aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/platform
diff options
context:
space:
mode:
authorLukasz Rajewski <lukasz.rajewski@t-mobile.pl>2024-06-06 13:02:24 +0000
committerGerrit Code Review <gerrit@onap.org>2024-06-06 13:02:24 +0000
commit3aca0e2323480a220cd4064731755cf9aab0278b (patch)
tree399e27fec948b99d9910f9b5c461e19d11d6d520 /kubernetes/platform
parent1da9965f3e8aa658e08d26e93270d284ff738d19 (diff)
parente9f67624d1f5e25d24c951e385661341baa21830 (diff)
Merge "[AUTHENTICATION] Restructured keycloak and Oauth2-proxy"
Diffstat (limited to 'kubernetes/platform')
-rw-r--r--kubernetes/platform/Chart.yaml9
-rw-r--r--kubernetes/platform/components/keycloak-init/.helmignore25
-rw-r--r--kubernetes/platform/components/keycloak-init/Chart.yaml35
-rw-r--r--kubernetes/platform/components/keycloak-init/Makefile60
-rw-r--r--kubernetes/platform/components/keycloak-init/components/Makefile59
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore23
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml45
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl68
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml103
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml32
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml28
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml97
-rw-r--r--kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json426
-rw-r--r--kubernetes/platform/components/keycloak-init/templates/secret.yaml17
-rw-r--r--kubernetes/platform/components/keycloak-init/values.yaml41
-rw-r--r--kubernetes/platform/components/oauth2-proxy/.helmignore23
-rw-r--r--kubernetes/platform/components/oauth2-proxy/Chart.yaml34
-rw-r--r--kubernetes/platform/components/oauth2-proxy/Makefile60
-rwxr-xr-xkubernetes/platform/components/oauth2-proxy/components/Makefile58
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore23
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml41
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md323
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml1
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml4
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml5
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml6
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml14
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml1
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml4
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml12
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml4
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml21
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt3
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl23
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl110
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl46
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml32
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml17
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml17
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml345
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml12
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml4
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml12
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml40
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml14
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml22
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml18
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml15
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml18
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml54
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml14
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml31
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml364
-rw-r--r--kubernetes/platform/components/oauth2-proxy/values.yaml74
-rw-r--r--kubernetes/platform/values.yaml6
55 files changed, 2 insertions, 2991 deletions
diff --git a/kubernetes/platform/Chart.yaml b/kubernetes/platform/Chart.yaml
index aec56cf9a1..c3f776803e 100644
--- a/kubernetes/platform/Chart.yaml
+++ b/kubernetes/platform/Chart.yaml
@@ -3,6 +3,7 @@
# Modifications Copyright © 2020 Nokia
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,11 +35,3 @@ dependencies:
version: ~13.x-0
repository: '@local'
condition: chartmuseum.enabled
- - name: keycloak-init
- version: ~13.x-0
- repository: '@local'
- condition: keycloak-init.enabled
- - name: oauth2-proxy
- version: ~13.x-0
- repository: '@local'
- condition: oauth2-proxy.enabled
diff --git a/kubernetes/platform/components/keycloak-init/.helmignore b/kubernetes/platform/components/keycloak-init/.helmignore
deleted file mode 100644
index cf02291a2a..0000000000
--- a/kubernetes/platform/components/keycloak-init/.helmignore
+++ /dev/null
@@ -1,25 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-ci/
-examples/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/kubernetes/platform/components/keycloak-init/Chart.yaml b/kubernetes/platform/components/keycloak-init/Chart.yaml
deleted file mode 100644
index 44ac9f5213..0000000000
--- a/kubernetes/platform/components/keycloak-init/Chart.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright © 2022 Deutsche Telekom
-# ================================================================================
-# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-apiVersion: v2
-version: 13.0.1
-description: ONAP Realm creation and configuration
-name: keycloak-init
-sources:
-- https://github.com/adorsys/keycloak-config-cli
-
-# Keycloakx chart version: 1.6.0
-dependencies:
- - name: common
- version: ~13.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~13.x-0
- repository: '@local'
- - name: onap-keycloak-config-cli
- version: 5.10.0
- repository: 'file://components/keycloak-config-cli'
diff --git a/kubernetes/platform/components/keycloak-init/Makefile b/kubernetes/platform/components/keycloak-init/Makefile
deleted file mode 100644
index 5970a97115..0000000000
--- a/kubernetes/platform/components/keycloak-init/Makefile
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-# Modifications Copyright © 2020 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/platform/components/keycloak-init/components/Makefile b/kubernetes/platform/components/keycloak-init/components/Makefile
deleted file mode 100644
index 4ecfbc53cc..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/Makefile
+++ /dev/null
@@ -1,59 +0,0 @@
-# Copyright © 2020 Samsung Electronics, Orange, Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore
deleted file mode 100644
index 0e8a0eb36f..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml
deleted file mode 100644
index abcf889834..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright © adorsys GmbH & Co. KG
-# Modifications © 2022 Deutsche Telekom
-# ================================================================================
-# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-apiVersion: v2
-name: onap-keycloak-config-cli
-description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
-home: https://github.com/adorsys/keycloak-config-cli
-version: 5.10.0
-appVersion: 5.10.0
-maintainers:
- - name: jkroepke
- email: joe@adorsys.de
- url: https://github.com/jkroepke
-keywords:
- - keycloak
- - config
- - import
- - json
- - continuous-integration
- - keycloak-config-cli
-sources:
- - https://github.com/adorsys/keycloak-config-cli
-
-dependencies:
- - name: common
- version: ~13.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~13.x-0
- repository: '@local' \ No newline at end of file
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl
deleted file mode 100644
index cc1ad7ad8d..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl
+++ /dev/null
@@ -1,68 +0,0 @@
-{{/*
- # Copyright © adorsys GmbH & Co. KG
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-*/}}
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "keycloak-config-cli.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "keycloak-config-cli.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "keycloak-config-cli.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "keycloak-config-cli.labels" -}}
-helm.sh/chart: {{ include "keycloak-config-cli.chart" . }}
-{{ include "keycloak-config-cli.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "keycloak-config-cli.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "keycloak-config-cli.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml
deleted file mode 100644
index 322db2b7a1..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
-{{/*
- # Copyright © adorsys GmbH & Co. KG
- # Modifications © 2022, Deutsche Telekom
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-*/}}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- {{- with .Values.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
- name: {{ template "keycloak-config-cli.fullname" . }}
- labels:
- {{- include "keycloak-config-cli.labels" . | nindent 4 }}
-spec:
- backoffLimit: {{ .Values.backoffLimit }}
- template:
- metadata:
- {{- with .Values.podAnnotations }}
- annotations:
- {{- . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "keycloak-config-cli.selectorLabels" . | nindent 8 }}
- {{- with .Values.podLabels }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- spec:
- {{- with .Values.image.pullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- restartPolicy: Never
- containers:
- - name: keycloak-config-cli
- image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ tpl .Values.image.tag $ }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- {{- with .Values.resources }}
- resources:
- {{- toYaml . | nindent 10 }}
- {{- end }}
- env:
- {{- range $name, $value := .Values.env }}
- - name: {{ $name | quote }}
- value: {{ tpl $value $ | quote }}
- {{- end }}
- {{- range $name, $value := .Values.secrets }}
- - name: {{ $name | quote }}
- valueFrom:
- secretKeyRef:
- name: "{{ template "keycloak-config-cli.fullname" $ }}"
- key: {{ $name | quote }}
- {{- end }}
- {{- if and .Values.existingSecret .Values.existingSecretKey }}
- - name: "KEYCLOAK_PASSWORD"
- valueFrom:
- secretKeyRef:
- name: "{{ tpl .Values.existingSecret . }}"
- key: "{{ .Values.existingSecretKey }}"
- {{- end }}
- {{- with .Values.securityContext }}
- securityContext:
- {{- toYaml . | nindent 10 }}
- {{- end }}
- volumeMounts:
- - name: config
- mountPath: /config
- {{- with .Values.extraVolumeMounts }}
- {{- tpl . $ | nindent 12 }}
- {{- end }}
- {{ include "common.waitForJobContainer" . | indent 8 | trim }}
- volumes:
- - name: config
- secret:
- {{- if .Values.existingConfigSecret }}
- secretName: "{{ tpl .Values.existingConfigSecret $ }}"
- {{- else }}
- secretName: "{{ template "keycloak-config-cli.fullname" . }}-config-realms"
- {{- end }}
- defaultMode: 0555
- {{- with .Values.extraVolumes }}
- {{- tpl . $ | nindent 8 }}
- {{- end }}
- {{- with .Values.serviceAccount }}
- serviceAccountName: "{{ tpl . $ }}"
- {{- end }}
- {{- with .Values.securityContext }}
- securityContext:
- {{- toYaml . | nindent 8 }}
- {{- end }}
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml
deleted file mode 100644
index fa9363e9d0..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{/*
- # Copyright © adorsys GmbH & Co. KG
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-*/}}
-{{ if not .Values.existingConfigSecret }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ template "keycloak-config-cli.fullname" . }}-config-realms
- labels:
- {{- include "keycloak-config-cli.labels" . | nindent 4 }}
-data:
- {{- range $name, $config := .Values.config }}
- {{- if hasKey $config "file" }}
- {{ $name }}.json: "{{ tpl ($.Files.Get $config.file) $ | b64enc }}"
- {{- else if hasKey $config "inline" }}
- {{ $name }}.json: "{{ tpl (toJson $config.inline) $ | b64enc }}"
- {{- end }}
- {{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml
deleted file mode 100644
index 94505289e6..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{/*
- # Copyright © adorsys GmbH & Co. KG
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-*/}}
-{{ if .Values.secrets }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ template "keycloak-config-cli.fullname" . }}
- labels:
- {{- include "keycloak-config-cli.labels" . | nindent 4 }}
-data:
- {{- range $name, $value := .Values.secrets }}
- {{ $name }}: "{{ tpl $value $ | b64enc }}"
- {{- end }}
- {{- end }}
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml
deleted file mode 100644
index 5f8d4a3fd5..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright © adorsys GmbH & Co. KG
-# Modifications © 2022, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-global:
- pullPolicy: Always
- persistence: {}
- dockerHubRepository: docker.io
-
-fullnameOverride: ""
-nameOverride: ""
-
-image:
- repository: adorsys/keycloak-config-cli
- tag: "{{ .Chart.AppVersion }}-22.0.4"
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- pullSecrets: []
- # - myRegistryKeySecretName
-
-# Count of re(!)tries. A value of 2 means 3 tries in total.
-backoffLimit: 1
-
-# annotations of the Job. Define helm post hook here
-# currently disabled to see the results and to be compliant with ArgoCD
-#annotations:
-# "helm.sh/hook": "post-install,post-upgrade,post-rollback"
-# "helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation"
-# "helm.sh/hook-weight": "5"
-
-labels: {}
-
-resources: {}
- # limits:
- # cpu: "100m"
- # memory: "1Gi"
- # requests:
- # cpu: "100m"
-# memory: "1Gi"
-
-env:
- KEYCLOAK_URL: http://keycloak:8080
- KEYCLOAK_USER: admin
- IMPORT_PATH: /config/
-
-secrets: {}
-# KEYCLOAK_PASSWORD:
-
-# Specifies an existing secret to be used for the admin password
-existingSecret: ""
-
-# The key in the existing secret that stores the password
-existingSecretKey: password
-
-securityContext: {}
-containerSecurityContext: {}
-
-## Additional pod labels
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-## Extra Annotations to be added to pod
-podAnnotations: {}
-
-config: {}
- # <realm name>:
- # inline:
- # realm: <realm name>
- # clients: []
- # <realm name>:
- # file: <path>
-
-existingConfigSecret: ""
-
-# Add additional volumes, e.g. for custom secrets
-extraVolumes: ""
-
-# Add additional volumes mounts, e. g. for custom secrets
-extraVolumeMounts: ""
-
-wait_for_job_container:
- containers:
- - 'keycloak-config-cli'
diff --git a/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json b/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json
deleted file mode 100644
index d845c60cfb..0000000000
--- a/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json
+++ /dev/null
@@ -1,426 +0,0 @@
-{
- "id": "ONAP",
- "realm": "ONAP",
- "enabled": true,
- "roles": {
- "realm": [
- {
- "name": "onap_admin",
- "description": "User role for administration tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "user",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "admin",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "onap_designer",
- "description": "User role for designer tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "offline_access",
- "description": "${role_offline-access}",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "onap_operator",
- "description": "User role for operator tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "uma_authorization",
- "description": "${role_uma_authorization}",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "default-roles-onap",
- "description": "${role_default-roles}",
- "composite": true,
- "composites": {
- "realm": [
- "offline_access",
- "uma_authorization"
- ],
- "client": {
- "account": [
- "view-profile",
- "manage-account"
- ]
- }
- },
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- }
- ]
- },
- "groups": [
- {
- "name": "admins",
- "path": "/admins",
- "attributes": {},
- "realmRoles": [],
- "clientRoles": {},
- "subGroups": []
- }
- ],
- "clients": [
- {
- "clientId": "oauth2-proxy",
- "name": "Oauth2 Proxy",
- "description": "",
- "rootUrl": "",
- "adminUrl": "",
- "baseUrl": "",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "secret": "5YSOkJz99WHv8enDZPknzJuGqVSerELp",
- "redirectUris": [
- "*"
- ],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": true,
- "protocol": "openid-connect",
- "attributes": {
- "tls-client-certificate-bound-access-tokens": "false",
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "client_credentials.use_refresh_token": "false",
- "acr.loa.map": "{}",
- "require.pushed.authorization.requests": "false",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false",
- "token.response.type.bearer.lower-case": "false",
- "use.refresh.tokens": "true"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "name": "SDC-User",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "multivalued": "false",
- "userinfo.token.claim": "true",
- "user.attribute": "sdc_user",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "sdc_user",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "profile",
- "roles",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "groups",
- "microprofile-jwt"
- ]
- },
- {
- "clientId": "portal-app",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "{{ .Values.portalUrl }}/*",
- "http://localhost/*"
- ],
- "webOrigins": [
- "*"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "name": "User-Roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "roles",
- "multivalued": "true",
- "userinfo.token.claim": "true"
- }
- },
- {
- "name": "SDC-User",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "sdc_user",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "sdc_user",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "profile",
- "roles",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "clientId" : "portal-bff",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : false,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : true,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : {
- "saml.force.post.binding" : "false",
- "saml.multivalued.roles" : "false",
- "frontchannel.logout.session.required" : "false",
- "oauth2.device.authorization.grant.enabled" : "false",
- "backchannel.logout.revoke.offline.tokens" : "false",
- "saml.server.signature.keyinfo.ext" : "false",
- "use.refresh.tokens" : "true",
- "oidc.ciba.grant.enabled" : "false",
- "backchannel.logout.session.required" : "true",
- "client_credentials.use_refresh_token" : "false",
- "require.pushed.authorization.requests" : "false",
- "saml.client.signature" : "false",
- "saml.allow.ecp.flow" : "false",
- "id.token.as.detached.signature" : "false",
- "saml.assertion.signature" : "false",
- "client.secret.creation.time" : "1665048112",
- "saml.encrypt" : "false",
- "saml.server.signature" : "false",
- "exclude.session.state.from.auth.response" : "false",
- "saml.artifact.binding" : "false",
- "saml_force_name_id_format" : "false",
- "acr.loa.map" : "{}",
- "tls.client.certificate.bound.access.tokens" : "false",
- "saml.authnstatement" : "false",
- "display.on.consent.screen" : "false",
- "token.response.type.bearer.lower-case" : "false",
- "saml.onetimeuse.condition" : "false"
- },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : -1,
- "protocolMappers" : [ {
- "name" : "Client Host",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usersessionmodel-note-mapper",
- "consentRequired" : false,
- "config" : {
- "user.session.note" : "clientHost",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "clientHost",
- "jsonType.label" : "String"
- }
- }, {
- "name" : "Client IP Address",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usersessionmodel-note-mapper",
- "consentRequired" : false,
- "config" : {
- "user.session.note" : "clientAddress",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "clientAddress",
- "jsonType.label" : "String"
- }
- } ],
- "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }
- ],
- "users": [
- {
- "createdTimestamp" : 1664965113698,
- "username" : "onap-admin",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sdc_user" : [ "cs0008" ]
- },
- "credentials" : [ {
- "type" : "password",
- "createdDate" : 1664965134586,
- "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
- "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
- } ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_admin" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048354760,
- "username" : "onap-designer",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sec_user" : [ "cs0008" ]
- },
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_designer" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048547054,
- "username" : "onap-operator",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sdc_user" : [ "cs0008" ]
- },
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_operator" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048112458,
- "username" : "service-account-portal-bff",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "serviceAccountClientId" : "portal-bff",
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap" ],
- "clientRoles" : {
- "realm-management" : [ "manage-realm", "manage-users" ]
- },
- "notBefore" : 0,
- "groups" : [ ]
- }
- ],
- "clientScopes": [
- {
- "name": "groups",
- "description": "Membership to a group",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "gui.order": "",
- "consent.screen.text": ""
- },
- "protocolMappers": [
- {
- "name": "groups",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-group-membership-mapper",
- "consentRequired": false,
- "config": {
- "full.path": "false",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "groups",
- "userinfo.token.claim": "true"
- }
- }
- ]
- }
- ],
- "attributes": {
- "frontendUrl": "{{ .Values.KEYCLOAK_URL }}",
- "acr.loa.map": "{\"ABC\":\"5\"}"
- }
-}
diff --git a/kubernetes/platform/components/keycloak-init/templates/secret.yaml b/kubernetes/platform/components/keycloak-init/templates/secret.yaml
deleted file mode 100644
index 0d9b387dfa..0000000000
--- a/kubernetes/platform/components/keycloak-init/templates/secret.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: keycloak-config-cli-config-realms
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-{{- with .Files.Glob "resources/realms/*json" }}
-data:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/keycloak-init/values.yaml b/kubernetes/platform/components/keycloak-init/values.yaml
deleted file mode 100644
index a33ef2c932..0000000000
--- a/kubernetes/platform/components/keycloak-init/values.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright © 2022, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- # Global ingress configuration
- ingress:
- enabled: false
- virtualhost:
- baseurl: "simpledemo.onap.org"
-
-KEYCLOAK_URL: &kc-url "https://keycloak-ui.simpledemo.onap.org/auth/"
-PORTAL_URL: "https://portal-ui.simpledemo.onap.org"
-
-onap-keycloak-config-cli:
- image:
- pullSecrets:
- - name: onap-docker-registry-key
- #existingSecret: "keycloak-keycloakx-admin-creds"
- env:
- KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/
- KEYCLOAK_SSLVERIFY: "false"
- KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
- secrets:
- KEYCLOAK_PASSWORD: secret
- existingConfigSecret: "keycloak-config-cli-config-realms"
-
-serviceAccount:
- nameOverride: keycloak-init
- roles:
- - read
diff --git a/kubernetes/platform/components/oauth2-proxy/.helmignore b/kubernetes/platform/components/oauth2-proxy/.helmignore
deleted file mode 100644
index 825c007791..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-
-OWNERS
diff --git a/kubernetes/platform/components/oauth2-proxy/Chart.yaml b/kubernetes/platform/components/oauth2-proxy/Chart.yaml
deleted file mode 100644
index 13da57793c..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/Chart.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright © 2022 Deutsche Telekom
-# ================================================================================
-# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-apiVersion: v2
-version: 13.0.0
-description: ONAP Oauth2-proxy
-name: oauth2-proxy
-sources:
-- https://github.com/oauth2-proxy/manifests
-
-dependencies:
- - name: common
- version: ~13.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~13.x-0
- repository: '@local'
- - name: onap-oauth2-proxy
- version: 6.10.1
- repository: 'file://components/oauth2-proxy' \ No newline at end of file
diff --git a/kubernetes/platform/components/oauth2-proxy/Makefile b/kubernetes/platform/components/oauth2-proxy/Makefile
deleted file mode 100644
index 5970a97115..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/Makefile
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-# Modifications Copyright © 2020 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/platform/components/oauth2-proxy/components/Makefile b/kubernetes/platform/components/oauth2-proxy/components/Makefile
deleted file mode 100755
index 9544d70f33..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore
deleted file mode 100644
index 825c007791..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-
-OWNERS
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml
deleted file mode 100644
index b31b35f46d..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-name: onap-oauth2-proxy
-version: 6.10.1
-apiVersion: v2
-appVersion: 7.4.0
-home: https://oauth2-proxy.github.io/oauth2-proxy/
-description: A reverse proxy that provides authentication with Google, Github or other providers
-keywords:
- - kubernetes
- - oauth
- - oauth2
- - authentication
- - google
- - github
- - redis
-dependencies:
- - name: redis
- version: ~16.13.2
- repository: https://charts.bitnami.com/bitnami
- alias: redis
- condition: redis.enabled
- - name: common
- version: ~13.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~13.x-0
- repository: '@local'
-
-sources:
- - https://github.com/oauth2-proxy/oauth2-proxy
- - https://github.com/oauth2-proxy/manifests
-maintainers:
- - name: desaintmartin
- email: cedric@desaintmartin.fr
- - name: tlawrie
- - name: NickMeves
- email: nicholas.meves@gmail.com
- - name: JoelSpeed
- email: joel.speed@hotmail.co.uk
- - name: pierluigilenoci
- email: pierluigi.lenoci@gmail.com
-kubeVersion: ">=1.9.0-0"
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md
deleted file mode 100644
index 9e18388501..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md
+++ /dev/null
@@ -1,323 +0,0 @@
-# oauth2-proxy
-
-[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
-
-## TL;DR;
-
-```console
-$ helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
-$ helm install my-release oauth2-proxy/oauth2-proxy
-```
-
-## Introduction
-
-This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```console
-$ helm install my-release oauth2-proxy/oauth2-proxy
-```
-
-The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm uninstall my-release
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Upgrading an existing Release to a new major version
-
-A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
-incompatible breaking change needing manual actions.
-
-### To 1.0.0
-
-This version upgrades oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade.
-
-### To 2.0.0
-
-Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`. See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
-
-Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade` of this chart from versions earlier than 2.0.0.
-
-### To 3.0.0
-
-Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart. This is a breaking change since the service account is enabled by default. To disable this behaviour set `serviceAccount.enabled` to `false`
-
-### To 4.0.0
-
-Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**.
-Therefore the `ingress.extraPaths` parameter needs to be updated to the new format.
-See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information.
-
-For the same reason `service.port` was renamed to `service.portNumber`.
-
-### To 5.0.0
-
-Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). This is a breaking change because many labels of all resources need to be updated to stay consistent.
-
-In order to upgrade, delete the Deployment before upgrading:
-
-```bash
-kubectl delete deployment my-release-oauth2-proxy
-```
-
-This will introduce a slight downtime.
-
-For users who don't want downtime, you can perform these actions:
-
-- Perform a non-cascading removal of the deployment that keeps the pods running
-- Add new labels to pods
-- Perform `helm upgrade`
-
-### To 6.0.0
-
-Version 6.0.0 bumps the version of the redis subchart from ~10.6.0 to ~16.4.0. You probably need to adjust your redis config. See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis#upgrading) for detailed upgrade instructions.
-
-## Configuration
-
-The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
-
-Parameter | Description | Default
---- | --- | ---
-`affinity` | node/pod affinities | None
-`authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false`
-`authenticatedEmailsFile.persistence` | Defines how the email addresses file will be projected, via a configmap or secret | `configmap`
-`authenticatedEmailsFile.template` | Name of the configmap or secret that is handled outside of that chart | `""`
-`authenticatedEmailsFile.restrictedUserAccessKey` | The key of the configmap or secret that holds the email addresses list | `""`
-`authenticatedEmailsFile.restricted_access` | [email addresses](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#email-authentication) list config | `""`
-`authenticatedEmailsFile.annotations` | configmap or secret annotations | `nil`
-`config.clientID` | oauth client ID | `""`
-`config.clientSecret` | oauth client secret | `""`
-`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64` | `""`
-`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
-`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
-`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
-`config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""`
-`alphaConfig.enabled` | Flag to toggle any alpha config related logic | `false`
-`alphaConfig.annotations` | Configmap annotations | `{}`
-`alphaConfig.serverConfigData` | Arbitrary configuration data to append to the server section | `{}`
-`alphaConfig.metricsConfigData` | Arbitrary configuration data to append to the metrics section | `{}`
-`alphaConfig.configData` | Arbitrary configuration data to append | `{}`
-`alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap-alpha.yaml) for the required values | `nil`
-`customLabels` | Custom labels to add into metadata | `{}` |
-`config.google.adminEmail` | user impersonated by the google service account | `""`
-`config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account json | `false`
-`config.google.targetPrincipal` | service account to use/impersonate | `""`
-`config.google.serviceAccountJson` | google service account json contents | `""`
-`config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
-`config.google.groups` | restrict logins to members of these google groups | `[]`
-`containerPort` | used to customise port on the deployment | `""`
-`extraArgs` | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows to configure the same flag multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]`
-`extraContainers` | List of extra containers to be added to the pod | `[]`
-`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
-`extraVolumes` | list of extra volumes | `[]`
-`extraVolumeMounts` | list of extra volumeMounts | `[]`
-`hostAlias.enabled` | provide extra ip:hostname alias for network name resolution.
-`hostAlias.ip` | `ip` address `hostAliases.hostname` should resolve to.
-`hostAlias.hostname` | `hostname` associated to `hostAliases.ip`.
-`htpasswdFile.enabled` | enable htpasswd-file option | `false`
-`htpasswdFile.entries` | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options) | `{}`
-`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
-`httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
-`image.repository` | Image repository | `quay.io/oauth2-proxy/oauth2-proxy`
-`image.tag` | Image tag | `""` (defaults to appVersion)
-`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
-`ingress.enabled` | Enable Ingress | `false`
-`ingress.className` | name referencing IngressClass | `nil`
-`ingress.path` | Ingress accepted path | `/`
-`ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific`
-`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
-`ingress.annotations` | Ingress annotations | `nil`
-`ingress.hosts` | Ingress accepted hostnames | `nil`
-`ingress.tls` | Ingress TLS configuration | `nil`
-`livenessProbe.enabled` | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
-`livenessProbe.initialDelaySeconds` | number of seconds | 0
-`livenessProbe.timeoutSeconds` | number of seconds | 1
-`nodeSelector` | node labels for pod assignment | `{}`
-`deploymentAnnotations` | annotations to add to the deployment | `{}`
-`podAnnotations` | annotations to add to each pod | `{}`
-`podLabels` | additional labesl to add to each pod | `{}`
-`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true
-`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget | 1
-`podSecurityContext` | Kubernetes security context to apply to pod | `{}`
-`priorityClassName` | priorityClassName | `nil`
-`readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
-`readinessProbe.initialDelaySeconds` | number of seconds | 0
-`readinessProbe.timeoutSeconds` | number of seconds | 5
-`readinessProbe.periodSeconds` | number of seconds | 10
-`readinessProbe.successThreshold` | number of successes | 1
-`replicaCount` | desired number of pods | `1`
-`resources` | pod resource requests & limits | `{}`
-`revisionHistoryLimit` | maximum number of revisions maintained | 10
-`service.portNumber` | port number for the service | `80`
-`service.appProtocol` | application protocol on the port of the service | `http`
-`service.type` | type of service | `ClusterIP`
-`service.clusterIP` | cluster ip address | `nil`
-`service.loadBalancerIP` | ip of load balancer | `nil`
-`service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil`
-`service.nodePort` | external port number for the service when service.type is `NodePort` | `nil`
-`serviceAccount.enabled` | create a service account | `true`
-`serviceAccount.name` | the service account name | ``
-`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
-`tolerations` | list of node taints to tolerate | `[]`
-`securityContext.enabled` | enable Kubernetes security context on container | `false`
-`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
-`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
-`sessionStorage.type` | Session storage type which can be one of the following: cookie or redis | `cookie`
-`sessionStorage.redis.existingSecret` | Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) | `""`
-`sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations. Taken from redis subchart secret if not set. sessionStorage.redis.existingSecret takes precedence | `nil`
-`sessionStorage.redis.passwordKey` | Key of the Kubernetes secret data containing the redis password value | `redis-password`
-`sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone`
-`sessionStorage.redis.standalone.connectionUrl` | URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set. | `""`
-`sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]`
-`sessionStorage.redis.sentinel.existingSecret` | Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret` | `""`
-`sessionStorage.redis.sentinel.password` | Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password` | `nil`
-`sessionStorage.redis.sentinel.passwordKey` | Key of the Kubernetes secret data containing the redis sentinel password value | `redis-sentinel-password`
-`sessionStorage.redis.sentinel.masterName` | Redis sentinel master name | `nil`
-`sessionStorage.redis.sentinel.connectionUrls` | List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]`
-`topologySpreadConstraints` | List of pod topology spread constraints | `[]`
-`redis.enabled` | Enable the redis subchart deployment | `false`
-`checkDeprecation` | Enable deprecation checks | `true`
-`metrics.enabled` | Enable Prometheus metrics endpoint | `true`
-`metrics.port` | Serve Prometheus metrics on this port | `44180`
-`metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil`
-`metrics.service.appProtocol` | application protocol of the metrics port in the service | `http`
-`metrics.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false`
-`metrics.servicemonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""`
-`metrics.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default`
-`metrics.servicemonitor.interval` | Prometheus scrape interval | `60s`
-`metrics.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s`
-`metrics.servicemonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}`
-`extraObjects` | Extra K8s manifests to deploy | `[]`
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```console
-$ helm install my-release oauth2-proxy/oauth2-proxy \
- --set=image.tag=v0.0.2,resources.limits.cpu=200m
-```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install my-release oauth2-proxy/oauth2-proxy -f values.yaml
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-
-## TLS Configuration
-
-See: [TLS Configuration](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/tls).
-Use ```values.yaml``` like:
-
-```yaml
-...
-extraArgs:
- tls-cert-file: /path/to/cert.pem
- tls-key-file: /path/to/cert.key
-
-extraVolumes:
- - name: ssl-cert
- secret:
- secretName: my-ssl-secret
-
-extraVolumeMounts:
- - mountPath: /path/to/
- name: ssl-cert
-...
-```
-
-With a secret called `my-ssl-secret`:
-
-```yaml
-...
-data:
- cert.pem: AB..==
- cert.key: CD..==
-```
-
-## Extra environment variable templating
-The extraEnv value supports the tpl function which evaluate strings as templates inside the deployment template.
-This is useful to pass a template string as a value to the chart's extra environment variables and to render external configuration environment values
-
-
-```yaml
-...
-tplValue: "This is a test value for the tpl function"
-extraEnv:
- - name: TEST_ENV_VAR_1
- value: test_value_1
- - name: TEST_ENV_VAR_2
- value: '{{ .Values.tplValue }}'
-```
-
-## Custom templates configuration
-You can replace the default template files using a Kubernetes `configMap` volume. The default templates are the two files [sign_in.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/sign_in.html) and [error.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/error.html).
-
-```yaml
-config:
- configFile: |
- ...
- custom_templates_dir = "/data/custom-templates"
-
-extraVolumes:
- - name: custom-templates
- configMap:
- name: oauth2-proxy-custom-templates
-
-extraVolumeMounts:
- - name: custom-templates
- mountPath: "/data/custom-templates"
- readOnly: true
-
-extraObjects:
- - apiVersion: v1
- kind: ConfigMap
- metadata:
- name: oauth2-proxy-custom-templates
- data:
- sign_in.html: |
- <!DOCTYPE html>
- <html>
- <body>sign_in</body>
- </html>
- error.html: |
- <!DOCTYPE html>
- <html>
- <body>
- <h1>error</h1>
- <p>{{.StatusCode}}</p>
- </body>
- </html>
-```
-## Multi whitelist-domain configuration
-For using multi whitelist-domain configuration for one Oauth2-proxy instance, you have to use the config.configFile section.
-
-It will be overwriting the `/etc/oauth2_proxy/oauth2_proxy.cfg` configuration file.
-In this example, Google provider is used, but you can find all other provider configuration here [oauth_provider](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/)
-
-```yaml
-config:
- ...
- clientID="$YOUR_GOOGLE_CLIENT_ID"
- clientSecret="$YOUR_GOOGLE_CLIENT_SECRET"
- cookieSecret="$YOUR_COOKIE_SECRET"
- configFile: |
- ...
- email_domains = [ "*" ]
- upstreams = [ "file:///dev/null" ]
- cookie_secure = "false"
- cookie_domains = [ ".domain.com", ".otherdomain.io" ]
- whitelist_domains = [ ".domain.com", ".otherdomain.io"]
- provider = "google"
-```
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml
deleted file mode 100644
index fc2ba605ad..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml
+++ /dev/null
@@ -1 +0,0 @@
-# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml
deleted file mode 100644
index 92dc451807..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-extraArgs:
- pass-authorization-header: "true"
- request-logging: "true"
- allowed-role: client_id:client_role
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml
deleted file mode 100644
index 5f47a5f479..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-extraArgs:
- - "--pass-authorization-header=true"
- - "--request-logging=true"
- - --allowed-role=client_id:client_role_A
- - --allowed-role=client_id_B:client_role_C
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml
deleted file mode 100644
index 357dba9153..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-tplValue: "This is a test value for the template function"
-extraEnv:
- - name: TEST_ENV_VAR_1
- value: test_value_1
- - name: TEST_ENV_VAR_2
- value: '{{ .Values.tplValue }}'
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml
deleted file mode 100644
index e74a393db0..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-ingress:
- enabled: true
- path: /
- pathType: ImplementationSpecific
- hosts:
- - chart-example.local
- extraPaths:
- - path: /*
- pathType: ImplementationSpecific
- backend:
- service:
- name: ssl-redirect
- port:
- name: use-annotation
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml
deleted file mode 100644
index 25b16272a7..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml
+++ /dev/null
@@ -1 +0,0 @@
-replicaCount: 2 # Enables PodDisruptionBudget which is disabled when replicaCount is 1
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml
deleted file mode 100644
index b7c8cea546..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
----
-podSecurityContext:
- fsGroup: 2000
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml
deleted file mode 100644
index e3418c39fa..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-sessionStorage:
- type: redis
- redis:
- clientType: "standalone"
- password: "foo"
-redis:
- # provision an instance of the redis sub-chart
- enabled: true
- architecture: standalone
- global:
- redis:
- password: "foo"
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml
deleted file mode 100644
index 9d31c28541..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-metrics:
- enabled: true
- serviceMonitor:
- enabled: true
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml
deleted file mode 100644
index 65977d921b..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-extraEnv:
- - name: TEST_ENV_VAR_2
- value: '{{ $.Release.Name }}'
-ingress:
- enabled: true
- hosts:
- - "{{ $.Release.Name }}.local"
- tls:
- - hosts:
- - "{{ $.Release.Name }}.local"
-oauth2-proxy:
- checkDeprecation: false
- config:
- clientSecret: '{{ $.Release.Name }}'
- configFile: |
- oidc_issuer_url = "https://{{ $.Release.Name }}/dex"
-
-pass_authorization_header: "true"
-
-extraArgs:
- pass-authorization-header: "{{ $.Values.pass_authorization_header }}"
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt
deleted file mode 100644
index aa749e0b9d..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-To verify that oauth2-proxy has started, run:
-
- kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl
deleted file mode 100644
index f959f10e49..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl
+++ /dev/null
@@ -1,23 +0,0 @@
-{{/*
-Returns the appropriate apiVersion for podDisruptionBudget object.
-*/}}
-{{- define "capabilities.podDisruptionBudget.apiVersion" -}}
-{{- if semverCompare ">=1.21-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
-{{- print "policy/v1" -}}
-{{- else -}}
-{{- print "policy/v1beta1" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for ingress object.
-*/}}
-{{- define "capabilities.ingress.apiVersion" -}}
-{{- if semverCompare "<1.14-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
-{{- print "extensions/v1beta1" -}}
-{{- else if semverCompare "<1.19-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
-{{- print "networking.k8s.io/v1beta1" -}}
-{{- else -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl
deleted file mode 100644
index 87c64493b7..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl
+++ /dev/null
@@ -1,110 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "oauth2-proxy.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "oauth2-proxy.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "oauth2-proxy.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Generate basic labels
-*/}}
-{{- define "oauth2-proxy.labels" }}
-helm.sh/chart: {{ include "oauth2-proxy.chart" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/component: authentication-proxy
-app.kubernetes.io/part-of: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-{{- if .Values.customLabels }}
-{{ toYaml .Values.customLabels }}
-{{- end }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "oauth2-proxy.selectorLabels" }}
-app.kubernetes.io/name: {{ include "oauth2-proxy.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Get the secret name.
-*/}}
-{{- define "oauth2-proxy.secretName" -}}
-{{- if .Values.config.existingSecret -}}
-{{- printf "%s" .Values.config.existingSecret -}}
-{{- else -}}
-{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "oauth2-proxy.serviceAccountName" -}}
-{{- if .Values.serviceAccount.enabled -}}
- {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
- {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Redis subcharts fullname
-*/}}
-{{- define "oauth2-proxy.redis.fullname" -}}
-{{- if .Values.redis.enabled -}}
-{{- include "common.names.fullname" (dict "Chart" (dict "Name" "redis") "Release" .Release "Values" .Values.redis) -}}
-{{- else -}}
-{{ fail "attempting to use redis subcharts fullname, even though the subchart is not enabled. This will lead to misconfiguration" }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Compute the redis url if not set explicitly.
-*/}}
-{{- define "oauth2-proxy.redis.StandaloneUrl" -}}
-{{- if .Values.sessionStorage.redis.standalone.connectionUrl -}}
-{{ .Values.sessionStorage.redis.standalone.connectionUrl }}
-{{- else if .Values.redis.enabled -}}
-{{- printf "redis://%s-master:%.0f" (include "oauth2-proxy.redis.fullname" .) .Values.redis.master.service.ports.redis -}}
-{{- else -}}
-{{ fail "please set sessionStorage.redis.standalone.connectionUrl or enable the redis subchart via redis.enabled" }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Returns the version
-*/}}
-{{- define "oauth2-proxy.version" -}}
-{{ trimPrefix "v" (lower (.Values.image.tag | default (printf "v%s" .Chart.AppVersion))) }}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl
deleted file mode 100644
index f4a3cad0e4..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl
+++ /dev/null
@@ -1,46 +0,0 @@
-{{/*
-Returns `true` if the API `ingressClassName` field is supported and `false` otherwise
-*/}}
-{{- define "ingress.supportsIngressClassName" -}}
-{{- if ( semverCompare "<1.18-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) ) -}}
-{{- print "false" -}}
-{{- else -}}
-{{- print "true" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Returns `true` if the API `pathType` field is supported and `false` otherwise
-*/}}
-{{- define "ingress.supportsPathType" -}}
-{{- if ( semverCompare "<1.18-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) ) -}}
-{{- print "false" -}}
-{{- else -}}
-{{- print "true" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Returns the appropriate ingress `backend` fields depending on the Kubernetes API version.
-e.g.: `{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}`
-Where the dict must contain the following entries:
-- `serviceName` {String} - Name of an existing service backend
-- `servicePort` {String|Number} - Port name or port number of the service.
-- `context` {Dict} - (Parent) Context for the template evaluation required for the API version detection.
-*/}}
-{{- define "ingress.backend" -}}
-{{- $apiVersion := ( include "capabilities.ingress.apiVersion" .context ) -}}
-{{- if or ( eq $apiVersion "extensions/v1beta1" ) ( eq $apiVersion "networking.k8s.io/v1beta1" ) -}}
-serviceName: {{ .serviceName }}
-servicePort: {{ .servicePort }}
-{{- else -}}
-service:
- name: {{ .serviceName }}
- port:
- {{- if typeIs "string" .servicePort }}
- name: {{ .servicePort }}
- {{- else if or ( typeIs "int" .servicePort ) ( typeIs "float64" .servicePort ) }}
- number: {{ .servicePort }}
- {{- end }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml
deleted file mode 100644
index 7ba0273ab2..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- if .Values.alphaConfig.enabled }}
-{{- if not .Values.alphaConfig.existingConfig }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-{{- if .Values.alphaConfig.annotations }}
- annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }}
-{{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
- {{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}-alpha
-data:
- oauth2_proxy.yml: |
- ---
- server:
- BindAddress: '0.0.0.0:4180'
- {{- if .Values.alphaConfig.serverConfigData }}
- {{- toYaml .Values.alphaConfig.serverConfigData | nindent 6 }}
- {{- end }}
- {{- if .Values.metrics.enabled }}
- metricsServer:
- BindAddress: '0.0.0.0:44180'
- {{- if .Values.alphaConfig.metricsConfigData }}
- {{- toYaml .Values.alphaConfig.metricsConfigData | nindent 6 }}
- {{- end }}
- {{- end }}
- {{- if .Values.alphaConfig.configData }}
- {{- toYaml .Values.alphaConfig.configData | nindent 4 }}
- {{- end }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
deleted file mode 100644
index cf4e77eaaa..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if .Values.authenticatedEmailsFile.enabled }}
-{{- if and (.Values.authenticatedEmailsFile.restricted_access) (eq .Values.authenticatedEmailsFile.persistence "configmap") }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
-{{- if .Values.authenticatedEmailsFile.annotations }}
- annotations:
-{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
-{{- end }}
- name: {{ template "oauth2-proxy.fullname" . }}-accesslist
-data:
- {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml
deleted file mode 100644
index 8a19ccb943..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if not .Values.config.existingConfig }}
-{{- if .Values.config.configFile }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-{{- if .Values.config.annotations }}
- annotations:
-{{ toYaml .Values.config.annotations | indent 4 }}
-{{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}
-data:
- oauth2_proxy.cfg: {{ tpl .Values.config.configFile $ | quote }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml
deleted file mode 100644
index 4523591231..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml
+++ /dev/null
@@ -1,345 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- {{- if .Values.deploymentAnnotations }}
- annotations:
-{{ toYaml .Values.deploymentAnnotations | indent 8 }}
- {{- end }}
- name: {{ template "oauth2-proxy.fullname" . }}
-spec:
- replicas: {{ .Values.replicaCount }}
- {{- if .Values.revisionHistoryLimit }}
- revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
- {{- end }}
- selector:
- matchLabels:
- {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
- template:
- metadata:
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
- {{- if .Values.alphaConfig.enabled }}
- checksum/alpha-config: {{ include (print $.Template.BasePath "/configmap-alpha.yaml") . | sha256sum }}
- {{- end }}
- checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
- checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
- checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
- checksum/redis-secret: {{ include (print $.Template.BasePath "/redis-secret.yaml") . | sha256sum }}
-{{- if .Values.htpasswdFile.enabled }}
- checksum/htpasswd: {{ include (print $.Template.BasePath "/secret-htpasswd-file.yaml") . | sha256sum }}
-{{- end }}
- {{- if .Values.podAnnotations }}
-{{ toYaml .Values.podAnnotations | indent 8 }}
- {{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
- {{- include "oauth2-proxy.labels" . | indent 8 }}
- {{- if .Values.podLabels }}
-{{ toYaml .Values.podLabels | indent 8 }}
- {{- end }}
- spec:
- {{- if .Values.priorityClassName }}
- priorityClassName: "{{ .Values.priorityClassName }}"
- {{- end }}
- {{- with .Values.podSecurityContext }}
- securityContext:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
- automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
- {{- if .Values.hostAlias.enabled }}
- hostAliases:
- - ip: {{ .Values.hostAlias.ip }}
- hostnames:
- - {{ .Values.hostAlias.hostname }}
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}"
- #image: "{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- args:
- {{- if .Values.alphaConfig.enabled }}
- - --alpha-config=/etc/oauth2_proxy/oauth2_proxy.yml
- {{- else }}
- - --http-address=0.0.0.0:4180
- - --https-address=0.0.0.0:4443
- {{- if .Values.metrics.enabled }}
- - --metrics-address=0.0.0.0:44180
- {{- end }}
- {{- end }}
- {{- if .Values.config.cookieName }}
- - --cookie-name={{ .Values.config.cookieName }}
- {{- end }}
- {{- if kindIs "map" .Values.extraArgs }}
- {{- range $key, $value := .Values.extraArgs }}
- {{- if $value }}
- - --{{ $key }}={{ tpl ($value | toString) $ }}
- {{- else }}
- - --{{ $key }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if kindIs "slice" .Values.extraArgs }}
- {{- with .Values.extraArgs }}
- {{- toYaml . | nindent 10 }}
- {{- end }}
- {{- end }}
- {{- if or .Values.config.existingConfig .Values.config.configFile }}
- - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
- {{- end }}
- {{- if .Values.authenticatedEmailsFile.enabled }}
- {{- if .Values.authenticatedEmailsFile.template }}
- - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
- {{- else }}
- - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
- {{- end }}
- {{- end }}
- {{- with .Values.config.google }}
- {{- if and .adminEmail (or .serviceAccountJson .existingSecret .useApplicationDefaultCredentials) }}
- - --google-admin-email={{ .adminEmail }}
- {{- if .useApplicationDefaultCredentials }}
- - --google-use-application-default-credentials=true
- {{- else }}
- - --google-service-account-json=/google/service-account.json
- {{- end }}
- {{- if .targetPrincipal }}
- - --google-target-principal={{ .targetPrincipal }}
- {{- end }}
- {{- end }}
- {{- if .groups }}
- {{- range $group := .groups }}
- - --google-group={{ $group }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.htpasswdFile.enabled }}
- - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
- {{- end }}
- env:
- {{- if .Values.proxyVarsAsSecrets }}
- - name: OAUTH2_PROXY_CLIENT_ID
- valueFrom:
- secretKeyRef:
- name: {{ template "oauth2-proxy.secretName" . }}
- key: client-id
- - name: OAUTH2_PROXY_CLIENT_SECRET
- valueFrom:
- secretKeyRef:
- name: {{ template "oauth2-proxy.secretName" . }}
- key: client-secret
- - name: OAUTH2_PROXY_COOKIE_SECRET
- valueFrom:
- secretKeyRef:
- name: {{ template "oauth2-proxy.secretName" . }}
- key: cookie-secret
- {{- end }}
- {{- if eq (default "cookie" .Values.sessionStorage.type) "redis" }}
- - name: OAUTH2_PROXY_SESSION_STORE_TYPE
- value: "redis"
- {{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth).enabled )}}
- - name: OAUTH2_PROXY_REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- {{- if .Values.sessionStorage.redis.existingSecret }}
- name: {{ .Values.sessionStorage.redis.existingSecret }}
- {{- else if .Values.sessionStorage.redis.password }}
- name: {{ template "oauth2-proxy.fullname" . }}-redis-access
- {{- else }}
- name: {{ include "oauth2-proxy.redis.fullname" . }}
- {{- end }}
- key: {{ .Values.sessionStorage.redis.passwordKey }}
- {{- end }}
- {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
- - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
- value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
- {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
- - name: OAUTH2_PROXY_REDIS_USE_CLUSTER
- value: "true"
- - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
- value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }}
- {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
- - name: OAUTH2_PROXY_REDIS_USE_SENTINEL
- value: "true"
- - name: OAUTH2_PROXY_REDIS_SENTINEL_MASTER_NAME
- value: {{ .Values.sessionStorage.redis.sentinel.masterName }}
- - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
- value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }}
- {{- if or .Values.sessionStorage.redis.sentinel.existingSecret .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.sentinel.password }}
- - name: OAUTH2_PROXY_REDIS_SENTINEL_PASSWORD
- valueFrom:
- secretKeyRef:
- {{- if or .Values.sessionStorage.redis.sentinel.existingSecret .Values.sessionStorage.redis.existingSecret }}
- name: {{ .Values.sessionStorage.redis.sentinel.existingSecret | default .Values.sessionStorage.redis.existingSecret }}
- {{- else }}
- name: {{ template "oauth2-proxy.fullname" . }}-redis-access
- {{- end }}
- key: {{ .Values.sessionStorage.redis.sentinel.passwordKey }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- if .Values.extraEnv }}
-{{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
- {{- end }}
- ports:
- {{- if .Values.containerPort }}
- - containerPort: {{ .Values.containerPort }}
- {{- else if (and (eq .Values.httpScheme "http") (empty .Values.containerPort)) }}
- - containerPort: 4180
- {{- else if (and (eq .Values.httpScheme "https") (empty .Values.containerPort)) }}
- - containerPort: 4443
- {{- else }}
- {{- end}}
- name: {{ .Values.httpScheme }}
- protocol: TCP
-{{- if .Values.metrics.enabled }}
- - containerPort: 44180
- protocol: TCP
- name: metrics
-{{- end }}
-{{- if .Values.livenessProbe.enabled }}
- livenessProbe:
- httpGet:
- path: /ping
- port: {{ .Values.httpScheme }}
- scheme: {{ .Values.httpScheme | upper }}
- initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
- timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
-{{- end }}
-{{- if .Values.readinessProbe.enabled }}
- readinessProbe:
- httpGet:
- path: {{ if gt (include "oauth2-proxy.version" .) "7.4.0" }}/ready{{ else }}/ping{{ end }}
- port: {{ .Values.httpScheme }}
- scheme: {{ .Values.httpScheme | upper }}
- initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
- timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
- successThreshold: {{ .Values.readinessProbe.successThreshold }}
- periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-{{- end }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- volumeMounts:
-{{- with .Values.config.google }}
-{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
- - name: google-secret
- mountPath: /google
- readOnly: true
-{{- end }}
-{{- end }}
-{{- if or .Values.config.existingConfig .Values.config.configFile }}
- - mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
- name: configmain
- subPath: oauth2_proxy.cfg
-{{- end }}
-{{- if .Values.alphaConfig.enabled }}
- - mountPath: /etc/oauth2_proxy/oauth2_proxy.yml
- name: configalpha
- subPath: oauth2_proxy.yml
-{{- end }}
-{{- if .Values.authenticatedEmailsFile.enabled }}
- - mountPath: /etc/oauth2-proxy
- name: configaccesslist
- readOnly: true
-{{- end }}
-{{- if .Values.htpasswdFile.enabled }}
- - mountPath: /etc/oauth2_proxy/htpasswd
- name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
- readOnly: true
-{{- end }}
-{{- if ne (len .Values.extraVolumeMounts) 0 }}
-{{ toYaml .Values.extraVolumeMounts | indent 8 }}
-{{- end }}
-{{- if .Values.securityContext.enabled }}
-{{- $securityContext := unset .Values.securityContext "enabled" }}
- securityContext:
- {{- toYaml $securityContext | nindent 10 }}
-{{- end }}
-{{- if .Values.extraContainers }}
- {{- toYaml .Values.extraContainers | nindent 6 }}
-{{- end }}
- volumes:
-{{- with .Values.config.google }}
-{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
- - name: google-secret
- secret:
- secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}-google{{ end }}
-{{- end }}
-{{- end }}
-
-{{- if .Values.htpasswdFile.enabled }}
- - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
- secret:
- secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
-{{- end }}
-
-{{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "secret") }}
- - name: configaccesslist
- secret:
- items:
- - key: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}
-{{- if .Values.authenticatedEmailsFile.template }}
- path: {{ .Values.authenticatedEmailsFile.template }}
-{{- else }}
- path: authenticated-emails-list
-{{- end }}
-{{- if .Values.authenticatedEmailsFile.template }}
- secretName: {{ .Values.authenticatedEmailsFile.template }}
-{{- else }}
- secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
-{{- end }}
-{{- end }}
-
-{{- if or .Values.config.existingConfig .Values.config.configFile }}
- - configMap:
- defaultMode: 420
- name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
- name: configmain
-{{- end }}
-{{- if .Values.alphaConfig.enabled }}
- - configMap:
- defaultMode: 420
- name: {{ if .Values.alphaConfig.existingConfig }}{{ .Values.alphaConfig.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }}
- name: configalpha
-{{- end }}
-{{- if ne (len .Values.extraVolumes) 0 }}
-{{ toYaml .Values.extraVolumes | indent 6 }}
-{{- end }}
-{{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "configmap") }}
- - configMap:
-{{- if .Values.authenticatedEmailsFile.template }}
- name: {{ .Values.authenticatedEmailsFile.template }}
-{{- else }}
- name: {{ template "oauth2-proxy.fullname" . }}-accesslist
-{{- end }}
- items:
- - key: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}
-{{- if .Values.authenticatedEmailsFile.template }}
- path: {{ .Values.authenticatedEmailsFile.template }}
-{{- else }}
- path: authenticated-emails-list
-{{- end }}
- name: configaccesslist
-{{- end }}
-
- {{- if .Values.imagePullSecrets }}
- imagePullSecrets:
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
- {{- end }}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end }}
- tolerations:
-{{ toYaml .Values.tolerations | indent 8 }}
- {{- with .Values.topologySpreadConstraints }}
- topologySpreadConstraints:
- {{- toYaml . | nindent 8 }}
- {{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml
deleted file mode 100644
index 126d3e7a18..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.checkDeprecation }}
- {{- if .Values.service.port }}
- {{ fail "`service.port` does no longer exist. It has been renamed to `service.portNumber`" }}
- {{- end }}
- {{- if eq ( include "capabilities.ingress.apiVersion" . ) "networking.k8s.io/v1" -}}
- {{- range .Values.ingress.extraPaths }}
- {{- if or (.backend.serviceName) (.backend.servicePort) }}
- {{ fail "Please update the format of your `ingress.extraPaths` to the new ingress apiVersion `networking.k8s.io/v1` format" }}
- {{- end }}
- {{- end }}
- {{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml
deleted file mode 100644
index a9bb3b6ba8..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-{{ range .Values.extraObjects }}
----
-{{ tpl (toYaml .) $ }}
-{{ end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml
deleted file mode 100644
index 5703273d93..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if and .Values.config.google (and (not .Values.config.google.existingSecret) (not .Values.config.google.useApplicationDefaultCredentials)) }}
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}-google
-type: Opaque
-data:
- service-account.json: {{ .Values.config.google.serviceAccountJson | b64enc | quote }}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml
deleted file mode 100644
index 73fd758d16..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $serviceName := include "oauth2-proxy.fullname" . -}}
-{{- $servicePort := .Values.service.portNumber -}}
-{{- $ingressPath := .Values.ingress.path -}}
-{{- $ingressPathType := .Values.ingress.pathType -}}
-{{- $extraPaths := .Values.ingress.extraPaths -}}
-apiVersion: {{ include "capabilities.ingress.apiVersion" . }}
-kind: Ingress
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}
-{{- with .Values.ingress.annotations }}
- annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
- {{- if and .Values.ingress.className ( eq "true" ( include "ingress.supportsIngressClassName" . ) ) }}
- ingressClassName: {{ .Values.ingress.className | quote }}
- {{- end }}
- rules:
- {{- range $host := .Values.ingress.hosts }}
- - host: {{ tpl $host $ | quote }}
- http:
- paths:
-{{- if $extraPaths }}
-{{ toYaml $extraPaths | indent 10 }}
-{{- end }}
- - path: {{ $ingressPath }}
- {{- if eq "true" ( include "ingress.supportsPathType" $ ) }}
- pathType: {{ $ingressPathType }}
- {{- end }}
- backend: {{- include "ingress.backend" ( dict "serviceName" $serviceName "servicePort" $servicePort "context" $ ) | nindent 14 }}
- {{- end -}}
- {{- if .Values.ingress.tls }}
- tls:
-{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
- {{- end -}}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml
deleted file mode 100644
index 7cdbbbeabb..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }}
-apiVersion: {{ include "capabilities.podDisruptionBudget.apiVersion" . }}
-kind: PodDisruptionBudget
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}
-spec:
- selector:
- matchLabels:
- {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
- minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml
deleted file mode 100644
index 7a1555d8b3..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-{{- $name := include "oauth2-proxy.name" . -}}
-{{- $fullName := include "oauth2-proxy.fullname" . -}}
-{{- $labels := include "oauth2-proxy.labels" . -}}
-{{- with .Values.sessionStorage }}
-{{- if and (eq .type "redis") (not .redis.existingSecret) (or .redis.password .redis.sentinel.password) }}
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app: {{ $name }}
- {{- $labels | indent 4 }}
- name: {{ $fullName }}-redis-access
-type: Opaque
-data:
- {{- if and .redis.password (not .redis.existingSecret) }}
- {{ .redis.passwordKey }}: {{ .redis.password | b64enc | quote }}
- {{- end }}
- {{- if and .redis.sentinel.password (not .redis.sentinel.existingSecret) (ne .redis.sentinel.passwordKey .redis.passwordKey) }}
- {{ .redis.sentinel.passwordKey }}: {{ .redis.sentinel.password | b64enc | quote }}
- {{- end }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
deleted file mode 100644
index ce79db1dce..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{- if .Values.authenticatedEmailsFile.enabled }}
-{{- if and (.Values.authenticatedEmailsFile.restricted_access) (eq .Values.authenticatedEmailsFile.persistence "secret") }}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
-{{- if .Values.authenticatedEmailsFile.annotations }}
- annotations:
-{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
-{{- end }}
- name: {{ template "oauth2-proxy.fullname" . }}-accesslist
-data:
- {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | b64enc }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml
deleted file mode 100644
index 44fe67e96a..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
-type: Opaque
-stringData:
- users.txt: |-
- {{- range $entries := .Values.htpasswdFile.entries }}
- {{ $entries }}
- {{- end -}}
-{{- end }} \ No newline at end of file
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml
deleted file mode 100644
index c9b3791f89..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }}
-apiVersion: v1
-kind: Secret
-metadata:
-{{- if .Values.config.annotations }}
- annotations:
-{{ toYaml .Values.config.annotations | indent 4 }}
-{{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}
-type: Opaque
-data:
- cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }}
- client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }}
- client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml
deleted file mode 100644
index d9563ac283..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}
-{{- if .Values.service.annotations }}
- annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
- type: ClusterIP
- {{- if .Values.service.clusterIP }}
- clusterIP: {{ .Values.service.clusterIP }}
- {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
- type: {{ .Values.service.type }}
- {{- if .Values.service.loadBalancerIP }}
- loadBalancerIP: {{ .Values.service.loadBalancerIP }}
- {{- end }}
- {{- if .Values.service.loadBalancerSourceRanges }}
- loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
- {{- end -}}
-{{- else }}
- type: {{ .Values.service.type }}
-{{- end }}
- ports:
- - port: {{ .Values.service.portNumber }}
- targetPort: {{ .Values.httpScheme }}
- {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
- nodePort: {{ .Values.service.nodePort }}
- {{- end }}
- protocol: TCP
- {{- with .Values.service.appProtocol }}
- appProtocol: {{ . }}
- {{- end }}
- name: {{ .Values.httpScheme }}
- {{- if and .Values.metrics.enabled .Values.metrics.port }}
- - port: {{ .Values.metrics.port }}
- protocol: TCP
- {{- with .Values.metrics.service.appProtocol }}
- appProtocol: {{ . }}
- {{- end }}
- targetPort: metrics
- {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.metrics.nodePort))) }}
- nodePort: {{ .Values.metrics.nodePort }}
- {{- end }}
- name: metrics
- {{- end }}
- selector:
- {{- include "oauth2-proxy.selectorLabels" . | indent 4 }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml
deleted file mode 100644
index 6d0a9d7c59..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if or .Values.serviceAccount.enabled -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- {{- with .Values.serviceAccount.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.serviceAccountName" . }}
-automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml
deleted file mode 100644
index 9c29d1bfd1..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.servicemonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: {{ template "oauth2-proxy.fullname" . }}
-{{- if .Values.metrics.servicemonitor.namespace }}
- namespace: {{ .Values.metrics.servicemonitor.namespace }}
-{{- else }}
- namespace: {{ .Release.Namespace | quote }}
-{{- end }}
- labels:
- prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }}
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
-{{- if .Values.metrics.servicemonitor.labels }}
-{{ toYaml .Values.metrics.servicemonitor.labels | indent 4}}
-{{- end }}
-spec:
- jobLabel: {{ template "oauth2-proxy.fullname" . }}
- selector:
- matchLabels:
- {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
- namespaceSelector:
- matchNames:
- - {{ .Release.Namespace }}
- endpoints:
- - port: metrics
- path: "/metrics"
- interval: {{ .Values.metrics.servicemonitor.interval }}
- scrapeTimeout: {{ .Values.metrics.servicemonitor.scrapeTimeout }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml
deleted file mode 100644
index 8f81e15d03..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml
+++ /dev/null
@@ -1,364 +0,0 @@
-global:
- quayRepository: quay.io
-
-# Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
-# This is especially useful for `helm template` as capabilities are always empty
-# due to the fact that it doesn't query an actual cluster
-kubeVersion:
-
-# Oauth client configuration specifics
-config:
- # Add config annotations
- annotations: {}
- # OAuth client ID
- clientID: "XXXXXXX"
- # OAuth client secret
- clientSecret: "XXXXXXXX"
- # Create a new secret with the following command
- # openssl rand -base64 32 | head -c 32 | base64
- # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
- # Example:
- # existingSecret: secret
- cookieSecret: "XXXXXXXXXXXXXXXX"
- # The name of the cookie that oauth2-proxy will create
- # If left empty, it will default to the release name
- cookieName: ""
- google: {}
- # adminEmail: xxxx
- # useApplicationDefaultCredentials: true
- # targetPrincipal: xxxx
- # serviceAccountJson: xxxx
- # Alternatively, use an existing secret (see google-secret.yaml for required fields)
- # Example:
- # existingSecret: google-secret
- # groups: []
- # Example:
- # - group1@example.com
- # - group2@example.com
- # Default configuration, to be overridden
- configFile: |-
- email_domains = [ "*" ]
- upstreams = [ "file:///dev/null" ]
- # Custom configuration file: oauth2_proxy.cfg
- # configFile: |-
- # pass_basic_auth = false
- # pass_access_token = true
- # Use an existing config map (see configmap.yaml for required fields)
- # Example:
- # existingConfig: config
-
-alphaConfig:
- enabled: false
- # Add config annotations
- annotations: {}
- # Arbitrary configuration data to append to the server section
- serverConfigData: {}
- # Arbitrary configuration data to append to the metrics section
- metricsConfigData: {}
- # Arbitrary configuration data to append
- configData: {}
- # Use an existing config map (see configmap-alpha.yaml for required fields)
- existingConfig: ~
-
-image:
- #repository: "quay.io/oauth2-proxy/oauth2-proxy"
- repository: "oauth2-proxy/oauth2-proxy"
- # appVersion is used by default
- tag: ""
- pullPolicy: "IfNotPresent"
-
-# Optionally specify an array of imagePullSecrets.
-# Secrets must be manually created in the namespace.
-# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
-# imagePullSecrets:
- # - name: myRegistryKeySecretName
-
-# Set a custom containerPort if required.
-# This will default to 4180 if this value is not set and the httpScheme set to http
-# This will default to 4443 if this value is not set and the httpScheme set to https
-# containerPort: 4180
-
-extraArgs: {}
-extraEnv: []
-
-# -- Custom labels to add into metadata
-customLabels: {}
-
-# To authorize individual email addresses
-# That is part of extraArgs but since this needs special treatment we need to do a separate section
-authenticatedEmailsFile:
- enabled: false
- # Defines how the email addresses file will be projected, via a configmap or secret
- persistence: configmap
- # template is the name of the configmap what contains the email user list but has been configured without this chart.
- # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
- # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access" or to the
- # provided value in restrictedUserAccessKey field.
- template: ""
- # The configmap/secret key under which the list of email access is stored
- # Defaults to "restricted_user_access" if not filled-in, but can be overridden to allow flexibility
- restrictedUserAccessKey: ""
- # One email per line
- # example:
- # restricted_access: |-
- # name1@domain
- # name2@domain
- # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
- # config map resource.
- restricted_access: ""
- annotations: {}
- # helm.sh/resource-policy: keep
-
-service:
- type: ClusterIP
- # when service.type is ClusterIP ...
- # clusterIP: 192.0.2.20
- # when service.type is LoadBalancer ...
- # loadBalancerIP: 198.51.100.40
- # loadBalancerSourceRanges: 203.0.113.0/24
- # when service.type is NodePort ...
- # nodePort: 80
- portNumber: 80
- # Protocol set on the service
- appProtocol: http
- annotations: {}
- # foo.io/bar: "true"
-
-## Create or use ServiceAccount
-serviceAccount:
- ## Specifies whether a ServiceAccount should be created
- enabled: true
- ## The name of the ServiceAccount to use.
- ## If not set and create is true, a name is generated using the fullname template
- name:
- automountServiceAccountToken: true
- annotations: {}
-
-ingress:
- enabled: false
- # className: nginx
- path: /
- # Only used if API capabilities (networking.k8s.io/v1) allow it
- pathType: ImplementationSpecific
- # Used to create an Ingress record.
- # hosts:
- # - chart-example.local
- # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
- # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
- # extraPaths:
- # - path: /*
- # pathType: ImplementationSpecific
- # backend:
- # service:
- # name: ssl-redirect
- # port:
- # name: use-annotation
- # annotations:
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- # tls:
- # Secrets must be manually created in the namespace.
- # - secretName: chart-example-tls
- # hosts:
- # - chart-example.local
-
-resources: {}
- # limits:
- # cpu: "100m"
- # memory: "300Mi"
- # requests:
- # cpu: "100m"
- # memory: "300Mi"
-
-extraVolumes: []
- # - name: ca-bundle-cert
- # secret:
- # secretName: <secret-name>
-
-extraVolumeMounts: []
- # - mountPath: /etc/ssl/certs/
- # name: ca-bundle-cert
-
-# Additional containers to be added to the pod.
-extraContainers: []
- # - name: my-sidecar
- # image: nginx:latest
-
-priorityClassName: ""
-
-# Host aliases, useful when working "on premise" where (public) DNS resolver does not know about my hosts.
-hostAlias:
- enabled: false
- # ip: "10.xxx.xxx.xxx"
- # hostname: "auth.example.com"
-
-# [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
-# Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
-# topologySpreadConstraints: []
-
-# Affinity for pod assignment
-# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-# affinity: {}
-
-# Tolerations for pod assignment
-# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-tolerations: []
-
-# Node labels for pod assignment
-# Ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
-
-# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
-proxyVarsAsSecrets: true
-
-# Configure Kubernetes liveness and readiness probes.
-# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
-# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
-livenessProbe:
- enabled: true
- initialDelaySeconds: 0
- timeoutSeconds: 1
-
-readinessProbe:
- enabled: true
- initialDelaySeconds: 0
- timeoutSeconds: 5
- periodSeconds: 10
- successThreshold: 1
-
-# Configure Kubernetes security context for container
-# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-securityContext:
- enabled: false
- runAsNonRoot: true
- # allowPrivilegeEscalation: false
- # runAsUser: 2000
-
-deploymentAnnotations: {}
-podAnnotations: {}
-podLabels: {}
-replicaCount: 1
-revisionHistoryLimit: 10
-
-## PodDisruptionBudget settings
-## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
-podDisruptionBudget:
- enabled: true
- minAvailable: 1
-
-# Configure Kubernetes security context for pod
-# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-podSecurityContext: {}
-
-# whether to use http or https
-httpScheme: http
-
-# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption.
-# Alternatively supply an existing secret which contains the required information.
-htpasswdFile:
- enabled: false
- existingSecret: ""
- entries: {}
- # One row for each user
- # example:
- # entries:
- # - testuser:$2y$05$gY6dgXqjuzFhwdhsiFe7seM9q9Tile4Y3E.CBpAZJffkeiLaC21Gy
-
-# Configure the session storage type, between cookie and redis
-sessionStorage:
- # Can be one of the supported session storage cookie|redis
- type: cookie
- redis:
- # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
- existingSecret: ""
- # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
- password: ""
- # Key of the Kubernetes secret data containing the redis password value
- passwordKey: "redis-password"
- # Can be one of standalone|cluster|sentinel
- clientType: "standalone"
- standalone:
- # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
- connectionUrl: ""
- cluster:
- # List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
- connectionUrls: []
- sentinel:
- # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
- existingSecret: ""
- # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
- password: ""
- # Key of the Kubernetes secret data containing the redis sentinel password value
- passwordKey: "redis-sentinel-password"
- # Redis sentinel master name
- masterName: ""
- # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
- connectionUrls: []
-
-# Enables and configure the automatic deployment of the redis subchart
-redis:
- # provision an instance of the redis sub-chart
- enabled: false
- # Redis specific helm chart settings, please see:
- # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
- # redisPort: 6379
- # cluster:
- # enabled: false
- # slaveCount: 1
-
-# Enables apiVersion deprecation checks
-checkDeprecation: true
-
-metrics:
- # Enable Prometheus metrics endpoint
- enabled: true
- # Serve Prometheus metrics on this port
- port: 44180
- # when service.type is NodePort ...
- # nodePort: 44180
- # Protocol set on the service for the metrics port
- service:
- appProtocol: http
- servicemonitor:
- # Enable Prometheus Operator ServiceMonitor
- enabled: false
- # Define the namespace where to deploy the ServiceMonitor resource
- namespace: ""
- # Prometheus Instance definition
- prometheusInstance: default
- # Prometheus scrape interval
- interval: 60s
- # Prometheus scrape timeout
- scrapeTimeout: 30s
- # Add custom labels to the ServiceMonitor resource
- labels: {}
-
-# Extra K8s manifests to deploy
-extraObjects: []
- # - apiVersion: secrets-store.csi.x-k8s.io/v1
- # kind: SecretProviderClass
- # metadata:
- # name: oauth2-proxy-secrets-store
- # spec:
- # provider: aws
- # parameters:
- # objects: |
- # - objectName: "oauth2-proxy"
- # objectType: "secretsmanager"
- # jmesPath:
- # - path: "client_id"
- # objectAlias: "client-id"
- # - path: "client_secret"
- # objectAlias: "client-secret"
- # - path: "cookie_secret"
- # objectAlias: "cookie-secret"
- # secretObjects:
- # - data:
- # - key: client-id
- # objectName: client-id
- # - key: client-secret
- # objectName: client-secret
- # - key: cookie-secret
- # objectName: cookie-secret
- # secretName: oauth2-proxy-secrets-store
- # type: Opaque
diff --git a/kubernetes/platform/components/oauth2-proxy/values.yaml b/kubernetes/platform/components/oauth2-proxy/values.yaml
deleted file mode 100644
index 81a9986d3d..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/values.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-onap-oauth2-proxy:
- # Oauth client configuration specifics
- config:
- cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA="
- configFile: |-
- email_domains = [ "*" ] # Restrict to these E-Mail Domains, a wildcard "*" allows any email
-
- alphaConfig:
- enabled: true
- configData:
- providers:
- - clientID: "oauth2-proxy"
- clientSecret: "5YSOkJz99WHv8enDZPknzJuGqVSerELp"
- id: oidc-istio
- provider: oidc # We use the generic 'oidc' provider
- loginURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/auth
- #redeemURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/token
- redeemURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/token
- profileURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
- validateURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
- scope: "openid email profile groups"
- #allowedGroups:
- # - admins # List all groups managed at our your IdP which should be allowed access
- # - infrateam
- # - anothergroup
- oidcConfig:
- emailClaim: email # Name of the clain in JWT containing the E-Mail
- groupsClaim: groups # Name of the claim in JWT containing the Groups
- userIDClaim: email # Name of the claim in JWT containing the User ID
- audienceClaims: ["aud"]
- insecureAllowUnverifiedEmail: true
- insecureSkipIssuerVerification: true
- skipDiscovery: true # You can try using the well-knwon endpoint directly for auto discovery, here we won't use it
- issuerURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP
- jwksURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/certs
- upstreamConfig:
- upstreams:
- - id: static_200
- path: /
- static: true
- staticCode: 200
- # Headers that should be added to responses from the proxy
- injectResponseHeaders: # Send this headers in responses from oauth2-proxy
- - name: X-Auth-Request-Preferred-Username
- values:
- - claim: preferred_username
- - name: X-Auth-Request-Email
- values:
- - claim: email
-
- extraArgs:
- cookie-secure: "false"
- cookie-domain: ".simpledemo.onap.org" # Replace with your base domain
- cookie-samesite: lax
- cookie-expire: 12h # How long our Cookie is valid
- auth-logging: true # Enable / Disable auth logs
- request-logging: true # Enable / Disable request logs
- standard-logging: true # Enable / Disable the standart logs
- show-debug-on-error: true # Disable in production setups
- skip-provider-button: true # We only have one provider configured (Keycloak)
- silence-ping-logging: true # Keeps our logs clean
- whitelist-domain: ".simpledemo.onap.org" # Replace with your base domain
-
- # Enables and configure the automatic deployment of the redis subchart
- redis:
- # provision an instance of the redis sub-chart
- enabled: false
-
-
-serviceAccount:
- nameOverride: oauth2-proxy
- roles:
- - read
-
diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml
index 5cc7612473..95c98f6eb4 100644
--- a/kubernetes/platform/values.yaml
+++ b/kubernetes/platform/values.yaml
@@ -34,15 +34,11 @@ global:
# Control deployment of Platform services at ONAP installation time
chartmuseum:
- enabled: true
+ enabled: false
cmpv2-cert-provider:
enabled: true
oom-cert-service:
enabled: true
-keycloak-init:
- enabled: false
-oauth2-proxy:
- enabled: false
flavor: small
# default number of instances