From 8692a97835afefe9c1e0fe360cfaadc1910ef2f9 Mon Sep 17 00:00:00 2001 From: Nico Braun Date: Sun, 27 Feb 2022 02:20:58 +0100 Subject: [PATCH 01/12] add init container to block until read is ready Signed-off-by: Nico Braun --- helm/oauth2-proxy/README.md | 2 + helm/oauth2-proxy/templates/deployment.yaml | 15 ++++++ .../templates/serviceaccount.yaml | 48 +++++++++++++++++-- helm/oauth2-proxy/values.yaml | 11 +++++ 4 files changed, 73 insertions(+), 3 deletions(-) diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md index 574e034919..fa944824ee 100644 --- a/helm/oauth2-proxy/README.md +++ b/helm/oauth2-proxy/README.md @@ -153,6 +153,8 @@ Parameter | Description | Default `readinessProbe.successThreshold` | number of successes | 1 `replicaCount` | desired number of pods | `1` `resources` | pod resource requests & limits | `{}` +`initContainers.waitForRedis.enabled` | if `redis.enabled` is true, use an init container to wait for the redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list and watch the redis master pod | `true` +`initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor` `service.portNumber` | port number for the service | `80` `service.type` | type of service | `ClusterIP` `service.clusterIP` | cluster ip address | `nil` diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml index d5dc2a514d..0ffba064fa 100644 --- a/helm/oauth2-proxy/templates/deployment.yaml +++ b/helm/oauth2-proxy/templates/deployment.yaml @@ -49,6 +49,21 @@ spec: hostnames: - {{ .Values.hostAlias.hostname }} {{- end }} + initContainers: + {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} + - name: wait-for-redis + image: "docker.io/bitnami/kubectl:{{ default (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) .Values.initContainers.waitForRedis.kubectlVersion }}" + args: + - wait + - pod/{{ include "oauth2-proxy.redis.fullname" . }}-master-0 + - --for=condition=ready + - --timeout=180s + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/helm/oauth2-proxy/templates/serviceaccount.yaml b/helm/oauth2-proxy/templates/serviceaccount.yaml index 99ec7e7387..ff02c4dfa4 100644 --- a/helm/oauth2-proxy/templates/serviceaccount.yaml +++ b/helm/oauth2-proxy/templates/serviceaccount.yaml @@ -1,4 +1,9 @@ {{- if or .Values.serviceAccount.enabled -}} +{{- $fullName := include "oauth2-proxy.fullname" . -}} +{{- $saName := include "oauth2-proxy.serviceAccountName" . -}} +{{- $name := include "oauth2-proxy.name" . -}} +{{- $labels := include "oauth2-proxy.labels" . -}} +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -7,7 +12,44 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} labels: - app: {{ template "oauth2-proxy.name" . }} -{{- include "oauth2-proxy.labels" . | indent 4 }} - name: {{ template "oauth2-proxy.serviceAccountName" . }} + app: {{ $name }} + {{- $labels | nindent 4 }} + name: {{ $saName }} +{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $fullName }}-watch-redis + labels: + app: {{ $name }} + {{- $labels | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + resourceNames: + - "{{ include "oauth2-proxy.redis.fullname" . }}-master-0" + verbs: + - get + - list + - watch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $saName }}-watch-redis + labels: + app: {{ $name }} + {{- $labels | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ $saName }} + apiGroup: "" +roleRef: + kind: Role + name: {{ $fullName }}-watch-redis + apiGroup: "" +{{- end -}} {{- end -}} diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml index 6094917001..d88316546d 100644 --- a/helm/oauth2-proxy/values.yaml +++ b/helm/oauth2-proxy/values.yaml @@ -222,6 +222,17 @@ podSecurityContext: {} # whether to use http or https httpScheme: http +initContainers: + # if the redis sub-chart is enabled, wait for it to be ready + # before starting the proxy + # creates a role binding to get, list, watch, the redis master pod + # if service account is enabled + waitForRedis: + enabled: true + # uses the kubernetes version of the cluster + # the chart is deployed on, if not set + kubectlVersion: "" + # Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption. # Alternatively supply an existing secret which contains the required information. htpasswdFile: From a3eb32c208ab432d75bd8b860fc9874449ac7454 Mon Sep 17 00:00:00 2001 From: Nico Braun Date: Sun, 27 Feb 2022 02:34:57 +0100 Subject: [PATCH 02/12] bump chart version and add artifacthub.io/changes annotation Signed-off-by: Nico Braun --- helm/oauth2-proxy/Chart.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index dd08b0dcdf..924c9e5a13 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.2.0 +version: 6.3.0 apiVersion: v2 appVersion: 7.2.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ @@ -33,3 +33,12 @@ maintainers: email: pierluigi.lenoci@gmail.com engine: gotpl kubeVersion: ">=1.9.0-0" +annotations: + artifacthub.io/changes: | + - kind: added + description: optional init container to wait for redis subchart's master pod to be ready + links: + - name: Github Issue + url: https://github.com/oauth2-proxy/manifests/issues/91 + - name: Github PR + url: https://github.com/oauth2-proxy/manifests/pull/92 From 523855fb170690e33713060098dfe2fe6d1df044 Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Tue, 18 Oct 2022 18:02:41 +0200 Subject: [PATCH 03/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index b4db8a3954..f25cc187c5 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.3.0 +version: 6.3.1 apiVersion: v2 appVersion: 7.3.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From b5815f9754e80114cca88aef902dba795fca4702 Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Wed, 21 Dec 2022 11:07:10 +0100 Subject: [PATCH 04/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 963611d933..b71c3c5e87 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.6.2 +version: 6.6.3 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From 1d48893f5e5cf80d87169e915ca432b8a96b59ee Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Sun, 25 Dec 2022 01:14:33 +0100 Subject: [PATCH 05/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 1955e206ad..34e9659cf0 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.7.1 +version: 6.7.2 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From b7a0725725ca34611f4f2d428e06684eefe7b43e Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Tue, 27 Dec 2022 16:17:50 +0100 Subject: [PATCH 06/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 34e9659cf0..1d7c76758d 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.7.2 +version: 6.7.3 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From dfbe3463a1869648300df7f7abd1bd55f49c9a1b Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Tue, 27 Dec 2022 16:36:50 +0100 Subject: [PATCH 07/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 1d7c76758d..febfb5e7bf 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.7.3 +version: 6.7.4 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From 1eba8674adce3b28bd806c4cb7ae81213e838960 Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Thu, 1 Jun 2023 11:38:46 +0200 Subject: [PATCH 08/12] Update serviceaccount.yaml --- helm/oauth2-proxy/templates/serviceaccount.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/helm/oauth2-proxy/templates/serviceaccount.yaml b/helm/oauth2-proxy/templates/serviceaccount.yaml index 8245f2c90b..3be4a8ec28 100644 --- a/helm/oauth2-proxy/templates/serviceaccount.yaml +++ b/helm/oauth2-proxy/templates/serviceaccount.yaml @@ -2,6 +2,7 @@ {{- $fullName := include "oauth2-proxy.fullname" . -}} {{- $saName := include "oauth2-proxy.serviceAccountName" . -}} {{- $name := include "oauth2-proxy.name" . -}} +{{- $namespace := include "oauth2-proxy.namespace" $ -}} {{- $labels := include "oauth2-proxy.labels" . -}} --- apiVersion: v1 @@ -12,10 +13,10 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} labels: - app: {{ template "oauth2-proxy.name" . }} -{{- include "oauth2-proxy.labels" . | indent 4 }} - name: {{ template "oauth2-proxy.serviceAccountName" . }} - namespace: {{ template "oauth2-proxy.namespace" $ }} + app: {{ $name }} +{{- $labels | indent 4 }} + name: {{ $saName }} + namespace: {{ $namespace }} automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }} {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} --- From ba1f00bb8801237a3ad4dc22b4be2621f8ad858b Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Thu, 1 Jun 2023 11:40:26 +0200 Subject: [PATCH 09/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 44e77f5774..062a659281 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.12.1 +version: 6.13.0 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From 20d1c327c7a8496c4fbc0481a5bb71dea2edac36 Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Wed, 7 Jun 2023 11:34:49 +0200 Subject: [PATCH 10/12] Update Chart.yaml --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 062a659281..1a09858b2a 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.13.0 +version: 6.14.0 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From f5e27d51e90c3f7708e5c160f84fbb18a03b749f Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Mon, 10 Jul 2023 13:22:35 +0200 Subject: [PATCH 11/12] Chart bump --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 1a09858b2a..07ff3e542d 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.14.0 +version: 6.14.1 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ From 0a9c1e478a6a0172e25ffb6681e192569b986e4f Mon Sep 17 00:00:00 2001 From: Pierluigi Lenoci Date: Mon, 10 Jul 2023 13:25:52 +0200 Subject: [PATCH 12/12] Chart bump --- helm/oauth2-proxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index 07ff3e542d..8d622c480f 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 6.14.1 +version: 6.15.0 apiVersion: v2 appVersion: 7.4.0 home: https://oauth2-proxy.github.io/oauth2-proxy/