|
|
d5273a3555
|
zot: temporarily bypass sso and allow open access
|
2025-12-11 01:50:25 -03:00 |
|
|
|
7f57b286c1
|
vault: fix middleware reference
|
2025-12-11 01:41:45 -03:00 |
|
|
|
b39db83702
|
sso: tighten zot and vault oidc flow
|
2025-12-10 11:16:50 -03:00 |
|
|
|
b8817ef0af
|
keycloak: rerun audience scope bootstrap
|
2025-12-10 03:06:05 -03:00 |
|
|
|
f9ec7ab3ae
|
keycloak: add audience scope for oauth2-proxy clients
|
2025-12-10 03:03:40 -03:00 |
|
|
|
1ec2c55e17
|
vault: ingress via oauth2-proxy with redirect
|
2025-12-10 02:56:11 -03:00 |
|
|
|
9dc3be6cde
|
zot: forward Authorization header to upstream
|
2025-12-09 23:17:45 -03:00 |
|
|
|
6093297b5d
|
vault: route ingress via oauth2-proxy
|
2025-12-09 22:35:15 -03:00 |
|
|
|
d2ee171a70
|
vault: correct middleware/serverstransport refs
|
2025-12-09 22:32:27 -03:00 |
|
|
|
bc9abd38f0
|
vault: reference namespace-qualified middleware
|
2025-12-09 21:19:22 -03:00 |
|
|
|
190e452869
|
vault: tighten redirect regex
|
2025-12-09 21:17:43 -03:00 |
|
|
|
a360f9ce83
|
vault: use local middleware reference
|
2025-12-09 21:16:14 -03:00 |
|
|
|
a4da1c1abb
|
vault: fix traefik middleware references
|
2025-12-09 21:14:24 -03:00 |
|
|
|
8b22c707fb
|
vault: send ingress directly to vault with oidc redirect
|
2025-12-09 21:06:58 -03:00 |
|
|
|
9d6881725a
|
zot: align oidc client to oauth2-proxy; add vault redirect
|
2025-12-09 20:49:25 -03:00 |
|
|
|
8f9f6dd5b3
|
vault: route ingress through oauth2-proxy
|
2025-12-09 19:07:21 -03:00 |
|
|
|
129f5d6415
|
vault: fix traefik namespace prefixes
|
2025-12-09 19:04:26 -03:00 |
|
|
|
fdd275c446
|
keycloak: fix oauth2-proxy redirect bootstrap job
|
2025-12-09 19:00:51 -03:00 |
|
|
|
59ee37a3b5
|
keycloak: bootstrap oauth2-proxy redirect URIs
|
2025-12-09 18:53:21 -03:00 |
|
|
|
ecf21d95b2
|
vault: rerun oidc bootstrap job
|
2025-12-09 18:45:33 -03:00 |
|
|
|
9dfe1acfa0
|
keycloak: ensure zot oauth2 client redirect
|
2025-12-09 18:38:31 -03:00 |
|
|
|
046c9dc17a
|
vault: default oidc login and middleware fix
|
2025-12-09 18:38:21 -03:00 |
|
|
|
93d2354e72
|
vault: redirect / and /ui to oidc login
|
2025-12-09 17:42:19 -03:00 |
|
|
|
7431cab073
|
vault: fix middleware naming
|
2025-12-09 17:38:12 -03:00 |
|
|
|
373254c97d
|
zot,vault: fix oidc ingress
|
2025-12-09 17:16:05 -03:00 |
|
|
|
4a6aa907f6
|
vault: fix ingress tls annotation
|
2025-12-09 03:25:28 -03:00 |
|
|
|
1f5ae50989
|
zot: restore oauth2-proxy front; vault: point ingress to vault-ui
|
2025-12-09 02:34:16 -03:00 |
|
|
|
27214e7294
|
zot/vault: simplify to native OIDC and redirect to login
|
2025-12-09 02:26:01 -03:00 |
|
|
|
7c9fc9008a
|
zot: route ingress directly to zot (native OIDC)
|
2025-12-09 02:08:22 -03:00 |
|
|
|
0a76fc3612
|
zot: use generic oidc provider key
|
2025-12-09 01:29:05 -03:00 |
|
|
|
cdbad50c02
|
zot: fix oidc config keys
|
2025-12-09 01:15:53 -03:00 |
|
|
|
ea4c04ba04
|
zot: fix oidc provider map shape
|
2025-12-08 23:36:19 -03:00 |
|
|
|
dba4d270ff
|
sso: fix vault OIDC bootstrap and render zot oidc config
|
2025-12-08 23:23:21 -03:00 |
|
|
|
c8254d6eec
|
longhorn/vault: zot oauth2-proxy integration
|
2025-12-07 20:28:45 -03:00 |
|
|
|
6c62d42f7a
|
longhorn/vault: gate via oauth2-proxy
|
2025-12-07 19:44:02 -03:00 |
|
|
|
a7e9f1f7d8
|
auth: remove error middleware to allow redirect
|
2025-12-07 13:19:45 -03:00 |
|
|
|
ceb692f7ee
|
oauth2-proxy: drop groups scope to avoid invalid_scope
|
2025-12-07 13:09:29 -03:00 |
|
|
|
24fbaad040
|
auth: forward-auth via external auth host (svc traffic flaky)
|
2025-12-07 13:03:29 -03:00 |
|
|
|
04aa32a762
|
oauth2-proxy: schedule on worker rpis
|
2025-12-07 12:49:38 -03:00 |
|
|
|
25ee698021
|
oauth2-proxy: ensure error middleware on auth ingress
|
2025-12-07 12:03:14 -03:00 |
|
|
|
4a089876ba
|
auth: use internal oauth2-proxy svc for forward-auth
|
2025-12-07 11:25:29 -03:00 |
|
|
|
20bb776625
|
auth: add 401 redirect middleware to oauth2-proxy
|
2025-12-07 11:14:25 -03:00 |
|
|
|
5e59f20bc3
|
auth: point forward-auth to external auth host
|
2025-12-07 11:09:09 -03:00 |
|
|
|
dbede55ad4
|
oauth2-proxy: temporarily drop group restriction
|
2025-12-07 10:42:13 -03:00 |
|
|
|
27e5c9391c
|
auth: add namespace-local forward-auth middlewares
|
2025-12-07 10:25:44 -03:00 |
|
|
|
8d5e6c267c
|
auth: wire oauth2-proxy and enable grafana oidc
|
2025-12-07 02:01:21 -03:00 |
|
|
|
a55502fe27
|
add oauth2-proxy for SSO forward-auth
|
2025-12-06 14:42:24 -03:00 |
|
|
|
598bdfc727
|
keycloak: restrict to worker rpis with titan-24 fallback
|
2025-12-06 01:44:23 -03:00 |
|
|
|
88c7a1c2aa
|
keycloak: require rpi nodes with titan-24 fallback
|
2025-12-06 01:40:24 -03:00 |
|
|
|
f4da27271e
|
keycloak: prefer rpi nodes, avoid titan-24
|
2025-12-06 01:36:33 -03:00 |
|
