From c78dec54d7c454af5d29364bf0167b518f1b669b Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Sat, 10 Jan 2026 00:55:11 +0900 Subject: [PATCH] FEAT(authelia): add Zot OIDC client - Add Zot client to OIDC providers - Add ZOT_CLIENT_SECRET to ExternalSecret - Add volume mount for Zot client secret --- authelia/helm-values.yaml | 20 ++++++++++++++++++++ authelia/manifests/secret.yaml | 5 +++++ 2 files changed, 25 insertions(+) diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index 56b67aa..1d3791a 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -30,6 +30,8 @@ pod: path: HEADLAMP_CLIENT_SECRET - key: VAULT_CLIENT_SECRET path: VAULT_CLIENT_SECRET + - key: ZOT_CLIENT_SECRET + path: ZOT_CLIENT_SECRET - key: identity_providers.oidc.jwks.key path: jwks.pem extraVolumeMounts: @@ -45,6 +47,10 @@ pod: mountPath: /secrets/VAULT_CLIENT_SECRET subPath: VAULT_CLIENT_SECRET readOnly: true + - name: oidc-secrets + mountPath: /secrets/ZOT_CLIENT_SECRET + subPath: ZOT_CLIENT_SECRET + readOnly: true - name: oidc-secrets mountPath: /secrets/jwks.pem subPath: jwks.pem @@ -165,6 +171,20 @@ configMap: - profile - email token_endpoint_auth_method: client_secret_post + - client_id: zot + client_name: Zot Registry + client_secret: + path: /secrets/ZOT_CLIENT_SECRET + public: false + authorization_policy: one_factor + claims_policy: default + redirect_uris: + - https://zot0213.kro.kr/zot/auth/callback/oidc + scopes: + - openid + - profile + - email + token_endpoint_auth_method: client_secret_post # Secret configuration - use existing secret from Vault secret: diff --git a/authelia/manifests/secret.yaml b/authelia/manifests/secret.yaml index 498cf05..1762abb 100644 --- a/authelia/manifests/secret.yaml +++ b/authelia/manifests/secret.yaml @@ -52,3 +52,8 @@ spec: remoteRef: key: authelia property: VAULT_CLIENT_SECRET + # Zot OIDC client secret + - secretKey: ZOT_CLIENT_SECRET + remoteRef: + key: authelia + property: ZOT_CLIENT_SECRET