Skip to content

Commit

Permalink
Allowing for custom config path
Browse files Browse the repository at this point in the history
Signed-off-by: Nick Niehoff <github@nickniehoff.net>
  • Loading branch information
nniehoff committed May 14, 2022
1 parent 2d1a060 commit b07a284
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 17 deletions.
8 changes: 5 additions & 3 deletions charts/dex/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
type: application
name: dex
version: 0.8.2
version: 0.9.0
appVersion: "2.31.1"
kubeVersion: ">=1.14.0-0"
description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.
Expand All @@ -21,8 +21,10 @@ maintainers:
url: https://sagikazarmark.hu
annotations:
artifacthub.io/changes: |
- kind: changed
description: "Restore `ClusterRoleBinding` when using cluster scoped permissions"
- kind: added
description: "Added configFile value to allow for a custom config file location"
- kind: added
description: "Added volumes and volumeMounts helpers to only mount secret if a secret is needed"
artifacthub.io/images: |
- name: dex
image: ghcr.io/dexidp/dex:v2.31.1
3 changes: 2 additions & 1 deletion charts/dex/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# dex

![version: 0.8.2](https://img.shields.io/badge/version-0.8.2-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.31.1](https://img.shields.io/badge/app%20version-2.31.1-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex)
![version: 0.9.0](https://img.shields.io/badge/version-0.9.0-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.31.1](https://img.shields.io/badge/app%20version-2.31.1-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex)

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.

Expand Down Expand Up @@ -120,6 +120,7 @@ ingress:
| hostAliases | list | `[]` | A list of hosts and IPs that will be injected into the pod's hosts file if specified. See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#hostname-and-name-resolution) |
| https.enabled | bool | `false` | Enable the HTTPS endpoint. |
| grpc.enabled | bool | `false` | Enable the gRPC endpoint. Read more in the [documentation](https://dexidp.io/docs/api/). |
| configFile | string | `"/etc/dex/config.yaml"` | Full Path to the dex config file. |
| configSecret.create | bool | `true` | Enable creating a secret from the values passed to `config`. If set to false, name must point to an existing secret. |
| configSecret.name | string | `""` | The name of the secret to mount as configuration in the pod. If not set and create is true, a name is generated using the fullname template. Must point to secret that contains at least a `config.yaml` key. |
| config | object | `{}` | Application configuration. See the [official documentation](https://dexidp.io/docs/). |
Expand Down
24 changes: 24 additions & 0 deletions charts/dex/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,27 @@ Create the name of the secret containing the config file to use
{{- default "default" .Values.configSecret.name }}
{{- end }}
{{- end }}

{{/*
Create Volumes
*/}}
{{- define "dex.volumes" -}}
{{- if or .Values.configSecret.create .Values.configSecret.name }}
{{- $defaultVolume := list (dict "name" "config" "secret" (dict "secretName" (include "dex.configSecretName" .))) -}}
{{ concat $defaultVolume .Values.volumes | toYaml }}
{{- else -}}
{{ .Values.volumes | toYaml }}
{{- end }}
{{- end }}

{{/*
Create Volume Mounts
*/}}
{{- define "dex.volumeMounts" -}}
{{- if or .Values.configSecret.create .Values.configSecret.name }}
{{- $defaultMount := list (dict "name" "config" "mountPath" "/etc/dex" "readOnly" "true") -}}
{{ concat $defaultMount .Values.volumeMounts | toYaml }}
{{- else -}}
{{ .Values.volumeMounts | toYaml }}
{{- end }}
{{- end }}
16 changes: 3 additions & 13 deletions charts/dex/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ spec:
{{- end }}
- --telemetry-addr
- 0.0.0.0:5558
- /etc/dex/config.yaml
- {{ .Values.configFile }}
env:
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
Expand Down Expand Up @@ -103,19 +103,9 @@ spec:
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/dex
readOnly: true
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- (include "dex.volumeMounts" .) | nindent 12 }}
volumes:
- name: config
secret:
secretName: {{ include "dex.configSecretName" . }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- (include "dex.volumes" .) | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
3 changes: 3 additions & 0 deletions charts/dex/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ grpc:
# Read more in the [documentation](https://dexidp.io/docs/api/).
enabled: false

# -- Full Path to the dex config file.
configFile: "/etc/dex/config.yaml"

configSecret:
# -- Enable creating a secret from the values passed to `config`.
# If set to false, name must point to an existing secret.
Expand Down

0 comments on commit b07a284

Please sign in to comment.