master-group/charts
2
0
Fork 0
mirror of https://github.com/k8s-at-home/charts.git synced 2025-02-03 07:49:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

[traefik-forward-auth] Add cookie secret to values (#197)

Browse Source 
Co-authored-by: ᗪєνιη ᗷυнʟ <onedr0p@users.noreply.github.com>
This commit is contained in:
Mark McWhirter 2020-11-24 14:15:11 +00:00 committed by GitHub
parent a05b836cd1
commit 3b0b096427
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/traefik-forward-auth/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: traefik-forward-auth name: traefik-forward-auth
description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
type: application type: application
version: 1.0.2 version: 1.0.3
appVersion: 2.2.0 appVersion: 2.2.0
keywords: keywords:
- traefik - traefik

1
charts/traefik-forward-auth/README.md
View File

@ -61,6 +61,7 @@ helm install traefik-forward-auth k8s-at-home/traefik-forward-auth --values valu
| cookie.domain | string | `""` | Domain(s) to set auth cookie on. (Comma delimited) | | cookie.domain | string | `""` | Domain(s) to set auth cookie on. (Comma delimited) |
| cookie.insecure | string | `""` | Use insecure cookies | | cookie.insecure | string | `""` | Use insecure cookies |
| cookie.name | string | `""` | Cookie Name (default: _forward_auth) | | cookie.name | string | `""` | Cookie Name (default: _forward_auth) |
| cookie.secret | string| `""` | Cookie Secret - useful when running multiple instances |
| default.action | string | `""` | [auth|allow] Default action (default: auth) | | default.action | string | `""` | [auth|allow] Default action (default: auth) |
| default.provider | string | `""` | [google|oidc|generic-oauth] Default provider (default: google) | | default.provider | string | `""` | [google|oidc|generic-oauth] Default provider (default: google) |
| env | list | `[]` | | | env | list | `[]` | |

7
charts/traefik-forward-auth/templates/deployment.yaml
View File

@ -95,6 +95,13 @@ spec:
- name: URL_PATH - name: URL_PATH
value: {{ .Values.urlPath | quote }} value: {{ .Values.urlPath | quote }}
{{- end }} {{- end }}
{{- if .Values.cookie.secret }}
- name: COOKIE_SECRET
valueFrom:
secretKeyRef:
name: {{ $fullName }}
key: cookie-secret
{{- end }}
{{- if ne .Values.secret "-" }} {{- if ne .Values.secret "-" }}
- name: SECRET - name: SECRET
{{- if .Values.secret }} {{- if .Values.secret }}

7
charts/traefik-forward-auth/templates/secret.yaml
View File

@ -1,4 +1,4 @@
{{- if and (ne .Values.secret "-") (not .Values.secret) }} {{- if or (and (ne .Values.secret "-") (not .Values.secret)) .Values.cookie.secret }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -7,5 +7,10 @@ metadata:
{{- include "traefik-forward-auth.labels" . | nindent 4 }} {{- include "traefik-forward-auth.labels" . | nindent 4 }}
type: Opaque type: Opaque
data: data:
{{- if not .Values.secret }}
secret: {{ randAlphaNum 16 | b64enc | quote }} secret: {{ randAlphaNum 16 | b64enc | quote }}
{{- end }} {{- end }}
{{- if .Values.cookie.secret }}
cookie-secret: {{ .Values.cookie.secret | b64enc | quote }}
{{- end }}
{{- end }}

2
charts/traefik-forward-auth/values.yaml
View File

@ -35,6 +35,8 @@ cookie:
name: "" name: ""
# cookie.csrfName -- CSRF Cookie Name (default: _forward_auth_csrf) # cookie.csrfName -- CSRF Cookie Name (default: _forward_auth_csrf)
csrfName: "" csrfName: ""
# cookie.secret -- Cookie Secret used for authentication across multiple instances / clusters (default: randomly generated)
secret: ""
default: default:
# default.action -- [auth|allow] Default action (default: auth) # default.action -- [auth|allow] Default action (default: auth)
action: "" action: ""