Ensure chart will not render if additional clusters configured withou…

…t oidc (#1926)

* Ensure chart will not render if multicluster configured without oidc

* Enable an externally configured auth proxy.

chart/kubeapps/templates/dashboard-config.yaml

@@ -41,7 +41,7 @@ data:
     {
       "namespace": "{{ .Release.Namespace }}",
       "appVersion": "{{ .Chart.AppVersion }}",
-      "authProxyEnabled": {{ .Values.authProxy.enabled }},
+      "authProxyEnabled": {{ or .Values.authProxy.enabled .Values.authProxy.externallyEnabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
       "featureFlags": {{ .Values.featureFlags | toJson }}

chart/kubeapps/templates/kubeapps-frontend-deployment.yaml

@@ -83,6 +83,10 @@ spec:
           {{- if .Values.authProxy.resources }}
           resources: {{- toYaml .Values.authProxy.resources | nindent 12 }}
           {{- end }}
+        {{- else }}
+          {{- if and .Values.featureFlags.additionalClusters (not .Values.authProxy.externallyEnabled) }}
+            {{ fail "additionalClusters can be configured only when using an authenticate proxy for cluster oidc authentication."}}
+          {{ end -}}
         {{- end }}
       volumes:
         - name: vhost

chart/kubeapps/values.yaml

@@ -638,6 +638,9 @@ testImage:
 authProxy:
   # Set to true to enable the OIDC proxy
   enabled: false
+  # Set to true if an external auth proxy is setup to provide cookie authentication
+  # at the oauthLoginURI and oauthLogoutURI values below.
+  externallyEnabled: false
   ## Bitnami OAuth2 Proxy image
   ## ref: https://hub.docker.com/r/bitnami/oauth2-proxy/tags/
   ##