MLOps - OIDC_CLIENT_ID, OIDC_CLIENT_SECRET

[blaziq]

These two variables are mentioned in the Deployment Guide and the configure script asks for them:

• OIDC_CLIENT_ID: The client ID registered with your OIDC provider for GitLab.
• OIDC_CLIENT_SECRET: The client secret associated with the client ID.

However, it is not explained where exactly to obtain these values from and how they should be set prior to MLOps installation. The only thing that is clear is that they must come from the OIDC provider, which is currently missing.

Also, what values should be entered if the installation goes without an OIDC provider such as in the current state?

[james-hinton]

@rconway How do approach this for the current implementation of the guide? As we currently don't have the Identity Service BB. These OIDC values populate a provider.yaml thats used by GitLab https://github.com/EOEPCA/deployment-guide/blob/2.0-beta/scripts/mlops/gitlab/provider.yaml.template#L13

[rconway]

@rconway How do approach this for the current implementation of the guide? As we currently don't have the Identity Service BB. These OIDC values populate a provider.yaml thats used by GitLab https://github.com/EOEPCA/deployment-guide/blob/2.0-beta/scripts/mlops/gitlab/provider.yaml.template#L13

I'm currently working through a rudimentary IAM deployment on my local cluster - by cherry-picking the 'important' bits from the develop cluster. As an outcome I will push this into the deployment guide - but will leave the scripting aspects to @james-hinton

With this in place we should be able to properly integrate with Keycloak.

Having said that - we (Gitlab) should support an approach in which it does not integrate with an external OIDC.