diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml b/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml index b9019cc5..620f09f0 100644 --- a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml +++ b/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml @@ -10,30 +10,4 @@ metadata: deployment.timestamp: {{ .Values.global.timestamp | quote }} {{ end }} data: - authentication: | - apiVersion: jumpstarter.dev/v1alpha1 - kind: AuthenticationConfiguration - # jwt: - # - issuer: - # url: https://10.239.206.8:5556/dex - # audiences: - # - jumpstarter - # audienceMatchPolicy: MatchAny - # certificateAuthority: | - # -----BEGIN CERTIFICATE----- - # MIIB/DCCAYKgAwIBAgIIcpC2uS+SjEIwCgYIKoZIzj0EAwMwIDEeMBwGA1UEAxMV - # bWluaWNhIHJvb3QgY2EgNzI5MGI2MCAXDTI1MDIwMzE5MzMyNVoYDzIxMjUwMjAz - # MTkzMzI1WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3MjkwYjYwdjAQBgcq - # hkjOPQIBBgUrgQQAIgNiAAQzezKJ4My35HPeoJvvzTjhS2uJMBYrYfrs5csxZjiy - # q8ORrHM539XhWlA6sVZODhzcF2KL4mC9xKz/yIrsws+LKsIWNHGGmIPEKFYnHBGw - # VBGeARvhpzZP/9frJXAN/8ejgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQW - # MBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud - # DgQWBBSZRBCUuP3ta2xsfjnWIjvgvz4fojAfBgNVHSMEGDAWgBSZRBCUuP3ta2xs - # fjnWIjvgvz4fojAKBggqhkjOPQQDAwNoADBlAjADql5Ks5wh181iUa1ZBnx4XOVe - # l0l7I+mwlwJSPmkZHxruWZTx7gQU4tfDCr+UuzUCMQC2aDXRb17cphipK4gzbExv - # EDLExjhHAqMPrKDmT0jHIi7Bbos38/1tyZ/IoKjLnv0= - # -----END CERTIFICATE----- - # claimMappings: - # username: - # claim: "sub" - # prefix: "" + authentication: {{- .Values.authenticationConfig | toYaml | indent 1 }} diff --git a/deploy/helm/jumpstarter/values.yaml b/deploy/helm/jumpstarter/values.yaml index fcd85409..37d7899d 100644 --- a/deploy/helm/jumpstarter/values.yaml +++ b/deploy/helm/jumpstarter/values.yaml @@ -36,6 +36,7 @@ global: ## If not set, a random secret will be generated. ## Please fill in to deploy from ArgoCD or the secret will be regenerated for each sync. ## @param jumpstarter-controller.namespace Namespace where the controller will be deployed, defaults to global.namespace. +## @param jumpstarter-controller.authenticationConfig Configuration for OIDC authentication, see https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration for documentation ## @section Ingress And Route parameters ## @descriptionStart This section contains parameters for the Ingress and Route configurations. @@ -73,6 +74,34 @@ jumpstarter-controller: controllerSecret: "" routerSecret: "" + authenticationConfig: | + apiVersion: jumpstarter.dev/v1alpha1 + kind: AuthenticationConfiguration + # jwt: + # - issuer: + # url: https://10.239.206.8:5556/dex + # audiences: + # - jumpstarter + # audienceMatchPolicy: MatchAny + # certificateAuthority: | + # -----BEGIN CERTIFICATE----- + # MIIB/DCCAYKgAwIBAgIIcpC2uS+SjEIwCgYIKoZIzj0EAwMwIDEeMBwGA1UEAxMV + # bWluaWNhIHJvb3QgY2EgNzI5MGI2MCAXDTI1MDIwMzE5MzMyNVoYDzIxMjUwMjAz + # MTkzMzI1WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3MjkwYjYwdjAQBgcq + # hkjOPQIBBgUrgQQAIgNiAAQzezKJ4My35HPeoJvvzTjhS2uJMBYrYfrs5csxZjiy + # q8ORrHM539XhWlA6sVZODhzcF2KL4mC9xKz/yIrsws+LKsIWNHGGmIPEKFYnHBGw + # VBGeARvhpzZP/9frJXAN/8ejgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQW + # MBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud + # DgQWBBSZRBCUuP3ta2xsfjnWIjvgvz4fojAfBgNVHSMEGDAWgBSZRBCUuP3ta2xs + # fjnWIjvgvz4fojAKBggqhkjOPQQDAwNoADBlAjADql5Ks5wh181iUa1ZBnx4XOVe + # l0l7I+mwlwJSPmkZHxruWZTx7gQU4tfDCr+UuzUCMQC2aDXRb17cphipK4gzbExv + # EDLExjhHAqMPrKDmT0jHIi7Bbos38/1tyZ/IoKjLnv0= + # -----END CERTIFICATE----- + # claimMappings: + # username: + # claim: "sub" + # prefix: "" + grpc: hostname: "" routerHostname: ""