Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add oidc configuration #1826

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

71g3pf4c3
Copy link

Added oidc configuration in helm chart. User can provide existing client secret or insert it explicitly in values.
All configuration specified will be merged with configureUserSettings json and passed to CONFIG_OVERWRITE_JSON variable.
Additionally json merge provides validation of configureUserSettings, preventing passing invalid json into it.

Signed-off-by: Кунгуров Макар Евгеньевич <[email protected]>
@reasonerjt
Copy link
Contributor

reasonerjt commented Sep 23, 2024

It was a decision not to expose authentication settings in values.yaml, b/c this is considered "day-2" settings, that admin will handle it after Harbor is installed.

Similarly, we chose not to enable user to setup LDAP in values.yaml, such configuration can only be made by providing a JSON string in "configureUserSettings"

@reasonerjt reasonerjt self-assigned this Sep 23, 2024
@71g3pf4c3
Copy link
Author

It was a decision not to expose authentication settings in values.yaml, b/c this is considered "day-2" settings, that admin will handle it after Harbor is installed.

Similarly, we chose not to enable user to setup LDAP in values.yaml, such configuration can only be made by providing a JSON string in "configureUserSettings"

This feature can be helpful with fully automated deployments and gitops environments like flux. I also added functionality to use exitsting incluster secret values.
configureUserSettings provides very limited range of configuration with just plain string field and without json validation or any validation at all, so i think my solution can be more convenient way to configure.

@71g3pf4c3
Copy link
Author

@reasonerjt please consider this feature, it helps in automated deployments regularly

@Vad1mo
Copy link
Member

Vad1mo commented Sep 27, 2024

It was a decision not to expose authentication settings in values.yaml, b/c this is considered "day-2" settings, that admin will handle it after Harbor is installed.

Similarly, we chose not to enable user to setup LDAP in values.yaml, such configuration can only be made by providing a JSON string in "configureUserSettings"

Not so long ago, CONFIG_OVERWRITE_JSON was introduced, to support upfront Harbor configuration.
It is not clear to me or to Harbor users why CONFIG_OVERWRITE_JSON should be a day-2 operation?
Users are not using CONFIG_OVERWRITE_JSON for day-2, only for day-1 or to be precise for the initial setup.

IMO it is also difficult to justify why 90% of harbor users, who install harbor via Helm Chats should not be able to use this feature,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants