Merge branch 'main' into feat/add-envfrom

Author: pierluigilenoci

helm/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.4.3
+version: 7.5.2
 apiVersion: v2
 appVersion: 7.6.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

helm/oauth2-proxy/scripts/check-redis.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+RETRY_INTERVAL=5  # Interval between retries in seconds
+elapsed=0  # Elapsed time
+
+check_redis() {
+    host=$1
+    port=$2
+    while [ $elapsed -lt $TOTAL_RETRY_TIME ]; do
+        echo "Checking Redis at $host:$port... Elapsed time: ${elapsed}s"
+        if nc -z -w1 $TIMEOUT $host $port > /dev/null 2>&1; then
+            echo "Redis is up at $host:$port!"
+            return 0
+        else
+            echo "Redis is down at $host:$port. Retrying in $RETRY_INTERVAL seconds."
+            sleep $RETRY_INTERVAL
+            elapsed=$((elapsed + RETRY_INTERVAL))
+        fi
+    done
+    echo "Failed to connect to Redis at $host:$port after $TOTAL_RETRY_TIME seconds."
+    return 1
+}
+
+# For parsing and checking connections
+parse_and_check() {
+    url=$1
+    clean_url=${url#redis://}
+    host=$(echo $clean_url | cut -d':' -f1)
+    port=$(echo $clean_url | cut -d':' -f2)
+    check_redis $host $port
+}
+
+# Main
+if [ "$OAUTH2_PROXY_REDIS_USE_CLUSTER" = "true" ]; then
+    echo "Checking Redis in cluster mode..."
+    echo "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ "$OAUTH2_PROXY_REDIS_USE_SENTINEL" = "true" ]; then
+    echo "Checking Redis in sentinel mode..."
+    echo "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ -n "$OAUTH2_PROXY_REDIS_CONNECTION_URL" ]; then
+    echo "Checking standalone Redis..."
+    parse_and_check "$OAUTH2_PROXY_REDIS_CONNECTION_URL" || exit 1
+else
+    echo "Redis configuration not specified."
+    exit 1
+fi
+
+echo "Redis check completed."

helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  check-redis.sh: |
+{{ .Files.Get "scripts/check-redis.sh" | indent 4 }}
+{{- end }}

helm/oauth2-proxy/templates/deployment.yaml

@@ -62,20 +62,32 @@ spec:
       {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
       initContainers:
       - name: wait-for-redis
-        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ include "kubectl.version" . }}"
+        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}"
         imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }}
-        args:
-          - wait
-          - pod/{{ include "oauth2-proxy.redis.fullname" . }}-master-0
-          - --for=condition=ready
-          - --timeout={{ .Values.initContainers.waitForRedis.timeout }}s
+        command: ["/bin/sh", "-c", "/scripts/check-redis.sh"]    
+        env:
+        - name: TOTAL_RETRY_TIME
+          value: "{{ .Values.initContainers.waitForRedis.timeout }}"
+        {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+        - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+          value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+        - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+          value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+          value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }}
+        {{- end }}
       {{- if .Values.initContainers.waitForRedis.securityContext.enabled }}
       {{- $securityContext := unset .Values.initContainers.waitForRedis.securityContext "enabled" }}
         securityContext:
           {{- toYaml $securityContext | nindent 10 }}
       {{- end }}
         resources:
           {{- toYaml .Values.initContainers.waitForRedis.resources | nindent 10 }}
+        volumeMounts:
+        - name: redis-script
+          mountPath: /scripts
       {{- end }}
       {{- if .Values.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
@@ -323,7 +335,12 @@ spec:
           secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
 {{- end }}
 {{- end }}
-
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+      - name: redis-script
+        configMap:
+          name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+          defaultMode: 0775
+{{- end }}
 {{- if or .Values.config.existingConfig .Values.config.configFile }}
       - configMap:
           defaultMode: 420

helm/oauth2-proxy/templates/servicemonitor.yaml

@@ -44,7 +44,7 @@ spec:
     {{- end }}
     {{- with .Values.metrics.serviceMonitor.tlsConfig }}
     tlsConfig:
-      {{- toYaml .| nindent 4 }}
+      {{- toYaml .| nindent 6 }}
     {{- end }}
     {{- with .Values.metrics.serviceMonitor.metricRelabelings }}
     metricRelabelings:

helm/oauth2-proxy/values.yaml

@@ -292,7 +292,8 @@ initContainers:
   waitForRedis:
     enabled: true
     image:
-      repository: "docker.io/bitnami/kubectl"
+      repository: "alpine"
+      tag: "latest"
       pullPolicy: "IfNotPresent"
     # uses the kubernetes version of the cluster
     # the chart is deployed on, if not set