Skip to content

Commit

Permalink
use redis secret from subchart (#90)
Browse files Browse the repository at this point in the history
Signed-off-by: Nico Braun <[email protected]>
  • Loading branch information
bluebrown authored Feb 25, 2022
1 parent 03ad9c3 commit 79e2156
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 11 deletions.
2 changes: 1 addition & 1 deletion helm/oauth2-proxy/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: oauth2-proxy
version: 6.1.2
version: 6.2.0
apiVersion: v2
appVersion: 7.2.0
home: https://oauth2-proxy.github.io/oauth2-proxy/
Expand Down
2 changes: 1 addition & 1 deletion helm/oauth2-proxy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ Parameter | Description | Default
`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
`sessionStorage.type` | Session storage type which can be one of the following: cookie or redis | `cookie`
`sessionStorage.redis.existingSecret` | existing Kubernetes secret to use for redis-password and redis-sentinel-password | `""`
`sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations | `nil`
`sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations. Taken from redis subchart secret if not set. sessionStorage.redis.existingSecret takes precedence | `nil`
`sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone`
`sessionStorage.redis.standalone.connectionUrl` | URL of redis standalone server for redis session storage (e.g. redis://HOST[:PORT]). Automatically generated if not set. | `""`
`sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]) | `[]`
Expand Down
10 changes: 8 additions & 2 deletions helm/oauth2-proxy/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -112,11 +112,17 @@ spec:
{{- if eq (default "cookie" .Values.sessionStorage.type) "redis" }}
- name: OAUTH2_PROXY_SESSION_STORE_TYPE
value: "redis"
{{- if or .Values.sessionStorage.redis.password .Values.sessionStorage.redis.existingSecret }}
{{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth).enabled )}}
- name: OAUTH2_PROXY_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.sessionStorage.redis.existingSecret }} {{ .Values.sessionStorage.redis.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-redis-access{{ end }}
{{- if .Values.sessionStorage.redis.existingSecret }}
name: {{ .Values.sessionStorage.redis.existingSecret }}
{{- else if .Values.sessionStorage.redis.password }}
name: {{ template "oauth2-proxy.fullname" . }}-redis-access
{{- else }}
name: {{ include "oauth2-proxy.redis.fullname" . }}
{{- end }}
key: redis-password
{{- end }}
{{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
Expand Down
23 changes: 16 additions & 7 deletions helm/oauth2-proxy/templates/redis-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,22 @@
{{- if and (eq .Values.sessionStorage.type "redis") (not .Values.sessionStorage.redis.existingSecret) }}
{{- $name := include "oauth2-proxy.name" . -}}
{{- $fullName := include "oauth2-proxy.fullname" . -}}
{{- $labels := include "oauth2-proxy.labels" . -}}
{{- with .Values.sessionStorage }}
{{- if and (eq .type "redis") (not .redis.existingSecret) (or .redis.password .redis.sentinel.password) }}
apiVersion: v1
kind: Secret
metadata:
labels:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}-redis-access
app: {{ $name }}
{{- $labels | indent 4 }}
name: {{ $fullName }}-redis-access
type: Opaque
data:
redis-password: {{ .Values.sessionStorage.redis.password | b64enc | quote }}
redis-sentinel-password: {{ .Values.sessionStorage.redis.sentinel.password | b64enc | quote }}
{{- end -}}
{{- with .redis.password }}
redis-password: {{ . | b64enc | quote }}
{{- end }}
{{- with .redis.sentinel.password }}
redis-sentinel-password: {{ . | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

0 comments on commit 79e2156

Please sign in to comment.