Mayne0213
1fa6ff5edd
- Change from hashKeyFile/blockKeyFile inside sessionDriver to sessionKeysFile at auth config level - Update ExternalSecret to generate session-keys.json with both hashKey and encryptKey in correct JSON format - Fix securecookie validation error during OIDC callback
81 lines
1.6 KiB
YAML
81 lines
1.6 KiB
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: zot-htpasswd-secret
|
|
namespace: zot
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault-backend
|
|
target:
|
|
name: zot-htpasswd
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: htpasswd
|
|
remoteRef:
|
|
key: zot
|
|
property: HTPASSWD
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: zot-oidc-secret
|
|
namespace: zot
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault-backend
|
|
target:
|
|
name: zot-oidc-credentials
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
credentials.json: |
|
|
{
|
|
"clientid": "{{ .client_id }}",
|
|
"clientsecret": "{{ .client_secret }}"
|
|
}
|
|
data:
|
|
- secretKey: client_id
|
|
remoteRef:
|
|
key: zot
|
|
property: OIDC_CLIENT_ID
|
|
- secretKey: client_secret
|
|
remoteRef:
|
|
key: zot
|
|
property: OIDC_CLIENT_SECRET
|
|
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: zot-session-secret
|
|
namespace: zot
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault-backend
|
|
target:
|
|
name: zot-session-keys
|
|
creationPolicy: Owner
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
session-keys.json: |
|
|
{
|
|
"hashKey": "{{ .hashKey }}",
|
|
"encryptKey": "{{ .encryptKey }}"
|
|
}
|
|
data:
|
|
- secretKey: hashKey
|
|
remoteRef:
|
|
key: zot
|
|
property: SESSION_HASH_KEY
|
|
- secretKey: encryptKey
|
|
remoteRef:
|
|
key: zot
|
|
property: SESSION_BLOCK_KEY
|