Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add proxyVarsFromSecret value #196

Closed
wants to merge 19 commits into from
Closed

feat: add proxyVarsFromSecret value #196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
a78c177
feat: add proxyVarsFromSecret value
aslafy-z Apr 9, 2024
73adb59
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci May 1, 2024
274f6a4
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci May 7, 2024
6257a7b
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci May 30, 2024
494e9f3
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci May 31, 2024
ab95c60
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci May 31, 2024
4e392b5
Merge branch 'main' into feat/proxyVarsFromSecret
aslafy-z Jul 8, 2024
641385c
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Aug 23, 2024
3d5df19
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Aug 28, 2024
3b1b191
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Dec 23, 2024
7e17875
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Dec 30, 2024
be4ce12
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Jan 8, 2025
5d2ffbe
Update Chart.yaml
pierluigilenoci Jan 8, 2025
bdface2
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Jan 8, 2025
c078e90
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Feb 6, 2025
c3bffe0
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Feb 7, 2025
12e5cc8
Update helm/oauth2-proxy/Chart.yaml
pierluigilenoci Feb 10, 2025
2cd07c9
Merge branch 'main' into feat/proxyVarsFromSecret
pierluigilenoci Feb 10, 2025
e2ae4b8
rename proxyVarsFromSecret to envFromExistingSecret
tuunit Feb 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions helm/oauth2-proxy/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: oauth2-proxy
version: 7.10.5
version: 7.11.0
apiVersion: v2
appVersion: 7.8.1
home: https://oauth2-proxy.github.io/oauth2-proxy/
Expand Down Expand Up @@ -32,7 +32,7 @@ kubeVersion: ">=1.16.0-0"
annotations:
artifacthub.io/changes: |
- kind: added
description: Add documentation to ensure Redis password consistency between sessionStorage and Redis sub chart is well explained
description: Add envFromExistingSecret value for loading environment variables from an existing secret
links:
- name: Github PR
url: https://github.com/oauth2-proxy/manifests/pull/283
url: https://github.com/oauth2-proxy/manifests/pull/196
9 changes: 7 additions & 2 deletions helm/oauth2-proxy/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,8 +172,13 @@ spec:
lifecycle:
{{ toYaml .Values.lifecycle | indent 10 }}
{{- end }}
{{- with .Values.envFromExistingSecret }}
envFrom:
- secretRef:
name: {{ . }}
{{- end }}
env:
{{- if .Values.proxyVarsAsSecrets }}
{{- if and (not .Values.envFromExistingSecret) .Values.proxyVarsAsSecrets }}
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -237,7 +242,7 @@ spec:
{{- if .Values.extraEnv }}
{{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
{{- end }}
{{- if .Values.envFrom }}
{{- if and (not .Values.envFromExistingSecret) .Values.envFrom }}
envFrom:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pierluigilenoci I refactored the PR a little bit and gave the variable a better name but then I realised we already have an envFrom parameter that allows for using a secret as a source like so:

envFrom:
  - secretRef:
      name: my-secret

in the values.yaml without any changes to the chart.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Therefore I don't see the benefit of this addition to the helm chart 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original idea of PR has probably been lost over time.
However, you can find it in this comment:
#141 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since then it has been replaced with a more generic solution:
#201

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would therefore close this PR.

{{ tpl (toYaml .Values.envFrom) . | indent 8 }}
{{- end }}
Expand Down
10 changes: 7 additions & 3 deletions helm/oauth2-proxy/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,13 @@ envFrom: []
# - secretRef:
# name: special-config-secret

# Import all environment variables from an existing secret. Will overwrite 'proxyVarsAsSecrets' and 'envFrom'.
envFromExistingSecret: ""

# Whether to create a secret instead of plain environment values for configuring
# the client_id, client_secret and cookie_secret
proxyVarsAsSecrets: true

# -- Custom labels to add into metadata
customLabels: {}

Expand Down Expand Up @@ -245,9 +252,6 @@ tolerations: []
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}

# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
proxyVarsAsSecrets: true

# Configure Kubernetes liveness and readiness probes.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
Expand Down
Loading