diff --git a/cluster-resources/policies/auth-sidecar-injector.yaml b/cluster-resources/policies/auth-sidecar-injector.yaml index 3259d9d..a680ccc 100644 --- a/cluster-resources/policies/auth-sidecar-injector.yaml +++ b/cluster-resources/policies/auth-sidecar-injector.yaml @@ -134,6 +134,8 @@ spec: value: ":8080" - name: AUTH_UPSTREAM_URL value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}" + - name: AUTH_PUBLIC_PATHS + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}" - name: AUTH_TOKEN_FILE value: "/etc/auth/tokens" - name: AUTH_MODE @@ -225,6 +227,8 @@ spec: value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}" - name: AUTH_OIDC_SCOPES value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email' }}" + - name: AUTH_PUBLIC_PATHS + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}" - name: AUTH_OIDC_COOKIE_SECRET valueFrom: secretKeyRef: @@ -307,6 +311,8 @@ spec: value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}" - name: AUTH_MCP_AUTHORIZATION_SERVERS value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}" + - name: AUTH_PUBLIC_PATHS + value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}" - name: AUTH_MCP_SCOPES_SUPPORTED value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'read,write' }}" resources: