Merge pull request #25 from nlamirault/feat/k8s-labelss

oauth2-proxy · Oct 26, 2021 · eb96b38 · eb96b38
2 parents 2875c40 + 0427131
commit eb96b38
Show file tree

Hide file tree

Showing 16 changed files with 64 additions and 43 deletions.
diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 4.2.2
+version: 5.0.0
 apiVersion: v2
 appVersion: 7.1.3
 home: https://oauth2-proxy.github.io/oauth2-proxy/

diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md
@@ -60,6 +60,24 @@ See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/usin
 
 For the same reason `service.port` was renamed to `service.portNumber`.
 
+### To 5.0.0
+
+Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). This is a breaking change because many labels of all resources need to be updated to stay consistent.
+
+In order to upgrade, delete the Deployment before upgrading:
+
+```bash
+kubectl delete deployment my-release-oauth2-proxy
+```
+
+This will introduce a slight downtime.
+
+For users who don't want downtime, you can perform these actions:
+
+- Perform a non-cascading removal of the deployment that keeps the pods running
+- Add new labels to pods
+- Perform `helm upgrade`
+
 ## Configuration
 
 The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
@@ -80,6 +98,7 @@ Parameter | Description | Default
 `config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
 `config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
 `config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""`
+`customLabels` | Custom labels to add into metadata | `{}` |
 `config.google.adminEmail` | user impersonated by the google service account | `""`
 `config.google.serviceAccountJson` | google service account json contents | `""`
 `config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`

diff --git a/helm/oauth2-proxy/templates/_helpers.tpl b/helm/oauth2-proxy/templates/_helpers.tpl
@@ -31,6 +31,31 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Generate basic labels
+*/}}
+{{- define "oauth2-proxy.labels" }}
+helm.sh/chart: {{ include "oauth2-proxy.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: authentication-proxy
+app.kubernetes.io/part-of: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "oauth2-proxy.selectorLabels" }}
+app.kubernetes.io/name: {{ include "oauth2-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Get the secret name.
 */}}

diff --git a/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
@@ -5,9 +5,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
 {{- if .Values.authenticatedEmailsFile.annotations }}
   annotations:
 {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}

diff --git a/helm/oauth2-proxy/templates/configmap-htpasswd-file.yaml b/helm/oauth2-proxy/templates/configmap-htpasswd-file.yaml
@@ -4,9 +4,7 @@ kind: Secret
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
 type: Opaque
 stringData:

diff --git a/helm/oauth2-proxy/templates/configmap.yaml b/helm/oauth2-proxy/templates/configmap.yaml
@@ -5,9 +5,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
 data:
   oauth2_proxy.cfg: {{ .Values.config.configFile | quote }}

diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
@@ -3,16 +3,13 @@ kind: Deployment
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      app: {{ template "oauth2-proxy.name" . }}
-      release: {{ .Release.Name }}
+      {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
   template:
     metadata:
       annotations:
@@ -29,7 +26,7 @@ spec:
     {{- end }}
       labels:
         app: {{ template "oauth2-proxy.name" . }}
-        release: "{{ .Release.Name }}"
+        {{- include "oauth2-proxy.labels" . | indent 8 }}
       {{- if .Values.podLabels }}
 {{ toYaml .Values.podLabels | indent 8 }}
       {{- end }}

diff --git a/helm/oauth2-proxy/templates/google-secret.yaml b/helm/oauth2-proxy/templates/google-secret.yaml
@@ -4,9 +4,7 @@ kind: Secret
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}-google
 type: Opaque
 data:

diff --git a/helm/oauth2-proxy/templates/ingress.yaml b/helm/oauth2-proxy/templates/ingress.yaml
@@ -17,9 +17,7 @@ kind: Ingress
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
 {{- with .Values.ingress.annotations }}
   annotations:

diff --git a/helm/oauth2-proxy/templates/poddisruptionbudget.yaml b/helm/oauth2-proxy/templates/poddisruptionbudget.yaml
@@ -4,9 +4,7 @@ kind: PodDisruptionBudget
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
 spec:
   selector:

diff --git a/helm/oauth2-proxy/templates/redis-secret.yaml b/helm/oauth2-proxy/templates/redis-secret.yaml
@@ -4,9 +4,7 @@ kind: Secret
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}-redis-access
 type: Opaque
 data:

diff --git a/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
@@ -6,9 +6,7 @@ type: Opaque
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
 {{- if .Values.authenticatedEmailsFile.annotations }}
   annotations:
 {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}

diff --git a/helm/oauth2-proxy/templates/secret.yaml b/helm/oauth2-proxy/templates/secret.yaml
@@ -4,9 +4,7 @@ kind: Secret
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
 type: Opaque
 data:

diff --git a/helm/oauth2-proxy/templates/service.yaml b/helm/oauth2-proxy/templates/service.yaml
@@ -3,9 +3,7 @@ kind: Service
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
 {{- if .Values.service.annotations }}
   annotations:
@@ -41,5 +39,4 @@ spec:
       name: metrics
     {{- end }}
   selector:
-    app: {{ template "oauth2-proxy.name" . }}
-    release: {{ .Release.Name }}
+    {{- include "oauth2-proxy.selectorLabels" . | indent 4 }}
diff --git a/helm/oauth2-proxy/templates/serviceaccount.yaml b/helm/oauth2-proxy/templates/serviceaccount.yaml
@@ -8,8 +8,6 @@ metadata:
   {{- end }}
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-    chart: {{ template "oauth2-proxy.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  name: {{ template "oauth2-proxy.serviceAccountName" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}
 {{- end -}}
diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
@@ -45,6 +45,9 @@ image:
 extraArgs: {}
 extraEnv: []
 
+# -- Custom labels to add into metadata
+customLabels: {}
+
 # To authorize individual email addresses
 # That is part of extraArgs but since this needs special treatment we need to do a separate section
 authenticatedEmailsFile: