Merge branch 'main' into fix/allow-literal-zero-values

oauth2-proxy · Jun 1, 2023 · fd0de2d · fd0de2d
2 parents 6f472f8 + a66a1f9
commit fd0de2d
Show file tree

Hide file tree

Showing 19 changed files with 41 additions and 7 deletions.
diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 6.13.0
+version: 6.12.2
 apiVersion: v2
 appVersion: 7.4.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md
@@ -137,12 +137,14 @@ Parameter | Description | Default
 `ingress.path` | Ingress accepted path | `/`
 `ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific`
 `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.labels` | Ingress extra labels | `{}`
 `ingress.annotations` | Ingress annotations | `nil`
 `ingress.hosts` | Ingress accepted hostnames | `nil`
 `ingress.tls` | Ingress TLS configuration | `nil`
 `livenessProbe.enabled`  | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
 `livenessProbe.initialDelaySeconds` | number of seconds | 0
 `livenessProbe.timeoutSeconds` | number of seconds | 1
+`namespaceOverride` | Override the deployment namespace | `""`
 `nodeSelector` | node labels for pod assignment | `{}`
 `deploymentAnnotations` | annotations to add to the deployment | `{}`
 `podAnnotations` | annotations to add to each pod | `{}`

diff --git a/helm/oauth2-proxy/templates/NOTES.txt b/helm/oauth2-proxy/templates/NOTES.txt
@@ -1,3 +1,3 @@
 To verify that oauth2-proxy has started, run:
 
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
+  kubectl --namespace={{ template "oauth2-proxy.namespace" $ }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
diff --git a/helm/oauth2-proxy/templates/_helpers.tpl b/helm/oauth2-proxy/templates/_helpers.tpl
@@ -78,6 +78,17 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "oauth2-proxy.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
 {{/*
 Redis subcharts fullname
 */}}

diff --git a/helm/oauth2-proxy/templates/configmap-alpha.yaml b/helm/oauth2-proxy/templates/configmap-alpha.yaml
@@ -10,6 +10,7 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
     {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}-alpha
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 data:
   oauth2_proxy.yml: |
     ---

diff --git a/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/helm/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
@@ -11,6 +11,7 @@ metadata:
 {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
 {{- end }}
   name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 data:
   {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
 {{- end }}

diff --git a/helm/oauth2-proxy/templates/configmap.yaml b/helm/oauth2-proxy/templates/configmap.yaml
@@ -11,6 +11,7 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 data:
   oauth2_proxy.cfg: {{ tpl .Values.config.configFile $ | quote }}
 {{- end }}

diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
@@ -9,6 +9,7 @@ metadata:
 {{ toYaml .Values.deploymentAnnotations | indent 8 }}
   {{- end }}
   name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 spec:
   replicas: {{ .Values.replicaCount }}
   {{- if .Values.revisionHistoryLimit }}

diff --git a/helm/oauth2-proxy/templates/google-secret.yaml b/helm/oauth2-proxy/templates/google-secret.yaml
@@ -6,6 +6,7 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}-google
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 type: Opaque
 data:
   service-account.json: {{ .Values.config.google.serviceAccountJson | b64enc | quote }}

diff --git a/helm/oauth2-proxy/templates/ingress.yaml b/helm/oauth2-proxy/templates/ingress.yaml
@@ -9,8 +9,12 @@ kind: Ingress
 metadata:
   labels:
     app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
+    {{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.ingress.labels }}
+{{ toYaml .Values.ingress.labels | indent 4 }}
+{{- end }}
   name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 {{- with .Values.ingress.annotations }}
   annotations:
 {{ toYaml . | indent 4 }}

diff --git a/helm/oauth2-proxy/templates/poddisruptionbudget.yaml b/helm/oauth2-proxy/templates/poddisruptionbudget.yaml
@@ -6,6 +6,7 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 spec:
   selector:
     matchLabels:

diff --git a/helm/oauth2-proxy/templates/redis-secret.yaml b/helm/oauth2-proxy/templates/redis-secret.yaml
@@ -10,6 +10,7 @@ metadata:
     app: {{ $name }}
     {{- $labels | indent 4 }}
   name: {{ $fullName }}-redis-access
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 type: Opaque
 data:
   {{- if and .redis.password (not .redis.existingSecret) }}

diff --git a/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/helm/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
@@ -12,6 +12,7 @@ metadata:
 {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
 {{- end }}
   name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 data:
   {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | b64enc }}
 {{- end }}

diff --git a/helm/oauth2-proxy/templates/secret-htpasswd-file.yaml b/helm/oauth2-proxy/templates/secret-htpasswd-file.yaml
@@ -6,10 +6,11 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 type: Opaque
 stringData:
   users.txt: |-
     {{- range $entries := .Values.htpasswdFile.entries }}
     {{ $entries }}
     {{- end -}}
-{{- end }}
+{{- end }}
diff --git a/helm/oauth2-proxy/templates/secret.yaml b/helm/oauth2-proxy/templates/secret.yaml
@@ -10,6 +10,7 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 type: Opaque
 data:
   cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }}

diff --git a/helm/oauth2-proxy/templates/service.yaml b/helm/oauth2-proxy/templates/service.yaml
@@ -5,6 +5,7 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 {{- if .Values.service.annotations }}
   annotations:
 {{ toYaml .Values.service.annotations | indent 4 }}

diff --git a/helm/oauth2-proxy/templates/serviceaccount.yaml b/helm/oauth2-proxy/templates/serviceaccount.yaml
@@ -10,5 +10,6 @@ metadata:
     app: {{ template "oauth2-proxy.name" . }}
 {{- include "oauth2-proxy.labels" . | indent 4 }}
   name: {{ template "oauth2-proxy.serviceAccountName" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
 {{- end -}}
diff --git a/helm/oauth2-proxy/templates/servicemonitor.yaml b/helm/oauth2-proxy/templates/servicemonitor.yaml
@@ -6,7 +6,7 @@ metadata:
 {{- if .Values.metrics.servicemonitor.namespace }}
   namespace: {{ .Values.metrics.servicemonitor.namespace }}
 {{- else }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
 {{- end }}
   labels:
     prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }}
@@ -22,7 +22,7 @@ spec:
       {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace }}
+      - {{ template "oauth2-proxy.namespace" $ }}
   endpoints:
   - port: metrics
     path: "/metrics"

diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
@@ -1,3 +1,7 @@
+## Override the deployment namespace
+##
+namespaceOverride: ""
+
 # Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
 # This is especially useful for `helm template` as capabilities are always empty
 # due to the fact that it doesn't query an actual cluster
@@ -149,6 +153,7 @@ ingress:
   #       name: ssl-redirect
   #       port:
   #         name: use-annotation
+  labels: {}
   # annotations:
   #   kubernetes.io/ingress.class: nginx
   #   kubernetes.io/tls-acme: "true"
@@ -254,7 +259,7 @@ httpScheme: http
 htpasswdFile:
   enabled: false
   existingSecret: ""
-  entries: {}
+  entries: []
   # One row for each user
   # example:
   # entries: