Skip to content

Commit

Permalink
Merge pull request #1668 from ThisIsntTheWay/main
Browse files Browse the repository at this point in the history 
chart: Choose whether or not to generate oidc secret
  • Loading branch information
@yolossn
yolossn authored Jan 30, 2024
2 parents c374d5e + 069eb97 commit 674439a
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 26 deletions.
2 changes: 1 addition & 1 deletion charts/headlamp/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ sources:
maintainers:
- name: kinvolk
url: https://kinvolk.io/
version: 0.18.0
version: 0.18.1
appVersion: 0.22.0
annotations:
artifacthub.io/category: monitoring-logging
Expand Down
18 changes: 10 additions & 8 deletions charts/headlamp/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,13 @@ See [MAINTAINERS.md](https://github.com/headlamp-k8s/headlamp/blob/main/MAINTAIN

### Headlamp Configuration

| Key | Type | Default | Description |
|--------------------------|--------|-----------------------|--------------------------------------------|
| config.baseURL | string | `""` | base url path at which headlamp should run |
| config.oidc.clientID | string | `""` | OIDC client ID |
| config.oidc.clientSecret | string | `""` | OIDC client secret |
| config.oidc.issuerURL | string | `""` | OIDC issuer URL |
| config.oidc.scopes | string | `""` | OIDC scopes to be used |
| config.pluginsDir | string | `"/headlamp/plugins"` | directory to look for plugins |
| Key | Type | Default | Description |
|---------------------------|--------|-----------------------|--------------------------------------------|
| config.baseURL | string | `""` | base url path at which headlamp should run |
| config.oidc.clientID | string | `""` | OIDC client ID |
| config.oidc.clientSecret | string | `""` | OIDC client secret |
| config.oidc.issuerURL | string | `""` | OIDC issuer URL |
| config.oidc.scopes | string | `""` | OIDC scopes to be used |
| config.oidc.secret.create | bool | `true` | Enable this option to have the chart automatically create the OIDC secret using the specified values. |
| config.oidc.secret.name | string | `oidc` | Name of the OIDC secret used by headlamp |
| config.pluginsDir | string | `"/headlamp/plugins"` | directory to look for plugins |
26 changes: 14 additions & 12 deletions charts/headlamp/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,50 +35,52 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{ with .Values.config.oidc }}
env:
{{- with .Values.config.oidc.clientID }}
{{- if or .clientID (not .secret.create) }}
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: clientID
{{- end }}
{{- with .Values.config.oidc.clientSecret }}
{{- if or .clientSecret (not .secret.create) }}
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: clientSecret
{{- end }}
{{- with .Values.config.oidc.issuerURL }}
{{- if or .issuerURL (not .secret.create) }}
- name: OIDC_ISSUER_URL
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: issuerURL
{{- end }}
{{- with .Values.config.oidc.scopes }}
{{- if or .scopes (not .secret.create) }}
- name: OIDC_SCOPES
valueFrom:
secretKeyRef:
name: oidc
name: {{ .secret.name }}
key: scopes
{{- end }}
{{- end }}
args:
- "-in-cluster"
{{- with .Values.config.pluginsDir}}
- "-plugins-dir={{ . }}"
{{- end }}
{{- with .Values.config.oidc.clientID }}
{{- if or .Values.config.oidc.clientID (not .Values.config.oidc.secret.create) }}
- "-oidc-client-id=$(OIDC_CLIENT_ID)"
{{- end }}
{{- with .Values.config.oidc.clientSecret }}
{{- if or .Values.config.oidc.clientSecret (not .Values.config.oidc.secret.create) }}
- "-oidc-client-secret=$(OIDC_CLIENT_SECRET)"
{{- end }}
{{- with .Values.config.oidc.issuerURL }}
{{- if or .Values.config.oidc.issuerURL (not .Values.config.oidc.secret.create) }}
- "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)"
{{- end }}
{{- with .Values.config.oidc.scopes }}
{{- if or .Values.config.oidc.scopes (not .Values.config.oidc.secret.create) }}
- "-oidc-scopes=$(OIDC_SCOPES)"
{{- end }}
{{- with .Values.config.baseURL }}
Expand Down
14 changes: 9 additions & 5 deletions charts/headlamp/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,22 @@
{{- with .Values.config.oidc }}
{{- if .secret.create -}}
apiVersion: v1
kind: Secret
metadata:
name: oidc
name: {{ .secret.name }}
type: Opaque
data:
{{- with .Values.config.oidc.clientID }}
{{- with .clientID }}
clientID: {{ . | b64enc | quote }}
{{- end }}
{{- with .Values.config.oidc.clientSecret }}
{{- with .clientSecret }}
clientSecret: {{ . | b64enc | quote }}
{{- end }}
{{- with .Values.config.oidc.issuerURL }}
{{- with .issuerURL }}
issuerURL: {{ . | b64enc | quote }}
{{- end }}
{{- with .Values.config.oidc.scopes }}
{{- with .scopes }}
scopes: {{ . | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
5 changes: 5 additions & 0 deletions charts/headlamp/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ config:
# -- base url path at which headlamp should run
baseURL: ""
oidc:
secret:
# -- Generate OIDC secret. If true, will generate a secret using .config.oidc.
create: true
# -- Name of the OIDC secret.
name: oidc
# -- OIDC client ID
clientID: ""
# -- OIDC client secret
Expand Down

0 comments on commit 674439a

Please sign in to comment.