From e3b1317b5632a16c089cc5bf39f5b8155cf8e3c0 Mon Sep 17 00:00:00 2001 From: Wilson Rivera Date: Thu, 8 Jan 2026 19:46:33 -0500 Subject: [PATCH 1/3] feat: add sso cookie domain to helm values --- helm/cosmo/charts/controlplane/templates/deployment.yaml | 5 +++++ helm/cosmo/charts/controlplane/templates/secret.yaml | 1 + helm/cosmo/charts/controlplane/values.yaml | 2 ++ 3 files changed, 8 insertions(+) diff --git a/helm/cosmo/charts/controlplane/templates/deployment.yaml b/helm/cosmo/charts/controlplane/templates/deployment.yaml index a79825c99f..5e14833c44 100644 --- a/helm/cosmo/charts/controlplane/templates/deployment.yaml +++ b/helm/cosmo/charts/controlplane/templates/deployment.yaml @@ -104,6 +104,11 @@ spec: secretKeyRef: name: {{ include "controlplane.secretName" . }} key: jwtSessionSecret + - name: AUTH_SSO_COOKIE_DOMAIN + valueFrom: + secretKeyRef: + name: {{ include "controlplane.secretName" . }} + key: authSsoCookieDomain - name: DB_URL valueFrom: secretKeyRef: diff --git a/helm/cosmo/charts/controlplane/templates/secret.yaml b/helm/cosmo/charts/controlplane/templates/secret.yaml index 1bba9daf65..6d6962c338 100644 --- a/helm/cosmo/charts/controlplane/templates/secret.yaml +++ b/helm/cosmo/charts/controlplane/templates/secret.yaml @@ -21,6 +21,7 @@ stringData: clickhouseDsn: "{{ .Values.configuration.clickhouseDsn }}" clickhouseMigrationDsn: "{{ .Values.configuration.clickhouseMigrationDsn }}" jwtSessionSecret: "{{ .Values.global.controlplane.jwtSecret }}" + authSsoCookieDomain: "{{ .Values.configuration.authSsoCookieDomain }}" keycloakAdminUser: "{{ .Values.global.keycloak.adminUser }}" keycloakAdminPassword: "{{ .Values.global.keycloak.adminPassword }}" webhookSecret: "{{ .Values.configuration.webhookSecret }}" diff --git a/helm/cosmo/charts/controlplane/values.yaml b/helm/cosmo/charts/controlplane/values.yaml index 2fd18684dd..82d16740b4 100644 --- a/helm/cosmo/charts/controlplane/values.yaml +++ b/helm/cosmo/charts/controlplane/values.yaml @@ -201,6 +201,8 @@ configuration: openAiApiKey: '' # -- URL of the CDN to use for serving router configs and persistent operations cdnBaseUrl: 'http://cosmo-cdn:8787' + # -- The domain for the cookie used to store SSO authentication information + authSsoCookieDomain: '.wundergraph.local' # -- Use this section to configure the smtp server. smtp: From 33309360481160e00c4040835c1e8d8db8eb919a Mon Sep 17 00:00:00 2001 From: Wilson Rivera Date: Thu, 8 Jan 2026 20:06:48 -0500 Subject: [PATCH 2/3] chore: update README.md --- helm/cosmo/charts/controlplane/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/cosmo/charts/controlplane/README.md b/helm/cosmo/charts/controlplane/README.md index 1a320488fd..4092ba75db 100644 --- a/helm/cosmo/charts/controlplane/README.md +++ b/helm/cosmo/charts/controlplane/README.md @@ -19,6 +19,7 @@ WunderGraph Cosmo Controlplane | commonLabels | object | `{}` | Add labels to all deployed resources | | configuration.allowedOrigins[0] | string | `"*"` | | | configuration.authRedirectUri | string | `"http://controlplane.wundergraph.local/v1/auth/callback"` | | +| configuration.authSsoCookieDomain | string | `".wundergraph.local"` | The domain for the cookie used to store SSO authentication information | | configuration.cdnBaseUrl | string | `"http://cosmo-cdn:8787"` | URL of the CDN to use for serving router configs and persistent operations | | configuration.clickhouseDsn | string | `"http://default:changeme@cosmo-clickhouse:8123?database=cosmo"` | | | configuration.clickhouseMigrationDsn | string | `"clickhouse://default:changeme@cosmo-clickhouse:9000?database=cosmo"` | | From b2e8480f7c01c1e4e9b62ce282a2a64cfcfd4072 Mon Sep 17 00:00:00 2001 From: Wilson Rivera Date: Tue, 3 Mar 2026 09:35:22 -0500 Subject: [PATCH 3/3] chore: move `authSsoCookieDomain` from `secrets.yaml` to `config-map.yaml` --- helm/cosmo/charts/controlplane/templates/config-map.yaml | 1 + helm/cosmo/charts/controlplane/templates/deployment.yaml | 4 ++-- helm/cosmo/charts/controlplane/templates/secret.yaml | 1 - 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/cosmo/charts/controlplane/templates/config-map.yaml b/helm/cosmo/charts/controlplane/templates/config-map.yaml index 188b9d1c3d..8f16dad8b9 100644 --- a/helm/cosmo/charts/controlplane/templates/config-map.yaml +++ b/helm/cosmo/charts/controlplane/templates/config-map.yaml @@ -12,6 +12,7 @@ data: host: "0.0.0.0" port: "{{ .Values.service.port }}" logLevel: "{{ .Values.configuration.logLevel }}" + authSsoCookieDomain: "{{ .Values.configuration.authSsoCookieDomain }}" allowedOrigins: "{{ join "," .Values.configuration.allowedOrigins }}" webBaseUrl: "{{ .Values.global.studio.webUrl }}" debugSQL: "{{ .Values.configuration.debugSQL }}" diff --git a/helm/cosmo/charts/controlplane/templates/deployment.yaml b/helm/cosmo/charts/controlplane/templates/deployment.yaml index 5e14833c44..3035b2b7cf 100644 --- a/helm/cosmo/charts/controlplane/templates/deployment.yaml +++ b/helm/cosmo/charts/controlplane/templates/deployment.yaml @@ -106,8 +106,8 @@ spec: key: jwtSessionSecret - name: AUTH_SSO_COOKIE_DOMAIN valueFrom: - secretKeyRef: - name: {{ include "controlplane.secretName" . }} + configMapKeyRef: + name: {{ include "controlplane.fullname" . }}-configmap key: authSsoCookieDomain - name: DB_URL valueFrom: diff --git a/helm/cosmo/charts/controlplane/templates/secret.yaml b/helm/cosmo/charts/controlplane/templates/secret.yaml index 6d6962c338..1bba9daf65 100644 --- a/helm/cosmo/charts/controlplane/templates/secret.yaml +++ b/helm/cosmo/charts/controlplane/templates/secret.yaml @@ -21,7 +21,6 @@ stringData: clickhouseDsn: "{{ .Values.configuration.clickhouseDsn }}" clickhouseMigrationDsn: "{{ .Values.configuration.clickhouseMigrationDsn }}" jwtSessionSecret: "{{ .Values.global.controlplane.jwtSecret }}" - authSsoCookieDomain: "{{ .Values.configuration.authSsoCookieDomain }}" keycloakAdminUser: "{{ .Values.global.keycloak.adminUser }}" keycloakAdminPassword: "{{ .Values.global.keycloak.adminPassword }}" webhookSecret: "{{ .Values.configuration.webhookSecret }}"