diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml index efdda9e9..6e4889f7 100644 --- a/helm/oauth2-proxy/Chart.yaml +++ b/helm/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 10.4.2 +version: 10.5.0 apiVersion: v2 appVersion: 7.15.1 home: https://oauth2-proxy.github.io/oauth2-proxy/ @@ -30,8 +30,12 @@ maintainers: kubeVersion: ">=1.16.0-0" annotations: artifacthub.io/changes: | - - kind: changed - description: Bump OAuth2 Proxy image to v7.15.1 + - kind: added + description: > + Add deploymentLabels to allow setting deployment specific labels. + Add tpl support for ingress.labels, ingress.extraPaths and nodeSelector. This is a + behavior change: any values containing `{{ ... }}` will now be evaluated as templates. + To keep literal `{{` sequences, escape them (for example, use `{{"{{"}}`). links: - name: GitHub PR - url: https://github.com/oauth2-proxy/manifests/pull/403 + url: https://github.com/oauth2-proxy/manifests/pull/400 diff --git a/helm/oauth2-proxy/README.md b/helm/oauth2-proxy/README.md index 06238471..d983f8ef 100644 --- a/helm/oauth2-proxy/README.md +++ b/helm/oauth2-proxy/README.md @@ -190,6 +190,7 @@ The following table lists the configurable parameters of the oauth2-proxy chart | `config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON | `false` | | `containerPort` | used to customize port on the deployment | `""` | | `customLabels` | Custom labels to add into metadata | `{}` | +| `deploymentLabels` | labels to add to the deployment | `{}` | | `deploymentAnnotations` | annotations to add to the deployment | `{}` | | `enableServiceLinks` | configure deployment enableServiceLinks | `true` | | `extraArgs` | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows the same flag to be configured multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]` | diff --git a/helm/oauth2-proxy/ci/tpl-values.yaml b/helm/oauth2-proxy/ci/tpl-values.yaml index 0e98ad60..18e654a8 100644 --- a/helm/oauth2-proxy/ci/tpl-values.yaml +++ b/helm/oauth2-proxy/ci/tpl-values.yaml @@ -13,6 +13,16 @@ ingress: - "{{ $.Release.Name }}.local" annotations: test-annotations/test: "{{ $.Release.Name }}" + labels: + test-annotations/test: "{{ $.Release.Name }}" + extraPaths: + - path: /ping + pathType: Prefix + backend: + service: + name: '{{ include "oauth2-proxy.fullname" $ }}' + port: + name: '{{ $.Values.httpScheme }}' oauth2-proxy: checkDeprecation: false config: @@ -47,6 +57,9 @@ config: test-annotations/test: "{{ $.Release.Name }}" cookieName: '{{ $.Release.Name }}' +deploymentLabels: + test-deployment-label/test: "{{ $.Release.Name }}" + deploymentAnnotations: test-annotations/test: "{{ $.Release.Name }}" @@ -72,3 +85,7 @@ serviceMonitor: customLabels: test-labels/test: "{{ $.Release.Name }}" + +nodeOS: linux +nodeSelector: + kubernetes.io/os: "{{ .Values.nodeOS }}" diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml index 4ce265cd..6d12c5af 100644 --- a/helm/oauth2-proxy/templates/deployment.yaml +++ b/helm/oauth2-proxy/templates/deployment.yaml @@ -6,6 +6,9 @@ metadata: labels: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} + {{- with .Values.deploymentLabels }} +{{ tpl ( toYaml . ) $ | indent 4 }} + {{- end }} {{- with .Values.deploymentAnnotations }} annotations: {{ tpl ( toYaml . ) $ | indent 4 }} @@ -415,7 +418,7 @@ spec: {{- end }} {{- with .Values.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: diff --git a/helm/oauth2-proxy/templates/ingress.yaml b/helm/oauth2-proxy/templates/ingress.yaml index 8cc7953e..b31e1e78 100644 --- a/helm/oauth2-proxy/templates/ingress.yaml +++ b/helm/oauth2-proxy/templates/ingress.yaml @@ -11,7 +11,7 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} {{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} +{{- tpl (toYaml .Values.ingress.labels) $ | nindent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }} namespace: {{ template "oauth2-proxy.namespace" $ }} @@ -29,7 +29,7 @@ spec: http: paths: {{- if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} +{{- tpl (toYaml $extraPaths) $ | nindent 10 }} {{- end }} - path: {{ $ingressPath }} {{- if eq "true" ( include "ingress.supportsPathType" $ ) }} diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml index dd2f6592..d6ac241c 100644 --- a/helm/oauth2-proxy/values.yaml +++ b/helm/oauth2-proxy/values.yaml @@ -475,6 +475,7 @@ securityContext: seccompProfile: type: RuntimeDefault +deploymentLabels: {} deploymentAnnotations: {} podAnnotations: {} podLabels: {}