diff --git a/bitnami/oauth2-proxy/CHANGELOG.md b/bitnami/oauth2-proxy/CHANGELOG.md
index f46cc9a55a..68bc39b187 100644
--- a/bitnami/oauth2-proxy/CHANGELOG.md
+++ b/bitnami/oauth2-proxy/CHANGELOG.md
@@ -1,8 +1,14 @@
# Changelog
-## 6.0.6 (2024-11-07)
+## 6.1.0 (2024-11-26)
-* [bitnami/oauth2-proxy] Release 6.0.6 ([#30288](https://github.com/bitnami/charts/pull/30288))
+* [bitnami/oauth2-proxy] add useApplicationDefaultCredentials google ([#30309](https://github.com/bitnami/charts/pull/30309))
+
+## 6.0.6 (2024-11-07)
+
+* [bitnami/*] Remove wrong comment about imagePullPolicy (#30107) ([a51f9e4](https://github.com/bitnami/charts/commit/a51f9e4bb0fbf77199512d35de7ac8abe055d026)), closes [#30107](https://github.com/bitnami/charts/issues/30107)
+* [bitnami/oauth2-proxy] Release 6.0.6 (#30288) ([763b6aa](https://github.com/bitnami/charts/commit/763b6aad5acfa854f0e62dfdb026ef78e2803f57)), closes [#30288](https://github.com/bitnami/charts/issues/30288)
+* Update documentation links to techdocs.broadcom.com (#29931) ([f0d9ad7](https://github.com/bitnami/charts/commit/f0d9ad78f39f633d275fc576d32eae78ded4d0b8)), closes [#29931](https://github.com/bitnami/charts/issues/29931)
## 6.0.5 (2024-10-08)
diff --git a/bitnami/oauth2-proxy/Chart.yaml b/bitnami/oauth2-proxy/Chart.yaml
index d5624c37aa..7cbfe9ef9f 100644
--- a/bitnami/oauth2-proxy/Chart.yaml
+++ b/bitnami/oauth2-proxy/Chart.yaml
@@ -35,4 +35,4 @@ maintainers:
name: oauth2-proxy
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/oauth2-proxy
-version: 6.0.6
+version: 6.1.0
diff --git a/bitnami/oauth2-proxy/README.md b/bitnami/oauth2-proxy/README.md
index 30e054f385..11330df941 100644
--- a/bitnami/oauth2-proxy/README.md
+++ b/bitnami/oauth2-proxy/README.md
@@ -209,28 +209,29 @@ The [Bitnami OAuth2 Proxy](https://github.com/bitnami/containers/tree/main/bitna
### OAuth2 Proxy configuration parameters
-| Name | Description | Value |
-| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ------------------ |
-| `configuration.clientID` | OAuth client ID | `XXXXXXX` |
-| `configuration.clientSecret` | OAuth client secret | `XXXXXXXX` |
-| `configuration.cookieSecret` | OAuth cookie secret | `XXXXXXXXXXXXXXXX` |
-| `configuration.existingSecret` | Secret with the client ID, secret and cookie secret | `""` |
-| `configuration.google.enabled` | Enable Google service account | `false` |
-| `configuration.google.adminEmail` | Google admin email | `""` |
-| `configuration.google.groups` | Restrict logins to members of these google groups | `[]` |
-| `configuration.google.serviceAccountJson` | Google Service account JSON | `""` |
-| `configuration.google.existingSecret` | Existing secret containing Google Service Account | `""` |
-| `configuration.content` | Default configuration | `""` |
-| `configuration.existingConfigmap` | Configmap with the OAuth2 Proxy configuration | `""` |
-| `configuration.authenticatedEmailsFile.enabled` | Enable authenticated emails file | `false` |
-| `configuration.authenticatedEmailsFile.content` | Restricted access list (one email per line) | `""` |
-| `configuration.authenticatedEmailsFile.existingSecret` | Secret with the authenticated emails file | `""` |
-| `configuration.htpasswdFile.enabled` | Enable htpasswd file | `false` |
-| `configuration.htpasswdFile.existingSecret` | Existing secret for htpasswd file | `""` |
-| `configuration.htpasswdFile.content` | htpasswd file entries (one row per user) | `""` |
-| `configuration.oidcIssuerUrl` | OpenID Connect issuer URL | `""` |
-| `configuration.redirectUrl` | OAuth Redirect URL | `""` |
-| `configuration.whiteList` | Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains | `""` |
+| Name | Description | Value |
+| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------ |
+| `configuration.clientID` | OAuth client ID | `XXXXXXX` |
+| `configuration.clientSecret` | OAuth client secret | `XXXXXXXX` |
+| `configuration.cookieSecret` | OAuth cookie secret | `XXXXXXXXXXXXXXXX` |
+| `configuration.existingSecret` | Secret with the client ID, secret and cookie secret | `""` |
+| `configuration.google.enabled` | Enable Google service account | `false` |
+| `configuration.google.useApplicationDefaultCredentials` | Use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON | `false` |
+| `configuration.google.adminEmail` | Google admin email | `""` |
+| `configuration.google.groups` | Restrict logins to members of these google groups | `[]` |
+| `configuration.google.serviceAccountJson` | Google Service account JSON | `""` |
+| `configuration.google.existingSecret` | Existing secret containing Google Service Account | `""` |
+| `configuration.content` | Default configuration | `""` |
+| `configuration.existingConfigmap` | Configmap with the OAuth2 Proxy configuration | `""` |
+| `configuration.authenticatedEmailsFile.enabled` | Enable authenticated emails file | `false` |
+| `configuration.authenticatedEmailsFile.content` | Restricted access list (one email per line) | `""` |
+| `configuration.authenticatedEmailsFile.existingSecret` | Secret with the authenticated emails file | `""` |
+| `configuration.htpasswdFile.enabled` | Enable htpasswd file | `false` |
+| `configuration.htpasswdFile.existingSecret` | Existing secret for htpasswd file | `""` |
+| `configuration.htpasswdFile.content` | htpasswd file entries (one row per user) | `""` |
+| `configuration.oidcIssuerUrl` | OpenID Connect issuer URL | `""` |
+| `configuration.redirectUrl` | OAuth Redirect URL | `""` |
+| `configuration.whiteList` | Allowed domains for redirection after authentication. Prefix domain with a . or a *. to allow subdomains | `""` |
### OAuth2 Proxy deployment parameters
diff --git a/bitnami/oauth2-proxy/templates/deployment.yaml b/bitnami/oauth2-proxy/templates/deployment.yaml
index 2d2ff32389..d787366465 100644
--- a/bitnami/oauth2-proxy/templates/deployment.yaml
+++ b/bitnami/oauth2-proxy/templates/deployment.yaml
@@ -99,7 +99,11 @@ spec:
{{- end }}
{{- if .Values.configuration.google.enabled }}
- --google-admin-email={{ .Values.configuration.google.adminEmail }}
+ {{- if .Values.configuration.google.useApplicationDefaultCredentials }}
+ - --google-use-application-default-credentials=true
+ {{- else }}
- --google-service-account-json=/bitnami/oauth2-proxy/conf/google/service-account.json
+ {{- end }}
{{- if .Values.configuration.google.groups }}
{{- range $group := .Values.configuration.google.groups }}
- --google-group={{ $group }}
diff --git a/bitnami/oauth2-proxy/values.yaml b/bitnami/oauth2-proxy/values.yaml
index 957e8bd6e4..52510b6552 100644
--- a/bitnami/oauth2-proxy/values.yaml
+++ b/bitnami/oauth2-proxy/values.yaml
@@ -352,6 +352,7 @@ configuration:
## Alternatively, use an existing secret (see secret-google.yaml for required fields)
##
## @param configuration.google.enabled Enable Google service account
+ ## @param configuration.google.useApplicationDefaultCredentials Use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON
## @param configuration.google.adminEmail Google admin email
## @param configuration.google.groups Restrict logins to members of these google groups
## @param configuration.google.serviceAccountJson Google Service account JSON
@@ -359,6 +360,7 @@ configuration:
##
google:
enabled: false
+ useApplicationDefaultCredentials: false
adminEmail: ""
groups: []
serviceAccountJson: ""