From 4e258501c812f752866c0bf4b7ac03fda663d009 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Mon, 23 Aug 2021 07:42:55 -0400 Subject: [PATCH] feat: remoe oauth2-proxy helm chart --- charts/stable/oauth2-proxy/.helmignore | 23 -- charts/stable/oauth2-proxy/Chart.yaml | 19 -- charts/stable/oauth2-proxy/README.md | 256 ------------------ charts/stable/oauth2-proxy/README.md.gotmpl | 146 ---------- .../oauth2-proxy/README_CHANGELOG.md.gotmpl | 94 ------- .../oauth2-proxy/README_CONFIG.md.gotmpl | 38 --- .../oauth2-proxy/ci/default-values.yaml | 1 - .../ci/ingress-extra-paths-values.yaml | 6 - charts/stable/oauth2-proxy/ci/pdb-values.yaml | 1 - .../ci/pod-security-context-values.yaml | 4 - .../stable/oauth2-proxy/default-values.yaml | 1 - charts/stable/oauth2-proxy/pdb-values.yaml | 2 - .../stable/oauth2-proxy/templates/NOTES.txt | 3 - .../oauth2-proxy/templates/_helpers.tpl | 54 ---- .../configmap-authenticated-emails-file.yaml | 15 - .../templates/configmap-htpasswd-file.yaml | 17 -- .../oauth2-proxy/templates/configmap.yaml | 15 - .../oauth2-proxy/templates/deployment.yaml | 222 --------------- .../oauth2-proxy/templates/google-secret.yaml | 14 - .../oauth2-proxy/templates/ingress.yaml | 46 ---- .../templates/poddisruptionbudget.yaml | 17 -- .../stable/oauth2-proxy/templates/secret.yaml | 16 -- .../oauth2-proxy/templates/service.yaml | 39 --- .../templates/serviceaccount.yaml | 15 - charts/stable/oauth2-proxy/values.yaml | 223 --------------- 25 files changed, 1287 deletions(-) delete mode 100644 charts/stable/oauth2-proxy/.helmignore delete mode 100644 charts/stable/oauth2-proxy/Chart.yaml delete mode 100644 charts/stable/oauth2-proxy/README.md delete mode 100644 charts/stable/oauth2-proxy/README.md.gotmpl delete mode 100644 charts/stable/oauth2-proxy/README_CHANGELOG.md.gotmpl delete mode 100644 charts/stable/oauth2-proxy/README_CONFIG.md.gotmpl delete mode 100644 charts/stable/oauth2-proxy/ci/default-values.yaml delete mode 100644 charts/stable/oauth2-proxy/ci/ingress-extra-paths-values.yaml delete mode 100644 charts/stable/oauth2-proxy/ci/pdb-values.yaml delete mode 100644 charts/stable/oauth2-proxy/ci/pod-security-context-values.yaml delete mode 100644 charts/stable/oauth2-proxy/default-values.yaml delete mode 100644 charts/stable/oauth2-proxy/pdb-values.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/NOTES.txt delete mode 100644 charts/stable/oauth2-proxy/templates/_helpers.tpl delete mode 100644 charts/stable/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/configmap.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/deployment.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/google-secret.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/ingress.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/poddisruptionbudget.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/secret.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/service.yaml delete mode 100644 charts/stable/oauth2-proxy/templates/serviceaccount.yaml delete mode 100644 charts/stable/oauth2-proxy/values.yaml diff --git a/charts/stable/oauth2-proxy/.helmignore b/charts/stable/oauth2-proxy/.helmignore deleted file mode 100644 index 825c0077..00000000 --- a/charts/stable/oauth2-proxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -OWNERS diff --git a/charts/stable/oauth2-proxy/Chart.yaml b/charts/stable/oauth2-proxy/Chart.yaml deleted file mode 100644 index 2ffd340c..00000000 --- a/charts/stable/oauth2-proxy/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: oauth2-proxy -version: 5.0.7 -apiVersion: v1 -appVersion: 7.1.3 -home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/oauth2-proxy -description: A reverse proxy that provides authentication with Google, Github or other providers -icon: https://avatars.githubusercontent.com/u/62798169?s=200&v=4 -keywords: -- kubernetes -- oauth -- oauth2 -- authentication -- google -- github -sources: -- https://github.com/oauth2-proxy/oauth2-proxy -engine: gotpl -kubeVersion: ">=1.9.0-0" -deprecated: true diff --git a/charts/stable/oauth2-proxy/README.md b/charts/stable/oauth2-proxy/README.md deleted file mode 100644 index fb4abf21..00000000 --- a/charts/stable/oauth2-proxy/README.md +++ /dev/null @@ -1,256 +0,0 @@ -# oauth2-proxy - -![Version: 5.0.7](https://img.shields.io/badge/Version-5.0.7-informational?style=flat-square) ![AppVersion: 7.1.3](https://img.shields.io/badge/AppVersion-7.1.3-informational?style=flat-square) - -A reverse proxy that provides authentication with Google, Github or other providers - -**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)** - -## Source Code - -* - -## Requirements - -Kubernetes: `>=1.9.0-0` - -## Dependencies - -| Repository | Name | Version | -|------------|------|---------| - -## TL;DR - -```console -helm repo add k8s-at-home https://k8s-at-home.com/charts/ -helm repo update -helm install oauth2-proxy k8s-at-home/oauth2-proxy -``` - -## Installing the Chart - -To install the chart with the release name `oauth2-proxy` - -```console -helm install oauth2-proxy k8s-at-home/oauth2-proxy -``` - -## Uninstalling the Chart - -To uninstall the `oauth2-proxy` deployment - -```console -helm uninstall oauth2-proxy -``` - -The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release. - -## Configuration - -Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. -Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -```console -helm install oauth2-proxy \ - --set env.TZ="America/New York" \ - k8s-at-home/oauth2-proxy -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. - -```console -helm install oauth2-proxy k8s-at-home/oauth2-proxy -f values.yaml -``` - -## Custom configuration - -### SSL Configuration - -See: [SSL Configuration](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/tls). -Use ```values.yaml``` like: - -```yaml -... -extraArgs: - tls-cert: /path/to/cert.pem - tls-key: /path/to/cert.key - -extraVolumes: - - name: ssl-cert - secret: - secretName: my-ssl-secret - -extraVolumeMounts: - - mountPath: /path/to/ - name: ssl-cert -... -``` - -With a secret called `my-ssl-secret`: - -```yaml -... -data: - cert.pem: AB..== - cert.key: CD..== -``` - -## Values - -**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common) - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | node/pod affinities Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | -| authenticatedEmailsFile.enabled | bool | `false` | Enables authorize individual email addresses | -| authenticatedEmailsFile.restricted_access | string | `""` | [email addresses](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#email-authentication) list config | -| authenticatedEmailsFile.template | string | `""` | Name of the configmap that is handled outside of that chart It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service. Be aware the value name in the extern config map in data needs to be named to "restricted_user_access". One email per line example: restricted_access: |- name1@domain name2@domain If you override the config with restricted_access it will configure a user list within this chart what takes care of the config map resource. | -| config.clientID | string | `"XXXXXXX"` | OAuth client ID | -| config.clientSecret | string | `"XXXXXXXX"` | OAuth client secret | -| config.configFile | string | `"email_domains = [ \"*\" ]\nupstreams = [ \"file:///dev/null\" ]"` | google service account json contents serviceAccountJson: xxxx -- Alternatively, use an existing secret (see google-secret.yaml for required fields) existingSecret: google-secret -- custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | -| config.cookieSecret | string | `"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64` | -| config.existingConfig | string | `nil` | xisting Kubernetes configmap to use for the configuration file. See [config template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/configmap.yaml) for the required values | -| config.google | object | `{}` | | -| extraArgs | object | `{}` | key:value list of extra arguments to give the binary | -| extraEnv | list | `[]` | key:value list of extra environment variables to give the binary | -| extraVolumeMounts | list | `[]` | list of extra volumeMounts | -| extraVolumes | list | `[]` | list of extra volumes | -| htpasswdFile.enabled | bool | `false` | enable htpasswd-file option | -| htpasswdFile.entries | object | `{}` | list of [SHA encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/configuration#command-line-options) | -| htpasswdFile.existingSecret | string | `""` | existing Kubernetes secret to use for OAuth2 htpasswd file | -| httpScheme | string | `"http"` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `"quay.io/oauth2-proxy/oauth2-proxy"` | Image repository | -| image.tag | string | `"v7.1.3"` | Image tag | -| imagePullSecrets | list | `nil` | Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | -| ingress.annotations | object | `{}` | Ingress annotations | -| ingress.enabled | bool | `false` | Enable Ingress | -| ingress.extraPaths | list | `[]` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | -| ingress.hosts | list | `[]` | Ingress accepted hostnames | -| ingress.ingressClassName | string | `nil` | Set ingressClassName | -| ingress.path | string | `"/"` | Ingress accepted path | -| ingress.tls | list | `nil` | Ingress TLS configuration | -| initContainers | list | `[]` | Configure init containers for pod Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | -| livenessProbe | object | `{"enabled":true,"initialDelaySeconds":0,"timeoutSeconds":1}` | Configure Kubernetes liveness probes. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks | -| nodeSelector | object | `{}` | Node labels for pod assignment Ref: https://kubernetes.io/docs/user-guide/node-selection/ | -| podAnnotations | object | `{}` | annotations to add to each pod | -| podDisruptionBudget | object | `{"enabled":true,"minAvailable":1}` | PodDisruptionBudget settings Ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | -| podLabels | object | `{}` | labels to add to each pod | -| podSecurityContext | object | `{}` | | -| priorityClassName | string | `""` | | -| proxyVarsAsSecrets | bool | `true` | | -| readinessProbe | object | `{"enabled":true,"initialDelaySeconds":0,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure Kubernetes readiness probes. | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{"enabled":false,"runAsNonRoot":true}` | Configure Kubernetes security context for container Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| service.annotations | object | `{}` | Service annotations for the GUI | -| service.loadBalancerIP | string | `nil` | Loadbalance IP for the GUI | -| service.loadBalancerSourceRanges | list | `nil` | List of IP CIDRs allowed access to load balancer (if supported) | -| service.port | int | `80` | Kubernetes port where the GUI is exposed | -| service.type | string | `"ClusterIP"` | Kubernetes service type for the GUI | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.enabled | bool | `true` | | -| serviceAccount.name | string | `nil` | | -| tolerations | list | `[]` | Tolerations for pod assignment Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | -| topologySpreadConstraints | object | `{"enabled":false,"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}` | Configure Pod Topology Spread Constraints See https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ Requires Kubernetes >= v1.16 | - -## Changelog - -All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog). - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -### [1.0.0] - -#### Changed - -- This version upgrade oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade. - -### [2.0.0] - -#### Changed - -- support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`. See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information. - -Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0. - -### [3.0.0] - -#### Changed - -- support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart. This is a breaking change since the service account is enabled by default. To disable this behaviour set `serviceAccount.enabled` to `false` - -### [4.0.0] - -#### Changed - -- This is a breaking change as the chart was moved to k8s-at-home. No other change on top of the 3.x.x branch. - -### [5.0.0] - -#### Changed - -- Not many breaking changes. See the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.0.0) for oauth2-proxy, specifically the section "Breaking Changes" for a few configuration changes, particularly to do with the Azure provider. - -### [5.0.1] - -#### Added - -- N/A - -#### Changed - -- Use helm-docs - -#### Removed - -- N/A - -### [5.0.4] - -#### Added - -- Added icon url. - -#### Changed - -- N/A - -#### Removed - -- N/A - -### [5.0.5] - -#### Fixed - -- Update oauth2-proxy website URLs. - -### [5.0.6] - -#### Added - -- N/A - -#### Changed - -- This version upgrade oauth2-proxy to 7.1.3. Please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v7.1.3/CHANGELOG.md) in order to upgrade. - -#### Removed - -- N/A - -[5.0.4]: #5.0.4 -[5.0.1]: #5.0.1 - -## Support - -- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/) -- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose) -- Ask a [question](https://github.com/k8s-at-home/organization/discussions) -- Join our [Discord](https://discord.gg/sTMX7Vh) community - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/stable/oauth2-proxy/README.md.gotmpl b/charts/stable/oauth2-proxy/README.md.gotmpl deleted file mode 100644 index 358abe31..00000000 --- a/charts/stable/oauth2-proxy/README.md.gotmpl +++ /dev/null @@ -1,146 +0,0 @@ -{{- define "custom.repository.organization" -}} -k8s-at-home -{{- end -}} - -{{- define "custom.repository.url" -}} -https://github.com/k8s-at-home/charts -{{- end -}} - -{{- define "custom.helm.url" -}} -https://k8s-at-home.com/charts/ -{{- end -}} - -{{- define "custom.helm.path" -}} -{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }} -{{- end -}} - -{{- define "custom.notes" -}} -**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)** -{{- end -}} - -{{- define "custom.requirements" -}} -## Requirements - -{{ template "chart.kubeVersionLine" . }} -{{- end -}} - -{{- define "custom.dependencies" -}} -## Dependencies - -{{ template "chart.requirementsTable" . }} -{{- end -}} - -{{- define "custom.install.tldr" -}} -## TL;DR - -```console -helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }} -helm repo update -helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -``` -{{- end -}} - -{{- define "custom.install" -}} -## Installing the Chart - -To install the chart with the release name `{{ template "chart.name" . }}` - -```console -helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -``` -{{- end -}} - -{{- define "custom.uninstall" -}} -## Uninstalling the Chart - -To uninstall the `{{ template "chart.name" . }}` deployment - -```console -helm uninstall {{ template "chart.name" . }} -``` - -The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release. -{{- end -}} - -{{- define "custom.configuration.header" -}} -## Configuration -{{- end -}} - -{{- define "custom.configuration.readValues" -}} -Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. -Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). -{{- end -}} - -{{- define "custom.configuration.example.set" -}} -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -```console -helm install {{ template "chart.name" . }} \ - --set env.TZ="America/New York" \ - {{ template "custom.helm.path" . }} -``` -{{- end -}} - -{{- define "custom.configuration.example.file" -}} -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. - -```console -helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml -``` -{{- end -}} - -{{- define "custom.valuesSection" -}} -## Values - -**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common) - -{{ template "chart.valuesTable" . }} -{{- end -}} - -{{- define "custom.support" -}} -## Support - -- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/) -- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose) -- Ask a [question](https://github.com/k8s-at-home/organization/discussions) -- Join our [Discord](https://discord.gg/sTMX7Vh) community -{{- end -}} - -{{ template "chart.header" . }} - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -{{ template "chart.description" . }} - -{{ template "custom.notes" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "custom.requirements" . }} - -{{ template "custom.dependencies" . }} - -{{ template "custom.install.tldr" . }} - -{{ template "custom.install" . }} - -{{ template "custom.uninstall" . }} - -{{ template "custom.configuration.header" . }} - -{{ template "custom.configuration.readValues" . }} - -{{ template "custom.configuration.example.set" . }} - -{{ template "custom.configuration.example.file" . }} - -{{ template "custom.custom.configuration" . }} - -{{ template "custom.valuesSection" . }} - -{{ template "custom.changelog" . }} - -{{ template "custom.support" . }} - -{{ template "helm-docs.versionFooter" . }} -{{ "" }} diff --git a/charts/stable/oauth2-proxy/README_CHANGELOG.md.gotmpl b/charts/stable/oauth2-proxy/README_CHANGELOG.md.gotmpl deleted file mode 100644 index cd839a69..00000000 --- a/charts/stable/oauth2-proxy/README_CHANGELOG.md.gotmpl +++ /dev/null @@ -1,94 +0,0 @@ -{{- define "custom.changelog.header" -}} -## Changelog -{{- end -}} - -{{- define "custom.changelog" -}} -{{ template "custom.changelog.header" . }} - -All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog). - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -### [1.0.0] - -#### Changed - -- This version upgrade oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade. - -### [2.0.0] - -#### Changed - -- support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`. See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information. - -Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0. - -### [3.0.0] - -#### Changed - -- support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart. This is a breaking change since the service account is enabled by default. To disable this behaviour set `serviceAccount.enabled` to `false` - -### [4.0.0] - -#### Changed - -- This is a breaking change as the chart was moved to k8s-at-home. No other change on top of the 3.x.x branch. - -### [5.0.0] - -#### Changed - -- Not many breaking changes. See the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.0.0) for oauth2-proxy, specifically the section "Breaking Changes" for a few configuration changes, particularly to do with the Azure provider. - -### [5.0.1] - -#### Added - -- N/A - -#### Changed - -- Use helm-docs - -#### Removed - -- N/A - -### [5.0.4] - -#### Added - -- Added icon url. - -#### Changed - -- N/A - -#### Removed - -- N/A - -### [5.0.5] - -#### Fixed - -- Update oauth2-proxy website URLs. - -### [5.0.6] - -#### Added - -- N/A - -#### Changed - -- This version upgrade oauth2-proxy to 7.1.3. Please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v7.1.3/CHANGELOG.md) in order to upgrade. - -#### Removed - -- N/A - -[5.0.4]: #5.0.4 -[5.0.1]: #5.0.1 -{{- end -}} diff --git a/charts/stable/oauth2-proxy/README_CONFIG.md.gotmpl b/charts/stable/oauth2-proxy/README_CONFIG.md.gotmpl deleted file mode 100644 index b54e88a4..00000000 --- a/charts/stable/oauth2-proxy/README_CONFIG.md.gotmpl +++ /dev/null @@ -1,38 +0,0 @@ -{{- define "custom.custom.configuration.header" -}} -## Custom configuration -{{- end -}} - -{{- define "custom.custom.configuration" -}} -{{ template "custom.custom.configuration.header" . }} - -### SSL Configuration - -See: [SSL Configuration](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/tls). -Use ```values.yaml``` like: - -```yaml -... -extraArgs: - tls-cert: /path/to/cert.pem - tls-key: /path/to/cert.key - -extraVolumes: - - name: ssl-cert - secret: - secretName: my-ssl-secret - -extraVolumeMounts: - - mountPath: /path/to/ - name: ssl-cert -... -``` - -With a secret called `my-ssl-secret`: - -```yaml -... -data: - cert.pem: AB..== - cert.key: CD..== -``` -{{- end -}} diff --git a/charts/stable/oauth2-proxy/ci/default-values.yaml b/charts/stable/oauth2-proxy/ci/default-values.yaml deleted file mode 100644 index fc2ba605..00000000 --- a/charts/stable/oauth2-proxy/ci/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/stable/oauth2-proxy/ci/ingress-extra-paths-values.yaml b/charts/stable/oauth2-proxy/ci/ingress-extra-paths-values.yaml deleted file mode 100644 index fcd39ec3..00000000 --- a/charts/stable/oauth2-proxy/ci/ingress-extra-paths-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -ingress: - extraPaths: - - path: /* - backend: - serviceName: ssl-redirect - servicePort: use-annotation diff --git a/charts/stable/oauth2-proxy/ci/pdb-values.yaml b/charts/stable/oauth2-proxy/ci/pdb-values.yaml deleted file mode 100644 index 25b16272..00000000 --- a/charts/stable/oauth2-proxy/ci/pdb-values.yaml +++ /dev/null @@ -1 +0,0 @@ -replicaCount: 2 # Enables PodDisruptionBudget which is disabled when replicaCount is 1 diff --git a/charts/stable/oauth2-proxy/ci/pod-security-context-values.yaml b/charts/stable/oauth2-proxy/ci/pod-security-context-values.yaml deleted file mode 100644 index b7c8cea5..00000000 --- a/charts/stable/oauth2-proxy/ci/pod-security-context-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext ---- -podSecurityContext: - fsGroup: 2000 diff --git a/charts/stable/oauth2-proxy/default-values.yaml b/charts/stable/oauth2-proxy/default-values.yaml deleted file mode 100644 index fc2ba605..00000000 --- a/charts/stable/oauth2-proxy/default-values.yaml +++ /dev/null @@ -1 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/stable/oauth2-proxy/pdb-values.yaml b/charts/stable/oauth2-proxy/pdb-values.yaml deleted file mode 100644 index e04bbffe..00000000 --- a/charts/stable/oauth2-proxy/pdb-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# Will trigger creation of pdb -replicaCount: 2 diff --git a/charts/stable/oauth2-proxy/templates/NOTES.txt b/charts/stable/oauth2-proxy/templates/NOTES.txt deleted file mode 100644 index 10d2de84..00000000 --- a/charts/stable/oauth2-proxy/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that oauth2-proxy has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.fullname" . }}" diff --git a/charts/stable/oauth2-proxy/templates/_helpers.tpl b/charts/stable/oauth2-proxy/templates/_helpers.tpl deleted file mode 100644 index e17bd44c..00000000 --- a/charts/stable/oauth2-proxy/templates/_helpers.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "oauth2-proxy.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "oauth2-proxy.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "oauth2-proxy.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get the secret name. -*/}} -{{- define "oauth2-proxy.secretName" -}} -{{- if .Values.config.existingSecret -}} -{{- printf "%s" .Values.config.existingSecret -}} -{{- else -}} -{{- printf "%s" (include "oauth2-proxy.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "oauth2-proxy.serviceAccountName" -}} -{{- if .Values.serviceAccount.enabled -}} - {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/stable/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/charts/stable/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml deleted file mode 100644 index 2d409860..00000000 --- a/charts/stable/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.authenticatedEmailsFile.enabled }} -{{- if .Values.authenticatedEmailsFile.restricted_access }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }}-accesslist -data: - restricted_user_access: {{ .Values.authenticatedEmailsFile.restricted_access | quote }} -{{- end }} -{{- end }} diff --git a/charts/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml b/charts/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml deleted file mode 100644 index c40b6371..00000000 --- a/charts/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file -type: Opaque -stringData: - users.txt: |- - {{- range $entries := .Values.htpasswdFile.entries }} - {{ $entries }} - {{- end -}} -{{- end }} \ No newline at end of file diff --git a/charts/stable/oauth2-proxy/templates/configmap.yaml b/charts/stable/oauth2-proxy/templates/configmap.yaml deleted file mode 100644 index bf5f517c..00000000 --- a/charts/stable/oauth2-proxy/templates/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not .Values.config.existingConfig }} -{{- if .Values.config.configFile }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }} -data: - oauth2_proxy.cfg: {{ .Values.config.configFile | quote }} -{{- end }} -{{- end }} diff --git a/charts/stable/oauth2-proxy/templates/deployment.yaml b/charts/stable/oauth2-proxy/templates/deployment.yaml deleted file mode 100644 index acf4814a..00000000 --- a/charts/stable/oauth2-proxy/templates/deployment.yaml +++ /dev/null @@ -1,222 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "oauth2-proxy.name" . }} - release: {{ .Release.Name }} - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }} -{{- if .Values.htpasswdFile.enabled }} - checksum/htpasswd: {{ include (print $.Template.BasePath "/configmap-htpasswd-file.yaml") . | sha256sum }} -{{- end }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - labels: - app: {{ template "oauth2-proxy.name" . }} - release: "{{ .Release.Name }}" - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }} -{{- if ne (len .Values.initContainers) 0 }} - initContainers: -{{ toYaml .Values.initContainers | indent 6 }} -{{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --http-address=0.0.0.0:4180 - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if or .Values.config.existingConfig .Values.config.configFile }} - - --config=/etc/oauth2_proxy/oauth2_proxy.cfg - {{- end }} - {{- if .Values.authenticatedEmailsFile.enabled }} - {{- if .Values.authenticatedEmailsFile.template }} - - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }} - {{- else }} - - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list - {{- end }} - {{- end }} - {{- with .Values.config.google }} - {{- if and .adminEmail (or .serviceAccountJson .existingSecret) }} - - --google-admin-email={{ .adminEmail }} - - --google-service-account-json=/google/service-account.json - {{- end }} - {{- end }} - {{- if .Values.htpasswdFile.enabled }} - - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt - {{- end }} - env: - {{- if .Values.proxyVarsAsSecrets }} - - name: OAUTH2_PROXY_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ template "oauth2-proxy.secretName" . }} - key: client-id - - name: OAUTH2_PROXY_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "oauth2-proxy.secretName" . }} - key: client-secret - - name: OAUTH2_PROXY_COOKIE_SECRET - valueFrom: - secretKeyRef: - name: {{ template "oauth2-proxy.secretName" . }} - key: cookie-secret - {{- end }} - {{- if .Values.extraEnv }} -{{ toYaml .Values.extraEnv | indent 8 }} - {{- end }} - ports: - - containerPort: 4180 - name: {{ .Values.httpScheme }} - protocol: TCP -{{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /ping - port: {{ .Values.httpScheme }} - scheme: {{ .Values.httpScheme | upper }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} -{{- end }} -{{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /ping - port: {{ .Values.httpScheme }} - scheme: {{ .Values.httpScheme | upper }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} -{{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: -{{- with .Values.config.google }} -{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }} - - name: google-secret - mountPath: /google - readOnly: true -{{- end }} -{{- end }} -{{- if or .Values.config.existingConfig .Values.config.configFile }} - - mountPath: /etc/oauth2_proxy - name: configmain -{{- end }} -{{- if .Values.authenticatedEmailsFile.enabled }} - - mountPath: /etc/oauth2-proxy - name: configaccesslist - readOnly: true -{{- end }} -{{- if .Values.htpasswdFile.enabled }} - - mountPath: /etc/oauth2_proxy/htpasswd - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file - readOnly: true -{{- end }} -{{- if ne (len .Values.extraVolumeMounts) 0 }} -{{ toYaml .Values.extraVolumeMounts | indent 8 }} -{{- end }} -{{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} -{{- end}} - volumes: -{{- with .Values.config.google }} -{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }} - - name: google-secret - secret: - secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}{{ end }} -{{- end }} -{{- end }} - -{{- if .Values.htpasswdFile.enabled }} - - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file - secret: - secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }} -{{- end }} - -{{- if or .Values.config.existingConfig .Values.config.configFile }} - - configMap: - defaultMode: 420 - name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }} - name: configmain -{{- end }} -{{- if ne (len .Values.extraVolumes) 0 }} -{{ toYaml .Values.extraVolumes | indent 6 }} -{{- end }} -{{- if .Values.authenticatedEmailsFile.enabled }} - - configMap: -{{- if .Values.authenticatedEmailsFile.template }} - name: {{ .Values.authenticatedEmailsFile.template }} -{{- else }} - name: {{ template "oauth2-proxy.fullname" . }}-accesslist -{{- end }} - items: - - key: restricted_user_access -{{- if .Values.authenticatedEmailsFile.template }} - path: {{ .Values.authenticatedEmailsFile.template }} -{{- else }} - path: authenticated-emails-list -{{- end }} - name: configaccesslist -{{- end }} - - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} -{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}} -{{- if .Values.topologySpreadConstraints.enabled }} - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: {{ template "oauth2-proxy.name" . }} - release: "{{ .Release.Name }}" - maxSkew: {{ .Values.topologySpreadConstraints.maxSkew }} - topologyKey: {{ .Values.topologySpreadConstraints.topologyKey }} - whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable }} -{{- end }} -{{- end }} diff --git a/charts/stable/oauth2-proxy/templates/google-secret.yaml b/charts/stable/oauth2-proxy/templates/google-secret.yaml deleted file mode 100644 index 0e785b18..00000000 --- a/charts/stable/oauth2-proxy/templates/google-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.config.google (not .Values.config.google.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }}-google -type: Opaque -data: - service-account.json: {{ .serviceAccountJson }} -{{- end -}} diff --git a/charts/stable/oauth2-proxy/templates/ingress.yaml b/charts/stable/oauth2-proxy/templates/ingress.yaml deleted file mode 100644 index 2d25aadc..00000000 --- a/charts/stable/oauth2-proxy/templates/ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "oauth2-proxy.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- $extraPaths := .Values.ingress.extraPaths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} - {{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} - {{- end }} - {{- end }} - rules: - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: -{{ if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: {{ $ingressPath }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/stable/oauth2-proxy/templates/poddisruptionbudget.yaml b/charts/stable/oauth2-proxy/templates/poddisruptionbudget.yaml deleted file mode 100644 index a837fb31..00000000 --- a/charts/stable/oauth2-proxy/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }} -spec: - selector: - matchLabels: - app: {{ template "oauth2-proxy.name" . }} - release: {{ .Release.Name }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} -{{- end }} diff --git a/charts/stable/oauth2-proxy/templates/secret.yaml b/charts/stable/oauth2-proxy/templates/secret.yaml deleted file mode 100644 index 89134fa0..00000000 --- a/charts/stable/oauth2-proxy/templates/secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }} -apiVersion: v1 -kind: Secret -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "oauth2-proxy.fullname" . }} -type: Opaque -data: - cookie-secret: {{ .Values.config.cookieSecret | b64enc | quote }} - client-secret: {{ .Values.config.clientSecret | b64enc | quote }} - client-id: {{ .Values.config.clientID | b64enc | quote }} -{{- end -}} diff --git a/charts/stable/oauth2-proxy/templates/service.yaml b/charts/stable/oauth2-proxy/templates/service.yaml deleted file mode 100644 index 1f9a5bce..00000000 --- a/charts/stable/oauth2-proxy/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ template "oauth2-proxy.fullname" . }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} - type: ClusterIP - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.httpScheme }} - protocol: TCP - name: {{ .Values.httpScheme }} - selector: - app: {{ template "oauth2-proxy.name" . }} - release: {{ .Release.Name }} diff --git a/charts/stable/oauth2-proxy/templates/serviceaccount.yaml b/charts/stable/oauth2-proxy/templates/serviceaccount.yaml deleted file mode 100644 index d3afa68b..00000000 --- a/charts/stable/oauth2-proxy/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if or .Values.serviceAccount.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app: {{ template "oauth2-proxy.name" . }} - chart: {{ template "oauth2-proxy.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ template "oauth2-proxy.fullname" . }} -{{- end -}} diff --git a/charts/stable/oauth2-proxy/values.yaml b/charts/stable/oauth2-proxy/values.yaml deleted file mode 100644 index fd5baa3c..00000000 --- a/charts/stable/oauth2-proxy/values.yaml +++ /dev/null @@ -1,223 +0,0 @@ -# Oauth client configuration specifics -config: - # -- OAuth client ID - clientID: "XXXXXXX" - # -- OAuth client secret - clientSecret: "XXXXXXXX" - # -- server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64` - cookieSecret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - google: {} - # -- user impersonated by the google service account - # adminEmail: xxxx - - # -- google service account json contents - # serviceAccountJson: xxxx - - # -- Alternatively, use an existing secret (see google-secret.yaml for required fields) - # existingSecret: google-secret - - # -- custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line - configFile: |- - email_domains = [ "*" ] - upstreams = [ "file:///dev/null" ] - # Custom configuration file: oauth2_proxy.cfg - # configFile: |- - # pass_basic_auth = false - # pass_access_token = true - - # -- (string)existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/configmap.yaml) for the required values - existingConfig: - -image: - # -- Image repository - repository: "quay.io/oauth2-proxy/oauth2-proxy" - # -- Image tag - tag: "v7.1.3" - # -- Image pull policy - pullPolicy: "IfNotPresent" - -# -- (list) Optionally specify an array of imagePullSecrets. -# Secrets must be manually created in the namespace. -# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod -imagePullSecrets: - # - name: myRegistryKeySecretName - -# -- key:value list of extra arguments to give the binary -extraArgs: {} -# -- key:value list of extra environment variables to give the binary -extraEnv: [] - -# To authorize individual email addresses -# That is part of extraArgs but since this needs special treatment we need to do a separate section -authenticatedEmailsFile: - # -- Enables authorize individual email addresses - enabled: false - # -- Name of the configmap that is handled outside of that chart - # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service. - # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access". - # One email per line - # example: - # restricted_access: |- - # name1@domain - # name2@domain - # If you override the config with restricted_access it will configure a user list within this chart what takes care of the - # config map resource. - template: "" - - # -- [email addresses](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#email-authentication) list config - restricted_access: "" - -service: - # -- Kubernetes service type for the GUI - type: ClusterIP - # -- Kubernetes port where the GUI is exposed - port: 80 - # -- Service annotations for the GUI - annotations: {} - # -- (string) Loadbalance IP for the GUI - loadBalancerIP: - # -- (list) List of IP CIDRs allowed access to load balancer (if supported) - loadBalancerSourceRanges: - -## Create or use ServiceAccount -serviceAccount: - ## Specifies whether a ServiceAccount should be created - enabled: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - -ingress: - # -- Enable Ingress - enabled: false - # -- Ingress accepted path - path: / - # -- Ingress accepted hostnames - hosts: [] - # -- Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - - # -- Ingress annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - # -- (list) Ingress TLS configuration - tls: - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - - # -- (string) Set ingressClassName - ingressClassName: - -resources: {} - # limits: - # cpu: 100m - # memory: 300Mi - # requests: - # cpu: 100m - # memory: 300Mi - -# -- list of extra volumes -extraVolumes: [] - # - name: ca-bundle-cert - # secret: - # secretName: - -# -- list of extra volumeMounts -extraVolumeMounts: [] - # - mountPath: /etc/ssl/certs/ - # name: ca-bundle-cert - -priorityClassName: "" - -# -- node/pod affinities -# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -# -- Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# -- Node labels for pod assignment -# Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables -proxyVarsAsSecrets: true - -# -- Configure Kubernetes liveness probes. -# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ -# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks -livenessProbe: - enabled: true - initialDelaySeconds: 0 - timeoutSeconds: 1 - -# -- Configure Kubernetes readiness probes. -readinessProbe: - enabled: true - initialDelaySeconds: 0 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - -# -- Configure Kubernetes security context for container -# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -securityContext: - enabled: false - runAsNonRoot: true - -# -- annotations to add to each pod -podAnnotations: {} -# -- labels to add to each pod -podLabels: {} -replicaCount: 1 - -# -- PodDisruptionBudget settings -# Ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -podDisruptionBudget: - enabled: true - minAvailable: 1 - -# Configure Kubernetes security context for pod -# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -podSecurityContext: {} - -# -- Configure init containers for pod -# Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -initContainers: [] - -# -- `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. -httpScheme: http - -# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption. -# Alternatively supply an existing secret which contains the required information. -htpasswdFile: - # -- enable htpasswd-file option - enabled: false - # -- existing Kubernetes secret to use for OAuth2 htpasswd file - existingSecret: "" - # -- list of [SHA encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/configuration#command-line-options) - entries: {} - # One row for each user - # example: - # entries: - # - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv - -# -- Configure Pod Topology Spread Constraints -# See https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -# Requires Kubernetes >= v1.16 -topologySpreadConstraints: - enabled: false - maxSkew: 1 - # See https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/ - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: DoNotSchedule