FEAT(authelia): add Zot OIDC client

- Add Zot client to OIDC providers - Add ZOT_CLIENT_SECRET to ExternalSecret - Add volume mount for Zot client secret
2026-01-10 00:55:11 +09:00
parent 5f9573133e
commit c78dec54d7
2 changed files with 25 additions and 0 deletions
--- a/authelia/helm-values.yaml
+++ b/authelia/helm-values.yaml
@@ -30,6 +30,8 @@ pod:
            path: HEADLAMP_CLIENT_SECRET
          - key: VAULT_CLIENT_SECRET
            path: VAULT_CLIENT_SECRET
+          - key: ZOT_CLIENT_SECRET
+            path: ZOT_CLIENT_SECRET
          - key: identity_providers.oidc.jwks.key
            path: jwks.pem
  extraVolumeMounts:
@@ -45,6 +47,10 @@ pod:
      mountPath: /secrets/VAULT_CLIENT_SECRET
      subPath: VAULT_CLIENT_SECRET
      readOnly: true
+    - name: oidc-secrets
+      mountPath: /secrets/ZOT_CLIENT_SECRET
+      subPath: ZOT_CLIENT_SECRET
+      readOnly: true
    - name: oidc-secrets
      mountPath: /secrets/jwks.pem
      subPath: jwks.pem
@@ -165,6 +171,20 @@ configMap:
            - profile
            - email
          token_endpoint_auth_method: client_secret_post
+        - client_id: zot
+          client_name: Zot Registry
+          client_secret:
+            path: /secrets/ZOT_CLIENT_SECRET
+          public: false
+          authorization_policy: one_factor
+          claims_policy: default
+          redirect_uris:
+            - https://zot0213.kro.kr/zot/auth/callback/oidc
+          scopes:
+            - openid
+            - profile
+            - email
+          token_endpoint_auth_method: client_secret_post

 # Secret configuration - use existing secret from Vault
 secret:
--- a/authelia/manifests/secret.yaml
+++ b/authelia/manifests/secret.yaml
@@ -52,3 +52,8 @@ spec:
      remoteRef:
        key: authelia
        property: VAULT_CLIENT_SECRET
+    # Zot OIDC client secret
+    - secretKey: ZOT_CLIENT_SECRET
+      remoteRef:
+        key: authelia
+        property: ZOT_CLIENT_SECRET