align oauth2-proxy with helmchart

Signed-off-by: Krzysztof Romanowski <krzysztof.romanowski.kr3@roche.com>
kromanow94 · Oct 2, 2023 · 93dadd4 · 93dadd4
1 parent 35ec17b
commit 93dadd4
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 35 deletions.
diff --git a/common/oidc-client/oauth2-proxy/base/deployment.yaml b/common/oidc-client/oauth2-proxy/base/deployment.yaml
@@ -19,9 +19,6 @@ spec:
           configMap:
             name: oauth2-proxy
             defaultMode: 420
-        - name: oauth2-proxy
-          secret:
-            secretName: oauth2-proxy
       containers:
         - name: oauth2-proxy
           image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
@@ -36,18 +33,25 @@ spec:
               containerPort: 44180
               protocol: TCP
           env:
+            - name: OAUTH2_PROXY_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: oauth2-proxy
+                  key: client-id
+            - name: OAUTH2_PROXY_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: oauth2-proxy
+                  key: client-secret
             - name: OAUTH2_PROXY_COOKIE_SECRET
               valueFrom:
                 secretKeyRef:
                   name: oauth2-proxy
-                  key: COOKIE_SECRET
+                  key: cookie-secret
           volumeMounts:
             - name: configmain
               mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
               subPath: oauth2_proxy.cfg
-            - name: oauth2-proxy
-              subPath: CLIENT_SECRET
-              mountPath: "/etc/oauth2_proxy/CLIENT_SECRET"
           livenessProbe:
             httpGet:
               path: /ping

diff --git a/common/oidc-client/oauth2-proxy/base/kustomization.yaml b/common/oidc-client/oauth2-proxy/base/kustomization.yaml
@@ -1,6 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+namespace: oauth2-proxy
+
 resources:
 - deployment.yaml
 - namespace.yaml
@@ -17,31 +19,28 @@ resources:
 secretGenerator:
 - name: oauth2-proxy
   type: Opaque
-  envs:
-  - secret_params.env
-
-namespace: oauth2-proxy
-
-generatorOptions:
-  disableNameSuffixHash: true
+  literals:
+    - "client-id=kubeflow-oidc-authservice"
+    - "client-secret=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok"
+    - "cookie-secret=7d16fee92f8d11b8940b081b3f8b8acb"
 
-vars:
-  - name: AUTHSERVICE_NAMESPACE
-    objref:
-      kind: Service
-      name: oauth2-proxy
-      apiVersion: v1
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: AUTHSERVICE_SERVICE
-    objref:
-      kind: Service
-      name: oauth2-proxy
-      apiVersion: v1
-    fieldref:
-      fieldpath: metadata.name
-configurations:
-  - params.yaml
+# vars:
+#   - name: AUTHSERVICE_NAMESPACE
+#     objref:
+#       kind: Service
+#       name: oauth2-proxy
+#       apiVersion: v1
+#     fieldref:
+#       fieldpath: metadata.namespace
+#   - name: AUTHSERVICE_SERVICE
+#     objref:
+#       kind: Service
+#       name: oauth2-proxy
+#       apiVersion: v1
+#     fieldref:
+#       fieldpath: metadata.name
+# configurations:
+#   - params.yaml
 
 images:
 - name: quay.io/oauth2-proxy/oauth2-proxy

diff --git a/common/oidc-client/oauth2-proxy/base/oauth2-proxy-config.yaml b/common/oidc-client/oauth2-proxy/base/oauth2-proxy-config.yaml
@@ -12,8 +12,6 @@ data:
     upstreams = "static://200"
     email_domains = [ "*" ]
     skip_auth_regex=["/dex/.*"]
-    client_id = "kubeflow-oidc-authservice"
-    client_secret_file = "/etc/oauth2_proxy/CLIENT_SECRET"
     # ---
     # OIDC Discovery has to be skipped and login url has to be provided directly
     # in order to enable relative auth redirect.

diff --git a/common/oidc-client/oauth2-proxy/base/secret_params.env b/common/oidc-client/oauth2-proxy/base/secret_params.env