Commit efb43f6
feat(manifests): switch control-plane auth from static token to OIDC client credentials
Replace AMBIENT_API_TOKEN (static bearer token) with OIDC client
credentials (client_credentials grant) for control-plane → api-server
authentication. The control-plane exchanges a Keycloak client-id and
client-secret for short-lived JWTs, validated by the same JWKS path
the api-server already uses for user tokens.
- Update SaaS template: replace AMBIENT_API_TOKEN with OIDC_TOKEN_URL,
OIDC_CLIENT_ID, OIDC_CLIENT_SECRET from ambient-control-plane-oidc secret
- Remove AMBIENT_API_TOKEN from api-server env (no longer needed)
- Update hcmais overlay with concrete Keycloak token URL
- Add deployment prerequisites section to manifests README
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent 3acdd02 commit efb43f6
3 files changed
Lines changed: 46 additions & 11 deletions
File tree
- components/manifests
- overlays/hcmais
- templates
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
124 | 124 | | |
125 | 125 | | |
126 | 126 | | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
127 | 153 | | |
128 | 154 | | |
129 | 155 | | |
| |||
Lines changed: 10 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
20 | 22 | | |
21 | 23 | | |
22 | | - | |
23 | | - | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
202 | 202 | | |
203 | 203 | | |
204 | 204 | | |
205 | | - | |
206 | | - | |
207 | | - | |
208 | | - | |
209 | | - | |
210 | 205 | | |
211 | 206 | | |
212 | 207 | | |
| |||
375 | 370 | | |
376 | 371 | | |
377 | 372 | | |
378 | | - | |
| 373 | + | |
| 374 | + | |
| 375 | + | |
| 376 | + | |
| 377 | + | |
| 378 | + | |
| 379 | + | |
| 380 | + | |
379 | 381 | | |
380 | 382 | | |
381 | | - | |
382 | | - | |
| 383 | + | |
| 384 | + | |
383 | 385 | | |
384 | 386 | | |
385 | 387 | | |
| |||
0 commit comments