Onyxia
HomeGitHub
v9
  • Documentation
  • Release Notes & Upgrade Instructions
  • Vulnerability Disclosure
v9
  • Admin doc
    • 🏁Install
      • đŸ›ŗī¸Kubernetes
      • 🐙GitOps
      • 🔑User authentication
      • đŸ—ƒī¸Data (S3)
      • 🔓Vault
    • 🎨Theme and branding
    • đŸ”ŦCatalog of services
    • đŸ‘ĨSetting up group projects
    • 🔓Security consideration
    • âŦ†ī¸Migration guides
      • âŦ†ī¸v8 -> v9
      • âŦ†ī¸v7 -> v8
      • âŦ†ī¸v6 -> v7
      • âŦ†ī¸v5 -> v6
      • âŦ†ī¸v4 -> v5
      • âŦ†ī¸Migrating to the new helm repo
  • Contributors doc
    • đŸ–Ĩī¸The Web Application
      • âš™ī¸Technical stack
      • 📐Architecture
    • 🔌The REST API
    • đŸ›Ŗī¸Roadmap
  • user doc
    • đŸ•šī¸Getting started with Onyxia
    • 🎓Datascience Trainings and Tutorials
    • đŸ’ģSetting up your dev environment in Onyxia
    • 🤝Community resources
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Admin doc
  2. Migration guides

v4 -> v5

The primary breaking change in this release pertains to Keycloak configuration. With this update, you're no longer limited to using Keycloak; any OIDC-compliant identity provider is now supported. To accommodate this new feature, you'll need to make some adjustments to the configuration of your Onyxia instance.

You don't need to specify the issuerURI in multiple locations as we have done here. If you're using just one identity server (You have only one Keycloak server for example), you can set the issuerURI solely in api->env->oidc.issuer-uri.

onyxia-values.yaml
onyxia:
   web:
     env:
-      KEYCLOAK_URL: https://auth.lab.sspcloud.fr/auth
-      KEYCLOAK_REALM: sspcloud
   api:
     env:
-      keycloak.resource: onyxia
-      keycloak.realm: sspcloud
-      keycloak.auth-server-url: https://auth.lab.sspcloud.fr/auth
-      keycloak.ssl-required: external
-      keycloak.public-client: "true"
-      keycloak.enable-basic-auth: "true"
-      keycloak.bearer-only: "true"
+      oidc.issuer-uri: "https://auth.lab.sspcloud.fr/auth/realms/sspcloud"
+      oidc.clientID: "onyxia"
+      oidc.audience: "onyxia"
       authentication.mode: "openidconnect"
     regions: 
       [
         {
           "id": "paris",
           "services": {
-              "authenticationMode": "admin",
+              "authenticationMode": "serviceAccount",
               "k8sPublicEndpoint": {
                 "URL": "https://apiserver.kub.sspcloud.fr",
-                "keycloakParams": {
-                  "URL": "https://auth.lab.sspcloud.fr/auth",
-                  "realm": "sspcloud",
-                  "clientId": "onyxia"
-                },
+                "oidcConfiguration": {
+                  "issuerURI": "https://auth.lab.sspcloud.fr/auth/realms/sspcloud",
+                  "clientID": "onyxia-k8s-apiserver",
+                }
               }
             },
           "data": {
             "S3": {
-              "keycloakParams": {
-                "URL": "https://auth.lab.sspcloud.fr/auth",
-                "realm": "sspcloud",
-                "clientId": "onyxia-minio",
-              }
+              "oidcConfiguration": {
+                "issuerURI": "https://auth.lab.sspcloud.fr/auth/realms/sspcloud",
+                "clientID": "onyxia-minio",
+              }
             }
          },
          "vault": {
              "URL": "https://vault.lab.sspcloud.fr",
-             "keycloakParams": {
-               "URL": "https://auth.lab.sspcloud.fr/auth",
-               "realm": "sspcloud",
-               "clientId": "onyxia-vault",
-             }
+             "oidcConfiguration": {
+               "issuerURI": "https://auth.lab.sspcloud.fr/auth/realms/sspcloud",
+               "clientID": "onyxia-vault"
+             }
         }
       }
     ]

Was this helpful?

âŦ†ī¸
âŦ†ī¸