From 61ab2ec70c1bcc20d88e01506f969a80acc25ed9 Mon Sep 17 00:00:00 2001 From: Cleanup Bot Date: Mon, 2 Feb 2026 21:06:21 +0000 Subject: [PATCH] Add Kubeflow OAuth2 application --- app-kubeflow.tf | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 app-kubeflow.tf diff --git a/app-kubeflow.tf b/app-kubeflow.tf new file mode 100644 index 0000000..54b983a --- /dev/null +++ b/app-kubeflow.tf @@ -0,0 +1,50 @@ +# ============================================================================= +# Kubeflow - ML Platform Dashboard +# ============================================================================= + +data "authentik_property_mapping_provider_scope" "kubeflow" { + managed_list = [ + "goauthentik.io/providers/oauth2/scope-openid", + "goauthentik.io/providers/oauth2/scope-email", + "goauthentik.io/providers/oauth2/scope-profile", + ] +} + +resource "authentik_provider_oauth2" "kubeflow" { + name = "Kubeflow" + client_id = "kubeflow" + client_type = "confidential" + authorization_flow = data.authentik_flow.default_authorization.id + invalidation_flow = data.authentik_flow.default_invalidation.id + + access_token_validity = "hours=1" + refresh_token_validity = "days=30" + + property_mappings = data.authentik_property_mapping_provider_scope.kubeflow.ids + + allowed_redirect_uris = [ + { matching_mode = "strict", url = "https://kubeflow.walleye-frog.ts.net/oauth2/callback" }, + ] + + signing_key = data.authentik_certificate_key_pair.generated.id +} + +resource "authentik_application" "kubeflow" { + name = "Kubeflow" + slug = "kubeflow" + protocol_provider = authentik_provider_oauth2.kubeflow.id + + meta_description = "ML Training Platform" + meta_launch_url = "https://kubeflow.walleye-frog.ts.net" + + group = "DevOps" +} + +output "kubeflow_client_id" { + value = authentik_provider_oauth2.kubeflow.client_id +} + +output "kubeflow_client_secret" { + value = authentik_provider_oauth2.kubeflow.client_secret + sensitive = true +}