allowing for multiple existingSecrets for vouch and change all parameters to camelCase #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You can now specify a seperate secret for both oauth and vouch domains/emails. Both use specific keys in the secret instead of overwriting the entire vouch config, though you can still do that too, though the parameter for that has changed from
config.existingSecretName
toconfig.overrideConfigExistingSecretName
. More details below:Using Existing Kubernetes Secrets for Private Info
Existing Secret for the Oauth config
In your values.yaml specify the name of the of the secret and then the names of the keys that will store the sensitive info:
Example secret:
Existing Secret for vouch allowed domains and allowed emails
In your values.yaml specify the name of the of the secret and then the names of the keys that will store the sensitive info:
Make sure that
config.vouch.secretKeys.domains
andconfig.vouch.secretKeys.whiteList
are both comma seperated lists.Example secret:
Overriding the entire
config.yaml
for vouch-proxyYou can configure your
values.yml
for vouch to use an existing Kubernetes Secret for it's ENTIRE config file.Example
values.yaml
:Example of setting an existing Secret via the helm cli:
helm install vouch/vouch vouch --set existingSecretName=vouch-existing-secret
Here's a Kubernetes Secret containing a Vouch config that uses keycloak as the OIDC provider: