feat(chart): Allow configuration of externalURL on values.yaml (#1011)

javirln · web-flow · commit d533f3cadb7e · 2024-06-21T12:59:22.000+02:00
Signed-off-by: Javier Rodriguez &lt;javier@chainloop.dev&gt;
diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml
@@ -7,7 +7,7 @@ description: Chainloop is an open source software supply chain control plane, a
 
 type: application
 # Bump the patch (not minor, not major) version on each change in the Chart Source code
-version: 1.66.0
+version: 1.66.1
 # Do not update appVersion, this is handled automatically by the release process
 appVersion: v0.92.3
 
diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md
@@ -525,6 +525,7 @@ chainloop config save \
 | `controlplane.auth.oidc.clientID`            | OIDC IDp clientID                                                                                      | `""`  |
 | `controlplane.auth.oidc.clientSecret`        | OIDC IDp clientSecret                                                                                  | `""`  |
 | `controlplane.auth.oidc.loginURLOverride`    | Optional OIDC login URL override, useful to point to custom login pages                                |       |
+| `controlplane.auth.oidc.externalURL`         | Optional External URL for the controlplane to the outside world                                        |       |
 | `controlplane.auth.allowList.rules`          | List of domains or emails to allow                                                                     |       |
 | `controlplane.auth.allowList.selectedRoutes` | List of selected routes to allow. If not set it applies to all routes                                  |       |
 | `controlplane.auth.allowList.customMessage`  | Custom message to display when a user is not allowed                                                   |       |
diff --git a/deployment/chainloop/templates/_helpers.tpl b/deployment/chainloop/templates/_helpers.tpl
@@ -284,7 +284,9 @@ NOTE: Load balancer service type is not supported
 {{- $service := .Values.controlplane.service }}
 {{- $ingress := .Values.controlplane.ingress }}
 
-{{- if (and $ingress $ingress.enabled $ingress.hostname) }}
+{{- if .Values.controlplane.auth.oidc.externalURL }}
+{{- .Values.controlplane.auth.oidc.externalURL }}
+{{- else if (and $ingress $ingress.enabled $ingress.hostname) }}
 {{- printf "%s://%s" (ternary "https" "http" $ingress.tls ) $ingress.hostname }}
 {{- else if (and (eq $service.type "NodePort") $service.nodePorts (not (empty $service.nodePorts.http))) }}
 {{- printf "http://localhost:%s" $service.nodePorts.http }}
diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml
@@ -184,11 +184,13 @@ controlplane:
     ## @param controlplane.auth.oidc.clientID OIDC IDp clientID
     ## @param controlplane.auth.oidc.clientSecret OIDC IDp clientSecret
     ## @extra controlplane.auth.oidc.loginURLOverride Optional OIDC login URL override, useful to point to custom login pages
+    ## @extra controlplane.auth.oidc.externalURL Optional External URL for the controlplane to the outside world
     oidc:
       url: ""
       clientID: ""
       clientSecret: ""
       # loginURLOverride: ""
+      # externalURL: ""
 
     ## @extra controlplane.auth.allowList.rules List of domains or emails to allow
     ## @extra controlplane.auth.allowList.selectedRoutes List of selected routes to allow. If not set it applies to all routes
