kind: KongPlugin apiVersion: configuration.konghq.com/v1 metadata: name: jenkins-nopublic-oidc labels: app: jenkins {{- include "jenkins-operator.metaLabels" . | nindent 4 }} plugin: oidc config: client_secret: "mock" client_id: jenkins realm: {{ template "keycloak.realm" . }} discovery: >- {{ template "keycloak.url" . }}/auth/realms/{{ template "keycloak.realm" . }}/.well-known/openid-configuration introspection_endpoint: >- {{ template "keycloak.url" . }}/auth/realms/{{ template "keycloak.realm" . }}/protocol/openid-connect/token/introspect logout_path: /logout redirect_uri_path: /{{ .Values.jenkins.basePath }}/finishAuth token_endpoint_auth_method: client_secret_post unauth_action: redirect session_opts: >- '{"storage":"sentinel", "sentinel":{"sentinel_master_name":"mymaster", "sentinel_db":"sessions_admin_tools", "sentinel_host":"{{- template "sentinel.host" $ -}}", "sentinel_port":"{{- template "sentinel.port" $ -}}","uselocking":false}}' issuers_allowed: ['{{ template "keycloak.url" . }}/auth/realms/{{ template "keycloak.realm" . }}'] protocols: - http - https