17 lines
878 B
YAML
17 lines
878 B
YAML
# OIDC with Authentik — credentials live in Secret **headlamp-oidc** (envFrom), created by **noble_authentik**.
|
|
# **OIDC_SCOPES** in that Secret must match scopes the Authentik provider exposes (see **noble_authentik_headlamp_oidc_scopes**).
|
|
#
|
|
# With **externalSecret**, the Headlamp chart only adds **-oidc-callback-url** / **-oidc-use-pkce** args when these
|
|
# values are set here (or under **env:**). The Secret alone is not enough — without them, login can fail or Authentik returns errors.
|
|
# **usePKCE** defaults **false** for Authentik confidential clients (Ansible **noble_authentik_headlamp_oidc_use_pkce** also passes **--set** on **--tags authentik**).
|
|
|
|
config:
|
|
oidc:
|
|
secret:
|
|
create: false
|
|
externalSecret:
|
|
enabled: true
|
|
name: headlamp-oidc
|
|
callbackURL: "https://headlamp.apps.noble.lab.pcenicni.dev/oidc-callback"
|
|
usePKCE: false
|