Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

callback param

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-03-13 22:36:35 +01:00
parent 0c9c4b6b0d
commit acc8cf483b
1 changed files with 3 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cluster-resources/policies/auth-sidecar-injector.yaml
View File

@@ -10,16 +10,7 @@ metadata:
policies.kyverno.io/severity: medium policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >- policies.kyverno.io/description: >-
Injects an auth sidecar container into Pods annotated with Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". Supports two auth modes controlled by the policies.forteapps.io/auth-type annotation: "token" (default) and "oidc". In token mode the sidecar reads credentials from a mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect with authority and client-id provided via required annotations (policies.forteapps.io/auth-oidc-authority and policies.forteapps.io/auth-oidc-client-id) and secrets from an auth-oidc Secret. A NetworkPolicy is generated to restrict ingress to the sidecar port only.
policies.forteapps.io/auth: "true". Supports two auth modes controlled
by the policies.forteapps.io/auth-type annotation: "token" (default)
and "oidc". In token mode the sidecar reads credentials from a
mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect
with authority and client-id provided via required annotations
(policies.forteapps.io/auth-oidc-authority and
policies.forteapps.io/auth-oidc-client-id) and secrets from an
auth-oidc Secret. A NetworkPolicy is generated to restrict ingress
to the sidecar port only.
spec: spec:
background: false background: false
rules: rules:
@@ -225,6 +216,8 @@ spec:
value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}" value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}"
- name: AUTH_OIDC_CLIENT_ID - name: AUTH_OIDC_CLIENT_ID
value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}" value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}"
- name: AUTH_OIDC_CALLBACK_PATH
value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}"
- name: AUTH_OIDC_SCOPES - name: AUTH_OIDC_SCOPES
value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email' }}" value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email' }}"
- name: AUTH_OIDC_COOKIE_SECRET - name: AUTH_OIDC_COOKIE_SECRET