Add SecurityPolicy for code-server and update secret.yaml with client secret

rajsinghtech · rajsinghtech · commit 55e0720039f7 · 2025-10-23T20:39:16.000-05:00
This commit introduces a new SecurityPolicy resource for the code-server application, specifying OIDC provider details for authentication. Additionally, the secret.yaml file is updated to include a client secret for the code-server, enhancing security and configuration management.
diff --git a/clusters/common/apps/home/code-server/httproute.yaml b/clusters/common/apps/home/code-server/httproute.yaml
@@ -34,4 +34,22 @@ spec:
       matches:
         - path:
             type: PathPrefix
-            value: /
+            value: /
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: SecurityPolicy
+metadata:
+  name: code
+spec:
+  targetRefs:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: code
+  oidc:
+    provider:
+      issuer: "https://pocket-id.${CLUSTER_DOMAIN}"
+    clientID: "6e0ae47f-0ebe-4044-9aae-28e9da38ac3e"
+    clientSecret:
+      name: "code-server-secret"
+    redirectURL: "https://code.${CLUSTER_DOMAIN}/oauth2/callback"
+    logoutPath: "/logout"
diff --git a/clusters/common/apps/home/code-server/secret.yaml b/clusters/common/apps/home/code-server/secret.yaml
@@ -4,4 +4,5 @@ metadata:
   name: code-server-secret
 type: Opaque
 stringData:
-  password: ${DEFAULT_PASSWORD}
+  password: ${DEFAULT_PASSWORD}
+  client-secret: U0ktE06LOZ61JZHwwfjYF8Mq5CczdsKG
