feat(minio): enable OpenID auth

[martinohmann]

No description provided.

[github-actions]

--- HelmRelease: default/minio Deployment: default/minio

+++ HelmRelease: default/minio Deployment: default/minio

@@ -42,12 +42,24 @@

         - :9001
         env:
         - name: MINIO_API_CORS_ALLOW_ORIGIN
           value: https://minio.18b.haus,https://s3.18b.haus
         - name: MINIO_BROWSER_REDIRECT_URL
           value: https://minio.18b.haus
+        - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
+          value: groups
+        - name: MINIO_IDENTITY_OPENID_CLAIM_USERINFO
+          value: https://auth.18b.haus/api/oidc/userinfo
+        - name: MINIO_IDENTITY_OPENID_CLIENT_ID
+          value: minio
+        - name: MINIO_IDENTITY_OPENID_CONFIG_URL
+          value: https://auth.18b.haus/.well-known/openid-configuration
+        - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME
+          value: Authelia
+        - name: MINIO_IDENTITY_OPENID_SCOPES
+          value: openid,profile,groups,email
         - name: MINIO_PROMETHEUS_AUTH_TYPE
           value: public
         - name: MINIO_PROMETHEUS_JOB_ID
           value: minio
         - name: MINIO_PROMETHEUS_URL
           value: https://prometheus.18b.haus

[github-actions]

--- kubernetes/apps/default/authelia/app Kustomization: flux-system/authelia ConfigMap: default/authelia

+++ kubernetes/apps/default/authelia/app Kustomization: flux-system/authelia ConfigMap: default/authelia

@@ -110,12 +110,21 @@

             public: false
             authorization_policy: two_factor
             pre_configured_consent_duration: 1y
             scopes: ["openid", "profile", "groups", "email"]
             redirect_uris: ["https://gitops.18b.haus/oauth2/callback"]
             userinfo_signed_response_alg: none
+          - id: minio
+            description: MinIO
+            secret: "${MINIO_OIDC_CLIENT_SECRET_DIGEST}"
+            public: false
+            authorization_policy: two_factor
+            pre_configured_consent_duration: 1y
+            scopes: ["openid", "profile", "groups", "email"]
+            redirect_uris: ["https://minio.18b.haus/oauth_callback"]
+            userinfo_signed_response_alg: none
 kind: ConfigMap
 metadata:
   annotations:
     kustomize.toolkit.fluxcd.io/substitute: disabled
   labels:
     app.kubernetes.io/name: authelia
--- kubernetes/apps/default/minio/app Kustomization: flux-system/minio HelmRelease: default/minio

+++ kubernetes/apps/default/minio/app Kustomization: flux-system/minio HelmRelease: default/minio

@@ -40,12 +40,18 @@

             - /data
             - --console-address
             - :9001
             env:
               MINIO_API_CORS_ALLOW_ORIGIN: https://minio.18b.haus,https://s3.18b.haus
               MINIO_BROWSER_REDIRECT_URL: https://minio.18b.haus
+              MINIO_IDENTITY_OPENID_CLAIM_NAME: groups
+              MINIO_IDENTITY_OPENID_CLAIM_USERINFO: https://auth.18b.haus/api/oidc/userinfo
+              MINIO_IDENTITY_OPENID_CLIENT_ID: minio
+              MINIO_IDENTITY_OPENID_CONFIG_URL: https://auth.18b.haus/.well-known/openid-configuration
+              MINIO_IDENTITY_OPENID_DISPLAY_NAME: Authelia
+              MINIO_IDENTITY_OPENID_SCOPES: openid,profile,groups,email
               MINIO_PROMETHEUS_AUTH_TYPE: public
               MINIO_PROMETHEUS_JOB_ID: minio
               MINIO_PROMETHEUS_URL: https://prometheus.18b.haus
               MINIO_SERVER_URL: https://s3.18b.haus
               MINIO_UPDATE: 'off'
             envFrom: