FIX(authelia): fix Authelia secret key names

- Update key names to match chart expectations - Fix ExternalSecret configuration
2026-01-02 00:13:28 +09:00
parent de5183469e
commit d88cf75b95
2 changed files with 4 additions and 65 deletions
--- a/authelia/helm-values.yaml
+++ b/authelia/helm-values.yaml
@@ -18,17 +18,11 @@ pod:
    - name: users-database
      configMap:
        name: authelia-config
-    - name: oidc-clients
-      secret:
-        secretName: authelia-oidc-clients
  extraVolumeMounts:
    - name: users-database
      mountPath: /config/users_database.yml
      subPath: users_database.yml
      readOnly: true
-    - name: oidc-clients
-      mountPath: /secrets/oidc
-      readOnly: true

 # ConfigMap configuration
 configMap:
@@ -77,32 +71,6 @@ configMap:
    enabled: true
    issuer: mayne.kro.kr

-  # Identity providers (OIDC)
-  identity_providers:
-    oidc:
-      enabled: true
-      cors:
-        endpoints:
-          - authorization
-          - token
-          - revocation
-          - introspection
-          - userinfo
-        allowed_origins_from_client_redirect_uris: true
-      clients:
-        - client_id: minio
-          client_name: MinIO Console
-          client_secret: '$plaintext${{ secret "/secrets/oidc/MINIO_CLIENT_SECRET" }}'
-          authorization_policy: one_factor
-          redirect_uris:
-            - https://minio.minio0213.kro.kr/oauth_callback
-            - https://minio0213.kro.kr/oauth_callback
-          scopes:
-            - openid
-            - profile
-            - email
-          token_endpoint_auth_method: client_secret_post
-
 # Secret configuration - use existing secret from Vault
 secret:
  existingSecret: authelia-secrets
--- a/authelia/vault/authelia-secrets.yaml
+++ b/authelia/vault/authelia-secrets.yaml
@@ -13,51 +13,22 @@ spec:
    creationPolicy: Owner
  data:
    # Storage password (PostgreSQL)
-    - secretKey: STORAGE_PASSWORD
+    - secretKey: storage.postgres.password.txt
      remoteRef:
        key: databases/postgresql
        property: PASSWORD
-    # Session secret
-    - secretKey: SESSION_SECRET
+    # Session encryption key
+    - secretKey: session.encryption.key
      remoteRef:
        key: cluster-infrastructure/authelia
        property: SESSION_SECRET
    # Storage encryption key
-    - secretKey: STORAGE_ENCRYPTION_KEY
+    - secretKey: storage.encryption.key
      remoteRef:
        key: cluster-infrastructure/authelia
        property: STORAGE_ENCRYPTION_KEY
-    # OIDC HMAC secret
-    - secretKey: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
-      remoteRef:
-        key: cluster-infrastructure/authelia
-        property: OIDC_HMAC_SECRET
-    # OIDC JWKS private key (base64 encoded)
-    - secretKey: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
-      remoteRef:
-        key: cluster-infrastructure/authelia
-        property: OIDC_JWKS_PRIVATE_KEY
    # JWT HMAC key for identity validation (password reset)
    - secretKey: identity_validation.reset_password.jwt.hmac.key
      remoteRef:
        key: cluster-infrastructure/authelia
        property: JWT_HMAC_KEY
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: authelia-oidc-clients
-  namespace: authelia
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: authelia-oidc-clients
-    creationPolicy: Owner
-  data:
-    - secretKey: MINIO_CLIENT_SECRET
-      remoteRef:
-        key: databases/minio
-        property: OIDC_CLIENT_SECRET