Update oauth2-proxy to 7.1.3 & set default redis url if no one is defined in standalone mode (#29)

desaintmartin · web-flow · commit ec6b37d65d76 · 2021-05-28T07:40:33.000+02:00
* Update oauth2-proxy to 7.1.3.

* Generate redis URL if not set.

One should not have to specify the redis url from a subchart.
diff --git a/helm/oauth2-proxy/Chart.lock b/helm/oauth2-proxy/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 10.6.19
+digest: sha256:9967a7f9f35d93e0c3ac69e4cfbea4ea8d38cfd12a7ad416dd81256800eb040f
+generated: "2021-05-14T12:07:28.273068+02:00"
diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
@@ -1,7 +1,7 @@
 name: oauth2-proxy
-version: 3.2.13
+version: 3.3.0
 apiVersion: v2
-appVersion: 5.1.0
+appVersion: 7.1.3
 home: https://oauth2-proxy.github.io/oauth2-proxy/
 description: A reverse proxy that provides authentication with Google, Github or other providers
 keywords:
diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md
@@ -83,8 +83,8 @@ Parameter | Description | Default
 `htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
 `httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
 `image.pullPolicy` | Image pull policy | `IfNotPresent`
-`image.repository` | Image repository | `quay.io/pusher/oauth2_proxy`
-`image.tag` | Image tag | `v5.1.0`
+`image.repository` | Image repository | `quay.io/oauth2-proxy/oauth2-proxy`
+`image.tag` | Image tag | `v7.1.3`
 `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
 `ingress.enabled` | Enable Ingress | `false`
 `ingress.path` | Ingress accepted path | `/`
@@ -125,7 +125,7 @@ Parameter | Description | Default
 `sessionStorage.redis.existingSecret` | existing Kubernetes secret to use for redis-password and redis-sentinel-password | `""`
 `sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations | `nil`
 `sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone`
-`sessionStorage.redis.standalone.connectionUrl` | URL of redis standalone server for redis session storage (e.g. redis://HOST[:PORT]) | `nil`
+`sessionStorage.redis.standalone.connectionUrl` | URL of redis standalone server for redis session storage (e.g. redis://HOST[:PORT]). Automatically generated if not set. | `""`
 `sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g. redis://HOST[:PORT]) | `[]`
 `sessionStorage.redis.sentinel.password` | Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password` | `nil`
 `sessionStorage.redis.sentinel.masterName` | Redis sentinel master name | `nil`
diff --git a/helm/oauth2-proxy/ci/redis-standalone-values.yaml b/helm/oauth2-proxy/ci/redis-standalone-values.yaml
@@ -2,8 +2,8 @@ sessionStorage:
   type: redis
   redis:
     clientType: "standalone"
-    standalone:
-      connectionUrl: "redis://oauth2-proxy-redis-master:6379"
+    password: "foo"
 redis:
   # provision an instance of the redis sub-chart
   enabled: true
+  password: "foo"
diff --git a/helm/oauth2-proxy/templates/_helpers.tpl b/helm/oauth2-proxy/templates/_helpers.tpl
@@ -52,3 +52,12 @@ Create the name of the service account to use
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+
+
+{{- define "oauth2-proxy.redisStandaloneUrl" -}}
+{{- if .Values.sessionStorage.redis.standalone.connectionUrl -}}
+{{ .Values.sessionStorage.redis.standalone.connectionUrl }}
+{{- else -}}
+{{- printf "redis://%s-redis-master:6379" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
+{{- end -}}
diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
@@ -107,7 +107,7 @@ spec:
         {{- end }}
         {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
         - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
-          value: {{ .Values.sessionStorage.redis.standalone.connectionUrl }}
+          value: {{ include "oauth2-proxy.redisStandaloneUrl" . }}
         {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
         - name: OAUTH2_PROXY_REDIS_USE_CLUSTER
           value: "true"
diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
@@ -9,7 +9,7 @@ config:
   # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
   # Example:
   # existingSecret: secret
-  cookieSecret: "XXXXXXXXXX"
+  cookieSecret: "XXXXXXXXXXXXXXXX"
   # The name of the cookie that oauth2-proxy will create
   # If left empty, it will default to the release name
   cookieName: ""
@@ -32,8 +32,8 @@ config:
   # existingConfig: config
 
 image:
-  repository: "quay.io/pusher/oauth2_proxy"
-  tag: "v5.1.0"
+  repository: "quay.io/oauth2-proxy/oauth2-proxy"
+  tag: "v7.1.3"
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -201,6 +201,7 @@ sessionStorage:
     # Can be one of sentinel/cluster/standalone
     clientType: "standalone"
     standalone:
+      # If empty and sessionStorage type is redis, will automatically be generated.
       connectionUrl: ""
     cluster:
       # connectionUrls: ["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]
