harbor: enable keycloak oidc settings

2026-01-13 20:42:26 -03:00 · 2026-01-13 20:42:26 -03:00 · bcef167b50
commit bcef167b50
parent fbde129d4c
1 changed files with 15 additions and 0 deletions
--- a/services/harbor/helmrelease.yaml
+++ b/services/harbor/helmrelease.yaml
@ -117,6 +117,21 @@ spec:
      existingSecret: harbor-core
      existingXsrfSecret: harbor-core
      existingXsrfSecretKey: CSRF_KEY
+      # OIDC config; client secret is stored out-of-band.
+      configureUserSettings: |
+        {
+          "auth_mode": "oidc_auth",
+          "oidc_name": "Keycloak",
+          "oidc_endpoint": "https://sso.bstein.dev/realms/atlas",
+          "oidc_client_id": "harbor",
+          "oidc_verify_cert": true,
+          "oidc_auto_onboard": true,
+          "oidc_scope": "openid,profile,email,groups",
+          "oidc_groups_claim": "groups",
+          "oidc_user_claim": "preferred_username",
+          "oidc_admin_group": "admin",
+          "oidc_logout": true
+        }
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution: