diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2024-11-28 14:09:55 +0100 |
|---|---|---|
| committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-12-09 14:01:59 +0100 |
| commit | 644dd33c78dd4c7fe638f93414617686efea95ec (patch) | |
| tree | 7191169514135ddc7a775784542e688290bd2f75 /kubernetes/authentication/components/oauth2-proxy/templates | |
| parent | c83b46874cdcda8e14b4bf46c2acbff57c9d6e94 (diff) | |
[AUTHENTICATION] New Oslo version
Update for the latest Keycloak version (26.0.x)
Additional support for REALM options.
Add Authorization support
Update keycloak-config-cli and oauth2-proxy charts
Issue-ID: OOM-3306
Change-Id: I1e1d4b7afbaf52bc33904a1589efc25cf578d7a6
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/authentication/components/oauth2-proxy/templates')
11 files changed, 88 insertions, 31 deletions
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml index d9f9cffef7..68c9d76629 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml @@ -6,9 +6,9 @@ metadata: labels: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} -{{- if .Values.authenticatedEmailsFile.annotations }} +{{- with .Values.authenticatedEmailsFile.annotations }} annotations: -{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }}-accesslist namespace: {{ template "oauth2-proxy.namespace" $ }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml index 94d7806d2e..0f164d230c 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml @@ -3,9 +3,9 @@ apiVersion: v1 kind: ConfigMap metadata: -{{- if .Values.config.annotations }} +{{- with .Values.config.annotations }} annotations: -{{ toYaml .Values.config.annotations | indent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} labels: app: {{ template "oauth2-proxy.name" . }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml index 1a626d1ab8..bd5c2c923d 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml @@ -4,14 +4,16 @@ metadata: labels: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} - {{- if .Values.deploymentAnnotations }} + {{- with .Values.deploymentAnnotations }} annotations: -{{ toYaml .Values.deploymentAnnotations | indent 8 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }} namespace: {{ template "oauth2-proxy.namespace" $ }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- with .Values.strategy }} strategy: @@ -23,7 +25,9 @@ spec: template: metadata: annotations: + {{- if .Values.config.configFile }} checksum/config: {{ tpl .Values.config.configFile $ | sha256sum }} + {{- end }} {{- if .Values.alphaConfig.enabled }} checksum/alpha-config: {{ include "oauth2-proxy.alpha-config" . | sha256sum }} {{- end }} @@ -102,6 +106,12 @@ spec: image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}" #image: "{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.image.command }} + command: + {{- range .Values.image.command }} + - {{ . | quote }} + {{- end }} + {{- end }} args: {{- if .Values.alphaConfig.enabled }} - --alpha-config=/etc/oauth2_proxy/oauth2_proxy.yml @@ -136,7 +146,7 @@ spec: {{- if .Values.authenticatedEmailsFile.template }} - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }} {{- else }} - - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list + - --authenticated-emails-file=/etc/oauth2-proxy/{{ template "oauth2-proxy.fullname" . }}-accesslist {{- end }} {{- end }} {{- with .Values.config.google }} @@ -333,7 +343,7 @@ spec: {{- if .Values.authenticatedEmailsFile.template }} path: {{ .Values.authenticatedEmailsFile.template }} {{- else }} - path: authenticated-emails-list + path: {{ template "oauth2-proxy.fullname" . }}-accesslist {{- end }} {{- if .Values.authenticatedEmailsFile.template }} secretName: {{ .Values.authenticatedEmailsFile.template }} @@ -367,7 +377,7 @@ spec: {{- end }} {{- end }} {{- if ne (len .Values.extraVolumes) 0 }} -{{ toYaml .Values.extraVolumes | indent 6 }} +{{ tpl (toYaml .Values.extraVolumes) . | indent 6 }} {{- end }} {{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "configmap") }} - configMap: @@ -381,26 +391,28 @@ spec: {{- if .Values.authenticatedEmailsFile.template }} path: {{ .Values.authenticatedEmailsFile.template }} {{- else }} - path: authenticated-emails-list + path: {{ template "oauth2-proxy.fullname" . }}-accesslist {{- end }} name: configaccesslist {{- end }} - {{- if .Values.imagePullSecrets }} + {{- with (.Values.imagePullSecrets | default .Values.global.imagePullSecrets) }} imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - {{- if .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} affinity: -{{ toYaml .Values.affinity | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.nodeSelector }} + {{- with .Values.nodeSelector }} nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tolerations }} tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- with .Values.topologySpreadConstraints }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/hpa.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/hpa.yaml new file mode 100644 index 0000000000..a6d7461797 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: {{ template "oauth2-proxy.name" . }} +{{- include "oauth2-proxy.labels" . | indent 4 }} + {{- with .Values.autoscaling.annotations }} + annotations: +{{ tpl ( toYaml . ) $ | indent 8 }} + {{- end }} + name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "oauth2-proxy.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml index 5323820487..8cc7953ee9 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml @@ -17,7 +17,7 @@ metadata: namespace: {{ template "oauth2-proxy.namespace" $ }} {{- with .Values.ingress.annotations }} annotations: -{{ toYaml . | indent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} spec: {{- if and .Values.ingress.className ( eq "true" ( include "ingress.supportsIngressClassName" . ) ) }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml index 15bb89338e..ba2c02d5aa 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml @@ -7,8 +7,9 @@ apiVersion: v1 kind: Secret metadata: -{{- if .Values.alphaConfig.annotations }} - annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }} +{{- with .Values.alphaConfig.annotations }} + annotations: +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} labels: app: {{ template "oauth2-proxy.name" . }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml index 95f85a8006..9b607dd34a 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml @@ -7,9 +7,9 @@ metadata: labels: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} -{{- if .Values.authenticatedEmailsFile.annotations }} +{{- with .Values.authenticatedEmailsFile.annotations }} annotations: -{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }}-accesslist namespace: {{ template "oauth2-proxy.namespace" $ }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml index f3364e95a9..a041843484 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: Secret metadata: -{{- if .Values.config.annotations }} +{{- with .Values.config.annotations }} annotations: -{{ toYaml .Values.config.annotations | indent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} labels: app: {{ template "oauth2-proxy.name" . }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml index d16120ee91..e8d02aeba8 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml @@ -6,9 +6,9 @@ metadata: {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} namespace: {{ template "oauth2-proxy.namespace" $ }} -{{- if .Values.service.annotations }} +{{- with .Values.service.annotations }} annotations: -{{ toYaml .Values.service.annotations | indent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} spec: {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} @@ -28,6 +28,12 @@ spec: {{- else }} type: {{ .Values.service.type }} {{- end }} +{{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} +{{- end }} +{{- if .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} +{{- end }} ports: - port: {{ .Values.service.portNumber }} targetPort: {{ .Values.httpScheme }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml index 2a89c4b9e3..e38cd7a7a6 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml @@ -10,7 +10,7 @@ kind: ServiceAccount metadata: {{- with .Values.serviceAccount.annotations }} annotations: - {{- toYaml . | nindent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} labels: app: {{ $name }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml index 3802666be0..99d62fd4ad 100644 --- a/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml @@ -4,7 +4,7 @@ kind: ServiceMonitor metadata: {{- with .Values.metrics.serviceMonitor.annotations }} annotations: - {{- toYaml . | nindent 4 }} +{{ tpl ( toYaml . ) $ | indent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }} {{- if .Values.metrics.serviceMonitor.namespace }} |