secrets.yaml index 4fe8cc7..c83ced7 100644 --- a/authelia/vault/authelia-secrets.yaml +++ b/authelia/vault/authelia-secrets.yaml @@ -52,3 +52,8 @@ spec: remoteRef: key: cluster-infrastructure/authelia property: VAULT_CLIENT_SECRET + # Immich OIDC client secret + - secretKey: IMMICH_CLIENT_SECRET + remoteRef: + key: cluster-infrastructure/authelia + property: IMMICH_CLIENT_SECRET