-
Notifications
You must be signed in to change notification settings - Fork 7
/
config.yaml
44 lines (43 loc) · 1.27 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Copyright 2023 Canonical Ltd.
# See LICENSE file for licensing details.
options:
client-id:
type: string
default: 'authservice-oidc'
description: OpenID Connect client ID
client-name:
type: string
default: 'Ambassador Auth OIDC'
description: Human-friendly OpenID Connect client name
client-secret:
type: string
default: ''
description: OpenID Connect client secret
public-url:
type: string
default: ''
description: Publicly-accessible endpoint for cluster
oidc-scopes:
type: string
default: 'profile email groups'
description: OpenID Connect scopes
ca-bundle:
type: string
default: ''
description: |
Custom CA to be trusted by OIDC gatekeeper. It is suggested to have the config:
ca-bundle: |
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
skip-auth-urls:
type: string
default: ''
description: |
If not empty, this is a comma-separated list of paths, e.g. "/path1/,/path2/".
That list defines which paths do not need to be authenticated on OIDC.
The DEX path is always added to this list.
userid-claim:
type: string
default: 'email'
description: OpenID Connect claim whose value will be used as the userid.