Onyxia
HomeGitHub
v8
  • Documentation
  • Release Notes & Upgrade Instructions
  • Vulnerability Disclosure
v8
  • Admin doc
    • 🏁Install
      • đŸ›ŗī¸Kubernetes
      • 🐙GitOps
      • 🔑User authentication
      • đŸ—ƒī¸Data (S3)
      • 🔓Vault
    • 🎨Theme and branding
    • đŸ”ŦCatalog of services
    • đŸ‘ĨSetting up group projects
    • 🔓Security consideration
    • âŦ†ī¸Migration guides
      • âŦ†ī¸v7->v8
      • âŦ†ī¸v6 -> v7
      • âŦ†ī¸v5 -> v6
      • âŦ†ī¸v4 -> v5
      • âŦ†ī¸Migrating to the new helm repo
  • Contributors doc
    • đŸ–Ĩī¸The Web Application
      • âš™ī¸Technical stack
      • 📐Architecture
    • 🔌The REST API
    • đŸ›Ŗī¸Roadmap
  • user doc
    • đŸ•šī¸Getting started with Onyxia
    • 🎓Datascience Trainings and Tutorials
    • đŸ’ģSetting up your dev environment in Onyxia
    • 🤝Community resources
Powered by GitBook
On this page
  1. Admin doc
  2. Migration guides

v4 -> v5

The primary breaking change in this release pertains to Keycloak configuration. With this update, you're no longer limited to using Keycloak; any OIDC-compliant identity provider is now supported. To accommodate this new feature, you'll need to make some adjustments to the configuration of your Onyxia instance.

You don't need to specify the issuerURI in multiple locations as we have done here. If you're using just one identity server (You have only one Keycloak server for example), you can set the issuerURI solely in api->env->oidc.issuer-uri.

onyxia-values.yaml
onyxia:
   web:
     env:
-      KEYCLOAK_URL: https://auth.lab.sspcloud.fr/auth
-      KEYCLOAK_REALM: sspcloud
   api:
     env:
-      keycloak.resource: onyxia
-      keycloak.realm: sspcloud
-      keycloak.auth-server-url: https://auth.lab.sspcloud.fr/auth
-      keycloak.ssl-required: external
-      keycloak.public-client: "true"
-      keycloak.enable-basic-auth: "true"
-      keycloak.bearer-only: "true"
+      oidc.issuer-uri: "https://auth.lab.sspcloud.fr/auth/realms/sspcloud"
+      oidc.clientID: "onyxia"
+      oidc.audience: "onyxia"
       authentication.mode: "openidconnect"
     regions: 
       [
         {
           "id": "paris",
           "services": {
-              "authenticationMode": "admin",
+              "authenticationMode": "serviceAccount",
               "k8sPublicEndpoint": {
                 "URL": "https://apiserver.kub.sspcloud.fr",
-                "keycloakParams": {
-                  "URL": "https://auth.lab.sspcloud.fr/auth",
-                  "realm": "sspcloud",
-                  "clientId": "onyxia"
-                },
+                "oidcConfiguration": {
+                  "issuerURI": "https://auth.lab.sspcloud.fr/auth/realms/sspcloud",
+                  "clientID": "onyxia-k8s-apiserver",
+                }
               }
             },
           "data": {
             "S3": {
-              "keycloakParams": {
-                "URL": "https://auth.lab.sspcloud.fr/auth",
-                "realm": "sspcloud",
-                "clientId": "onyxia-minio",
-              }
+              "oidcConfiguration": {
+                "issuerURI": "https://auth.lab.sspcloud.fr/auth/realms/sspcloud",
+                "clientID": "onyxia-minio",
+              }
             }
          },
          "vault": {
              "URL": "https://vault.lab.sspcloud.fr",
-             "keycloakParams": {
-               "URL": "https://auth.lab.sspcloud.fr/auth",
-               "realm": "sspcloud",
-               "clientId": "onyxia-vault",
-             }
+             "oidcConfiguration": {
+               "issuerURI": "https://auth.lab.sspcloud.fr/auth/realms/sspcloud",
+               "clientID": "onyxia-vault"
+             }
         }
       }
     ]
Previousv5 -> v6NextMigrating to the new helm repo
âŦ†ī¸
âŦ†ī¸