cleanup rancher oidc configuration

Pierrick Seiterequested to merge
rancher-oidc into main

This MR rethink the configuration of OIDC rancher authentication backend. Namely:

  • rely on a randomly unique password for the Rancher OIDC client, different from the sylva admin password
  • fix confusion between secret of the Rancher OIDC client and password of rancher admin password
  • rename the unit configuring the rancher authentication backend for the sake of code readability

Note: https://gitlab.com/sylva-projects/sylva-core/-/blob/rancher-oidc/charts/sylva-units/scripts/copy-rancher-oidc-secret.sh is required to copy oidc client secrets in cattle-global-data ns and referenced here https://gitlab.com/sylva-projects/sylva-core/-/blob/rancher-oidc/kustomize-units/rancher-oidc/rancher-oidc.yaml#L14

[EDIT] Instead of a script this MR should rely on !176 (merged) outcome to rely on an external secret with a kubernetes provider.

Edited by Pierrick Seite

Merge request reports