Skip to content

Commit

Permalink
add more configuration parameters for customization
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewazores
andrewazores committed Apr 18, 2024
1 parent 9a4ab1f commit 166666f
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 49 deletions.
33 changes: 20 additions & 13 deletions charts/cryostat/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,19 +106,26 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op

### OpenShift OAuth Proxy

| Name | Description | Value |
| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
| `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/openshift/origin-oauth-proxy` |
| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` |
| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `latest` |
| `openshiftOauthProxy.accessReview[0].namespace` | The OpenShift Namespace that the SubjectAccessReview will be performed for. | `{{ .Release.Namespace }}` |
| `openshiftOauthProxy.accessReview[0].group` | The OpenShift resource group that the SubjectAccessReview will be performed for | `""` |
| `openshiftOauthProxy.accessReview[0].resource` | The OpenShift resource that the SubjectAccessReview will be performed for | `pods/exec` |
| `openshiftOauthProxy.accessReview[0].verb` | The OpenShift resource verb that the SubjectAccessReview will be performed for | `create` |
| `openshiftOauthProxy.tokenReview.group` | The OpenShift resource group that the TokenReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `""` |
| `openshiftOauthProxy.tokenReview.resource` | The OpenShift resource that the TokenReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `pods/exec` |
| `openshiftOauthProxy.tokenReview.verb` | The OpenShift resource verb that the TokenReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `create` |
| `openshiftOauthProxy.securityContext` | Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` |
| Name | Description | Value |
| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
| `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/openshift/origin-oauth-proxy` |
| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` |
| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `latest` |
| `openshiftOauthProxy.accessReview[0].group` | The OpenShift resource group that the SubjectAccessReview will be performed for | `""` |
| `openshiftOauthProxy.accessReview[0].resource` | The OpenShift resource that the SubjectAccessReview will be performed for | `pods` |
| `openshiftOauthProxy.accessReview[0].subresource` | The OpenShift subresource that the SubjectAccessReview will be performed for | `exec` |
| `openshiftOauthProxy.accessReview[0].name` | The OpenShift resource name that the SubjectAccessReview will be performed for | `""` |
| `openshiftOauthProxy.accessReview[0].namespace` | The OpenShift Namespace that the SubjectAccessReview will be performed for. | `{{ .Release.Namespace }}` |
| `openshiftOauthProxy.accessReview[0].verb` | The OpenShift resource verb that the SubjectAccessReview will be performed for | `create` |
| `openshiftOauthProxy.accessReview[0].version` | The OpenShift resource version that the SubjectAccessReview will be performed for | `""` |
| `openshiftOauthProxy.tokenReview.group` | The OpenShift resource group that the TokenReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `""` |
| `openshiftOauthProxy.tokenReview.resource` | The OpenShift resource that the TokenReview will be performed for. | `pods` |
| `openshiftOauthProxy.tokenReview.subresource` | The OpenShift resource that the TokenReview will be performed for. | `exec` |
| `openshiftOauthProxy.tokenReview.name` | The OpenShift resource name that the TokenReview will be performed for. | `""` |
| `openshiftOauthProxy.tokenReview.namespace` | The OpenShift namespace that the TokenReview will be performed for. | `{{ .Release.Namespace }}` |
| `openshiftOauthProxy.tokenReview.verb` | The OpenShift resource name that the TokenReview will be performed for. | `create` |
| `openshiftOauthProxy.tokenReview.version` | The OpenShift resource version that the TokenReview will be performed for. | `""` |
| `openshiftOauthProxy.securityContext` | Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` |


### Other Parameters
Expand Down
2 changes: 1 addition & 1 deletion charts/cryostat/templates/openshiftOauthProxy.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
- --tls-key=/etc/tls/private/tls.key
- --proxy-prefix=/oauth2
- --openshift-sar={{ tpl ( .Values.openshiftOauthProxy.accessReview | toJson ) . }}
- --openshift-delegate-urls={"/":{{ .Values.openshiftOauthProxy.tokenReview | toJson }}}
- --openshift-delegate-urls={"/":{{ tpl ( .Values.openshiftOauthProxy.tokenReview | toJson ) . }}}
{{- if .Values.authentication.basicAuth.enabled }}
- --htpasswd-file=/etc/openshift_oauth_proxy/basicauth/{{ .Values.authentication.basicAuth.filename }}
{{- end }}
Expand Down
Loading

0 comments on commit 166666f

Please sign in to comment.