deploy/charts/kube-oidc-proxy: expose all kube-oidc-flags with values.yaml

Signed-off-by: Martin Hrabovcin <[email protected]>

Author: mhrabovcin

README.md

@@ -36,7 +36,7 @@ flow](https://storage.googleapis.com/kube-oidc-proxy/diagram-d9623e38a6cd3b585b4
 ## Tutorial
 
 Directions on how to deploy OIDC authentication with multi-cluster can be found
-[here.](./demo/README.md)
+[here.](./demo/README.md) or there is a [helm chart](./deploy/charts/kube-oidc-proxy/README.md).
 
 ### Quickstart
 

charts/kube-oidc-proxy/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "v0.1.1"
+description: A Helm chart for kube-oidc-proxy
+home: https://github.com/jetstack/kube-oidc-proxy
+name: kube-oidc-proxy
+version: 0.1.0
+maintainers:
+- name: mhrabovcin

charts/kube-oidc-proxy/LICENSE

@@ -14,7 +14,13 @@ oidc:
   clientId: my-client
   issuerUrl: https://accounts.google.com
   usernameClaim: email
-  # Provide base64 encoded value of CA cert
+```
+
+When a custom root CA certificate is required it should be added as PEM encoded
+text value:
+
+```yaml
+oidc:
   caPEM: |
     -----BEGIN CERTIFICATE-----
     MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
@@ -65,4 +71,3 @@ service.
 tls:
   secretName: my-tls-secret-with-key-and-cert
 ```
-

charts/kube-oidc-proxy/templates/secret_config.yaml

@@ -43,3 +43,16 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
+
+{{/*
+Required claims serialized to CLI argument
+*/}}
+{{- define "requiredClaims" -}}
+{{- if .Values.oidc.requiredClaims -}}
+{{- $local := (list) -}}
+{{- range $k, $v := .Values.oidc.requiredClaims -}}
+{{- $local = (printf "%s=%s" $k $v | append $local) -}}
+{{- end -}}
+{{ join "," $local }}
+{{- end -}}
+{{- end -}}