Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-28 15:37:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/oauth2-proxy] add useApplicationDefaultCredentials google (#30309)

Browse Source 
* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google

Signed-off-by: claudio_viera <cl_fran_vm@hotmail.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google

Signed-off-by: claudio_viera <cl_fran_vm@hotmail.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: claudio_viera <cl_fran_vm@hotmail.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Claudio F. Viera M.
2024-11-28 12:40:12 -03:00
committed by GitHub
parent 7409ca4c21
commit 5ee114cbf8
5 changed files with 38 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bitnami/oauth2-proxy/CHANGELOG.md
View File

@@ -1,8 +1,14 @@
# Changelog
## 6.0.6 (2024-11-07)
## 6.1.0 (2024-11-26)
* [bitnami/oauth2-proxy] Release 6.0.6 ([#30288](https://github.com/bitnami/charts/pull/30288))
* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google ([#30309](https://github.com/bitnami/charts/pull/30309))
## <small>6.0.6 (2024-11-07)</small>
* [bitnami/*] Remove wrong comment about imagePullPolicy (#30107) ([a51f9e4](https://github.com/bitnami/charts/commit/a51f9e4bb0fbf77199512d35de7ac8abe055d026)), closes [#30107](https://github.com/bitnami/charts/issues/30107)
* [bitnami/oauth2-proxy] Release 6.0.6 (#30288) ([763b6aa](https://github.com/bitnami/charts/commit/763b6aad5acfa854f0e62dfdb026ef78e2803f57)), closes [#30288](https://github.com/bitnami/charts/issues/30288)
* Update documentation links to techdocs.broadcom.com (#29931) ([f0d9ad7](https://github.com/bitnami/charts/commit/f0d9ad78f39f633d275fc576d32eae78ded4d0b8)), closes [#29931](https://github.com/bitnami/charts/issues/29931)
## <small>6.0.5 (2024-10-08)</small>

2
bitnami/oauth2-proxy/Chart.yaml
View File

@@ -35,4 +35,4 @@ maintainers:
name: oauth2-proxy
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/oauth2-proxy
version: 6.0.6
version: 6.1.0

45
bitnami/oauth2-proxy/README.md
View File

@@ -209,28 +209,29 @@ The [Bitnami OAuth2 Proxy](https://github.com/bitnami/containers/tree/main/bitna
### OAuth2 Proxy configuration parameters
| Name | Description | Value |
| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------ |
| `configuration.clientID` | OAuth client ID | `XXXXXXX` |
| `configuration.clientSecret` | OAuth client secret | `XXXXXXXX` |
| `configuration.cookieSecret` | OAuth cookie secret | `XXXXXXXXXXXXXXXX` |
| `configuration.existingSecret` | Secret with the client ID, secret and cookie secret | `""` |
| `configuration.google.enabled` | Enable Google service account | `false` |
| `configuration.google.adminEmail` | Google admin email | `""` |
| `configuration.google.groups` | Restrict logins to members of these google groups | `[]` |
| `configuration.google.serviceAccountJson` | Google Service account JSON | `""` |
| `configuration.google.existingSecret` | Existing secret containing Google Service Account | `""` |
| `configuration.content` | Default configuration | `""` |
| `configuration.existingConfigmap` | Configmap with the OAuth2 Proxy configuration | `""` |
| `configuration.authenticatedEmailsFile.enabled` | Enable authenticated emails file | `false` |
| `configuration.authenticatedEmailsFile.content` | Restricted access list (one email per line) | `""` |
| `configuration.authenticatedEmailsFile.existingSecret` | Secret with the authenticated emails file | `""` |
| `configuration.htpasswdFile.enabled` | Enable htpasswd file | `false` |
| `configuration.htpasswdFile.existingSecret` | Existing secret for htpasswd file | `""` |
| `configuration.htpasswdFile.content` | htpasswd file entries (one row per user) | `""` |
| `configuration.oidcIssuerUrl` | OpenID Connect issuer URL | `""` |
| `configuration.redirectUrl` | OAuth Redirect URL | `""` |
| `configuration.whiteList` | Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains | `""` |
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------ |
| `configuration.clientID` | OAuth client ID | `XXXXXXX` |
| `configuration.clientSecret` | OAuth client secret | `XXXXXXXX` |
| `configuration.cookieSecret` | OAuth cookie secret | `XXXXXXXXXXXXXXXX` |
| `configuration.existingSecret` | Secret with the client ID, secret and cookie secret | `""` |
| `configuration.google.enabled` | Enable Google service account | `false` |
| `configuration.google.useApplicationDefaultCredentials` | Use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON | `false` |
| `configuration.google.adminEmail` | Google admin email | `""` |
| `configuration.google.groups` | Restrict logins to members of these google groups | `[]` |
| `configuration.google.serviceAccountJson` | Google Service account JSON | `""` |
| `configuration.google.existingSecret` | Existing secret containing Google Service Account | `""` |
| `configuration.content` | Default configuration | `""` |
| `configuration.existingConfigmap` | Configmap with the OAuth2 Proxy configuration | `""` |
| `configuration.authenticatedEmailsFile.enabled` | Enable authenticated emails file | `false` |
| `configuration.authenticatedEmailsFile.content` | Restricted access list (one email per line) | `""` |
| `configuration.authenticatedEmailsFile.existingSecret` | Secret with the authenticated emails file | `""` |
| `configuration.htpasswdFile.enabled` | Enable htpasswd file | `false` |
| `configuration.htpasswdFile.existingSecret` | Existing secret for htpasswd file | `""` |
| `configuration.htpasswdFile.content` | htpasswd file entries (one row per user) | `""` |
| `configuration.oidcIssuerUrl` | OpenID Connect issuer URL | `""` |
| `configuration.redirectUrl` | OAuth Redirect URL | `""` |
| `configuration.whiteList` | Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains | `""` |
### OAuth2 Proxy deployment parameters

4
bitnami/oauth2-proxy/templates/deployment.yaml
View File

@@ -99,7 +99,11 @@ spec:
{{- end }}
{{- if .Values.configuration.google.enabled }}
- --google-admin-email={{ .Values.configuration.google.adminEmail }}
{{- if .Values.configuration.google.useApplicationDefaultCredentials }}
- --google-use-application-default-credentials=true
{{- else }}
- --google-service-account-json=/bitnami/oauth2-proxy/conf/google/service-account.json
{{- end }}
{{- if .Values.configuration.google.groups }}
{{- range $group := .Values.configuration.google.groups }}
- --google-group={{ $group }}

2
bitnami/oauth2-proxy/values.yaml
View File

@@ -352,6 +352,7 @@ configuration:
## Alternatively, use an existing secret (see secret-google.yaml for required fields)
##
## @param configuration.google.enabled Enable Google service account
## @param configuration.google.useApplicationDefaultCredentials Use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON
## @param configuration.google.adminEmail Google admin email
## @param configuration.google.groups Restrict logins to members of these google groups
## @param configuration.google.serviceAccountJson Google Service account JSON
@@ -359,6 +360,7 @@ configuration:
##
google:
enabled: false
useApplicationDefaultCredentials: false
adminEmail: ""
groups: []
serviceAccountJson: ""