diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 457d3306..ee24bb00 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 4.2.2 +version: 5.0.0 apiVersion: v2 appVersion: 7.1.3 home: https://oauth2-proxy.github.io/oauth2-proxy/ diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md index 20a4e46b..ed177455 100644 --- a/helm/oauth2-proxy/README.md +++ b/helm/oauth2-proxy/README.md @@ -60,6 +60,24 @@ See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/usin For the same reason `service.port` was renamed to `service.portNumber`. +### To 5.0.0 + +Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). This is a breaking change because many labels of all resources need to be updated to stay consistent. + +In order to upgrade, delete the Deployment before upgrading: + +```bash +kubectl delete deployment my-release-oauth2-proxy +``` + +This will introduce a slight downtime. + +For users who don't want downtime, you can perform these actions: + +- Perform a non-cascading removal of the deployment that keeps the pods running +- Add new labels to pods +- Perform `helm upgrade` + ## Configuration The following table lists the configurable parameters of the oauth2-proxy chart and their default values. @@ -80,6 +98,7 @@ Parameter | Description | Default `config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` `config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil` `config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""` +`customLabels` | Custom labels to add into metadata | `{}` | `config.google.adminEmail` | user impersonated by the google service account | `""` `config.google.serviceAccountJson` | google service account json contents | `""` `config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil` diff --git a/helm/oauth2-proxy/templates/_helpers.tpl b/helm/oauth2-proxy/templates/_helpers.tpl index a063d9dd..30b982f7 100644 --- a/helm/oauth2-proxy/templates/_helpers.tpl +++ b/helm/oauth2-proxy/templates/_helpers.tpl @@ -31,6 +31,31 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Generate basic labels +*/}} +{{- define "oauth2-proxy.labels" }} +helm.sh/chart: {{ include "oauth2-proxy.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: authentication-proxy +app.kubernetes.io/part-of: {{ template "oauth2-proxy.name" . }} +{{- include "oauth2-proxy.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "oauth2-proxy.selectorLabels" }} +app.kubernetes.io/name: {{ include "oauth2-proxy.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + {{/* Get the secret name. */}} diff --git a/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml index 980580c1..cf4e77ea 100644 --- a/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml +++ b/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml @@ -5,9 +5,7 @@ kind: ConfigMap metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} {{- if .Values.authenticatedEmailsFile.annotations }} annotations: {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }} diff --git a/helm/oauth2-proxy/templates/configmap-htpasswd-file.yaml b/helm/oauth2-proxy/templates/configmap-htpasswd-file.yaml index c40b6371..44fe67e9 100644 --- a/helm/oauth2-proxy/templates/configmap-htpasswd-file.yaml +++ b/helm/oauth2-proxy/templates/configmap-htpasswd-file.yaml @@ -4,9 +4,7 @@ kind: Secret metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file type: Opaque stringData: diff --git a/helm/oauth2-proxy/templates/configmap.yaml b/helm/oauth2-proxy/templates/configmap.yaml index bf5f517c..19dd86b6 100644 --- a/helm/oauth2-proxy/templates/configmap.yaml +++ b/helm/oauth2-proxy/templates/configmap.yaml @@ -5,9 +5,7 @@ kind: ConfigMap metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} data: oauth2_proxy.cfg: {{ .Values.config.configFile | quote }} diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml index d6e93973..abbe36a0 100644 --- a/helm/oauth2-proxy/templates/deployment.yaml +++ b/helm/oauth2-proxy/templates/deployment.yaml @@ -3,16 +3,13 @@ kind: Deployment metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ template "oauth2-proxy.name" . }} - release: {{ .Release.Name }} + {{- include "oauth2-proxy.selectorLabels" . | indent 6 }} template: metadata: annotations: @@ -29,7 +26,7 @@ spec: {{- end }} labels: app: {{ template "oauth2-proxy.name" . }} - release: "{{ .Release.Name }}" + {{- include "oauth2-proxy.labels" . | indent 8 }} {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 8 }} {{- end }} diff --git a/helm/oauth2-proxy/templates/google-secret.yaml b/helm/oauth2-proxy/templates/google-secret.yaml index 0e785b18..73238e0b 100644 --- a/helm/oauth2-proxy/templates/google-secret.yaml +++ b/helm/oauth2-proxy/templates/google-secret.yaml @@ -4,9 +4,7 @@ kind: Secret metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }}-google type: Opaque data: diff --git a/helm/oauth2-proxy/templates/ingress.yaml b/helm/oauth2-proxy/templates/ingress.yaml index 31cff29f..32043e66 100644 --- a/helm/oauth2-proxy/templates/ingress.yaml +++ b/helm/oauth2-proxy/templates/ingress.yaml @@ -17,9 +17,7 @@ kind: Ingress metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} {{- with .Values.ingress.annotations }} annotations: diff --git a/helm/oauth2-proxy/templates/poddisruptionbudget.yaml b/helm/oauth2-proxy/templates/poddisruptionbudget.yaml index a837fb31..f30bc5db 100644 --- a/helm/oauth2-proxy/templates/poddisruptionbudget.yaml +++ b/helm/oauth2-proxy/templates/poddisruptionbudget.yaml @@ -4,9 +4,7 @@ kind: PodDisruptionBudget metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} spec: selector: diff --git a/helm/oauth2-proxy/templates/redis-secret.yaml b/helm/oauth2-proxy/templates/redis-secret.yaml index 9ac3431e..a9b07ae8 100644 --- a/helm/oauth2-proxy/templates/redis-secret.yaml +++ b/helm/oauth2-proxy/templates/redis-secret.yaml @@ -4,9 +4,7 @@ kind: Secret metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }}-redis-access type: Opaque data: diff --git a/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml index c6ef2bd1..ce79db1d 100644 --- a/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml +++ b/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml @@ -6,9 +6,7 @@ type: Opaque metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} {{- if .Values.authenticatedEmailsFile.annotations }} annotations: {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }} diff --git a/helm/oauth2-proxy/templates/secret.yaml b/helm/oauth2-proxy/templates/secret.yaml index 89134fa0..471b34c1 100644 --- a/helm/oauth2-proxy/templates/secret.yaml +++ b/helm/oauth2-proxy/templates/secret.yaml @@ -4,9 +4,7 @@ kind: Secret metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} type: Opaque data: diff --git a/helm/oauth2-proxy/templates/service.yaml b/helm/oauth2-proxy/templates/service.yaml index 689e5f19..2bc09698 100644 --- a/helm/oauth2-proxy/templates/service.yaml +++ b/helm/oauth2-proxy/templates/service.yaml @@ -3,9 +3,7 @@ kind: Service metadata: labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} {{- if .Values.service.annotations }} annotations: @@ -41,5 +39,4 @@ spec: name: metrics {{- end }} selector: - app: {{ template "oauth2-proxy.name" . }} - release: {{ .Release.Name }} + {{- include "oauth2-proxy.selectorLabels" . | indent 4 }} diff --git a/helm/oauth2-proxy/templates/serviceaccount.yaml b/helm/oauth2-proxy/templates/serviceaccount.yaml index a534666f..8d41e1d9 100644 --- a/helm/oauth2-proxy/templates/serviceaccount.yaml +++ b/helm/oauth2-proxy/templates/serviceaccount.yaml @@ -8,8 +8,6 @@ metadata: {{- end }} labels: app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ template "oauth2-proxy.serviceAccountName" . }} +{{- include "oauth2-proxy.labels" . | indent 4 }} + name: {{ template "oauth2-proxy.fullname" . }} {{- end -}} diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml index 76270e1b..2f351315 100644 --- a/helm/oauth2-proxy/values.yaml +++ b/helm/oauth2-proxy/values.yaml @@ -45,6 +45,9 @@ image: extraArgs: {} extraEnv: [] +# -- Custom labels to add into metadata +customLabels: {} + # To authorize individual email addresses # That is part of extraArgs but since this needs special treatment we need to do a separate section authenticatedEmailsFile: