Skip to content

Commit

Permalink
Add .values.config.oidc.secret
Browse files Browse the repository at this point in the history 
Also fix args not being passed to deployment if secret is not generated

Signed-off-by: Valentin Klopfenstein <[email protected]>
  • Loading branch information
@klopfi-bot
klopfi-bot committed Jan 24, 2024
1 parent a1ca4cc commit 069eb97
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 29 deletions.
19 changes: 10 additions & 9 deletions charts/headlamp/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,13 @@ See [MAINTAINERS.md](https://github.com/headlamp-k8s/headlamp/blob/main/MAINTAIN

### Headlamp Configuration

| Key | Type | Default | Description |
|--------------------------|--------|-----------------------|--------------------------------------------|
| config.baseURL | string | `""` | base url path at which headlamp should run |
| config.oidc.create | bool | `true` | Enable this option to have the chart automatically create the OIDC secret using the specified values. |
| config.oidc.clientID | string | `""` | OIDC client ID |
| config.oidc.clientSecret | string | `""` | OIDC client secret |
| config.oidc.issuerURL | string | `""` | OIDC issuer URL |
| config.oidc.scopes | string | `""` | OIDC scopes to be used |
| config.pluginsDir | string | `"/headlamp/plugins"` | directory to look for plugins |
| Key | Type | Default | Description |
|---------------------------|--------|-----------------------|--------------------------------------------|
| config.baseURL | string | `""` | base url path at which headlamp should run |
| config.oidc.clientID | string | `""` | OIDC client ID |
| config.oidc.clientSecret | string | `""` | OIDC client secret |
| config.oidc.issuerURL | string | `""` | OIDC issuer URL |
| config.oidc.scopes | string | `""` | OIDC scopes to be used |
| config.oidc.secret.create | bool | `true` | Enable this option to have the chart automatically create the OIDC secret using the specified values. |
| config.oidc.secret.name | string | `oidc` | Name of the OIDC secret used by headlamp |
| config.pluginsDir | string | `"/headlamp/plugins"` | directory to look for plugins |
26 changes: 14 additions & 12 deletions charts/headlamp/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,50 +35,52 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{ with .Values.config.oidc }}
env:
{{- if or .Values.config.oidc.clientID (not .Values.config.oidc.create) }}
{{- if or .clientID (not .secret.create) }}
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: clientID
{{- end }}
{{- if or .Values.config.oidc.clientSecret (not .Values.config.oidc.create) }}
{{- if or .clientSecret (not .secret.create) }}
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: clientSecret
{{- end }}
{{- if or .Values.config.oidc.issuerURL (not .Values.config.oidc.create) }}
{{- if or .issuerURL (not .secret.create) }}
- name: OIDC_ISSUER_URL
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: issuerURL
{{- end }}
{{- if or .Values.config.oidc.scopes (not .Values.config.oidc.create) }}
{{- if or .scopes (not .secret.create) }}
- name: OIDC_SCOPES
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: scopes
{{- end }}
{{- end }}
args:
- "-in-cluster"
{{- with .Values.config.pluginsDir}}
- "-plugins-dir={{ . }}"
{{- end }}
{{- with .Values.config.oidc.clientID }}
{{- if or .Values.config.oidc.clientID (not .Values.config.oidc.secret.create) }}
- "-oidc-client-id=$(OIDC_CLIENT_ID)"
{{- end }}
{{- with .Values.config.oidc.clientSecret }}
{{- if or .Values.config.oidc.clientSecret (not .Values.config.oidc.secret.create) }}
- "-oidc-client-secret=$(OIDC_CLIENT_SECRET)"
{{- end }}
{{- with .Values.config.oidc.issuerURL }}
{{- if or .Values.config.oidc.issuerURL (not .Values.config.oidc.secret.create) }}
- "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)"
{{- end }}
{{- with .Values.config.oidc.scopes }}
{{- if or .Values.config.oidc.scopes (not .Values.config.oidc.secret.create) }}
- "-oidc-scopes=$(OIDC_SCOPES)"
{{- end }}
{{- with .Values.config.baseURL }}
Expand Down
14 changes: 8 additions & 6 deletions charts/headlamp/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,22 @@
{{- if .Values.config.oidc.create }}
{{- with .Values.config.oidc }}
{{- if .secret.create -}}
apiVersion: v1
kind: Secret
metadata:
name: oidc
name: {{ .secret.name }}
type: Opaque
data:
{{- with .Values.config.oidc.clientID }}
{{- with .clientID }}
clientID: {{ . | b64enc | quote }}
{{- end }}
{{- with .Values.config.oidc.clientSecret }}
{{- with .clientSecret }}
clientSecret: {{ . | b64enc | quote }}
{{- end }}
{{- with .Values.config.oidc.issuerURL }}
{{- with .issuerURL }}
issuerURL: {{ . | b64enc | quote }}
{{- end }}
{{- with .Values.config.oidc.scopes }}
{{- with .scopes }}
scopes: {{ . | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
7 changes: 5 additions & 2 deletions charts/headlamp/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,11 @@ config:
# -- base url path at which headlamp should run
baseURL: ""
oidc:
# -- Generate OIDC secret. If true, will generate a secret using the values below.
create: true
secret:
# -- Generate OIDC secret. If true, will generate a secret using .config.oidc.
create: true
# -- Name of the OIDC secret.
name: oidc
# -- OIDC client ID
clientID: ""
# -- OIDC client secret
Expand Down

0 comments on commit 069eb97

Please sign in to comment.