use redis secret from subchart (#90)

Signed-off-by: Nico Braun <[email protected]>

Author: bluebrown

helm/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 6.1.2
+version: 6.2.0
 apiVersion: v2
 appVersion: 7.2.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

helm/oauth2-proxy/README.md

@@ -167,7 +167,7 @@ Parameter | Description | Default
 `proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
 `sessionStorage.type` | Session storage type which can be one of the following: cookie or redis | `cookie`
 `sessionStorage.redis.existingSecret` | existing Kubernetes secret to use for redis-password and redis-sentinel-password | `""`
-`sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations | `nil`
+`sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations. Taken from redis subchart secret if not set. sessionStorage.redis.existingSecret takes precedence | `nil`
 `sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone`
 `sessionStorage.redis.standalone.connectionUrl` | URL of redis standalone server for redis session storage (e.g. redis://HOST[:PORT]). Automatically generated if not set. | `""`
 `sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]) | `[]`

helm/oauth2-proxy/templates/deployment.yaml

@@ -112,11 +112,17 @@ spec:
         {{- if eq (default "cookie" .Values.sessionStorage.type) "redis" }}
         - name: OAUTH2_PROXY_SESSION_STORE_TYPE
           value: "redis"
-        {{- if or .Values.sessionStorage.redis.password .Values.sessionStorage.redis.existingSecret }}
+         {{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth).enabled )}}
         - name: OAUTH2_PROXY_REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ if .Values.sessionStorage.redis.existingSecret }} {{ .Values.sessionStorage.redis.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-redis-access{{ end }}
+              {{- if .Values.sessionStorage.redis.existingSecret }}
+              name: {{ .Values.sessionStorage.redis.existingSecret }}
+              {{- else if .Values.sessionStorage.redis.password }}
+              name: {{ template "oauth2-proxy.fullname" . }}-redis-access
+              {{- else }}
+              name: {{ include "oauth2-proxy.redis.fullname" . }}
+              {{- end }}
               key: redis-password
         {{- end }}
         {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}

helm/oauth2-proxy/templates/redis-secret.yaml

@@ -1,13 +1,22 @@
-{{- if and (eq .Values.sessionStorage.type "redis") (not .Values.sessionStorage.redis.existingSecret) }}
+{{- $name := include "oauth2-proxy.name" .  -}}
+{{- $fullName := include "oauth2-proxy.fullname" .  -}}
+{{- $labels := include "oauth2-proxy.labels" . -}}
+{{- with .Values.sessionStorage }}
+{{- if and (eq .type "redis") (not .redis.existingSecret) (or .redis.password .redis.sentinel.password) }}
 apiVersion: v1
 kind: Secret
 metadata:
   labels:
-    app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
-  name: {{ template "oauth2-proxy.fullname" . }}-redis-access
+    app: {{ $name }}
+    {{- $labels | indent 4 }}
+  name: {{ $fullName }}-redis-access
 type: Opaque
 data:
-  redis-password: {{ .Values.sessionStorage.redis.password | b64enc | quote }}
-  redis-sentinel-password: {{ .Values.sessionStorage.redis.sentinel.password | b64enc | quote }}
-{{- end -}}
+  {{- with .redis.password }}
+  redis-password: {{ . | b64enc | quote }}
+  {{- end }}
+  {{- with .redis.sentinel.password }}
+  redis-sentinel-password: {{ . | b64enc | quote }}
+  {{- end }}
+{{- end }}
+{{- end }}