Add .values.config.oidc.secret

Also fix args not being passed to deployment if secret is not generated

Signed-off-by: Valentin Klopfenstein <git@klopfi.net>

Author: klopfi-bot

charts/headlamp/README.md

@@ -65,12 +65,13 @@ See [MAINTAINERS.md](https://github.com/headlamp-k8s/headlamp/blob/main/MAINTAIN
 
 ### Headlamp Configuration
 
-| Key                      | Type   | Default               | Description                                |
-|--------------------------|--------|-----------------------|--------------------------------------------|
-| config.baseURL           | string | `""`                  | base url path at which headlamp should run |
-| config.oidc.create       | bool   | `true`                | Enable this option to have the chart automatically create the OIDC secret using the specified values. |
-| config.oidc.clientID     | string | `""`                  | OIDC client ID                             |
-| config.oidc.clientSecret | string | `""`                  | OIDC client secret                         |
-| config.oidc.issuerURL    | string | `""`                  | OIDC issuer URL                            |
-| config.oidc.scopes       | string | `""`                  | OIDC scopes to be used                     |
-| config.pluginsDir        | string | `"/headlamp/plugins"` | directory to look for plugins              |
+| Key                       | Type   | Default               | Description                                |
+|---------------------------|--------|-----------------------|--------------------------------------------|
+| config.baseURL            | string | `""`                  | base url path at which headlamp should run |
+| config.oidc.clientID      | string | `""`                  | OIDC client ID                             |
+| config.oidc.clientSecret  | string | `""`                  | OIDC client secret                         |
+| config.oidc.issuerURL     | string | `""`                  | OIDC issuer URL                            |
+| config.oidc.scopes        | string | `""`                  | OIDC scopes to be used                     |
+| config.oidc.secret.create | bool   | `true`                | Enable this option to have the chart automatically create the OIDC secret using the specified values. |
+| config.oidc.secret.name   | string | `oidc`                | Name of the OIDC secret used by headlamp   |
+| config.pluginsDir         | string | `"/headlamp/plugins"` | directory to look for plugins              |

charts/headlamp/templates/deployment.yaml

@@ -35,50 +35,52 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{ with .Values.config.oidc }}
           env:
-            {{- if or .Values.config.oidc.clientID (not .Values.config.oidc.create) }}
+            {{- if or .clientID (not .secret.create) }}
             - name: OIDC_CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: oidc
+                  name: {{ .secret.name }}
                   key: clientID
             {{- end }}
-            {{- if or .Values.config.oidc.clientSecret (not .Values.config.oidc.create) }}
+            {{- if or .clientSecret (not .secret.create) }}
             - name: OIDC_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: oidc
+                  name: {{ .secret.name }}
                   key: clientSecret
             {{- end }}
-            {{- if or .Values.config.oidc.issuerURL (not .Values.config.oidc.create) }}
+            {{- if or .issuerURL (not .secret.create) }}
             - name: OIDC_ISSUER_URL
               valueFrom:
                 secretKeyRef:
-                  name: oidc
+                  name: {{ .secret.name }}
                   key: issuerURL
             {{- end }}
-            {{- if or .Values.config.oidc.scopes (not .Values.config.oidc.create) }}
+            {{- if or .scopes (not .secret.create) }}
             - name: OIDC_SCOPES
               valueFrom:
                 secretKeyRef:
-                  name: oidc
+                  name: {{ .secret.name }}
                   key: scopes
             {{- end }}
+          {{- end }}
           args:
             - "-in-cluster"
             {{- with .Values.config.pluginsDir}}
             - "-plugins-dir={{ . }}"
             {{- end }}
-            {{- with .Values.config.oidc.clientID }}
+            {{- if or .Values.config.oidc.clientID (not .Values.config.oidc.secret.create) }}
             - "-oidc-client-id=$(OIDC_CLIENT_ID)"
             {{- end }}
-            {{- with .Values.config.oidc.clientSecret }}
+            {{- if or .Values.config.oidc.clientSecret (not .Values.config.oidc.secret.create) }}
             - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)"
             {{- end }}
-            {{- with .Values.config.oidc.issuerURL }}
+            {{- if or .Values.config.oidc.issuerURL (not .Values.config.oidc.secret.create) }}
             - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)"
             {{- end }}
-            {{- with .Values.config.oidc.scopes }}
+            {{- if or .Values.config.oidc.scopes (not .Values.config.oidc.secret.create) }}
             - "-oidc-scopes=$(OIDC_SCOPES)"
             {{- end }}
             {{- with .Values.config.baseURL }}

charts/headlamp/templates/secret.yaml

@@ -1,20 +1,22 @@
-{{- if .Values.config.oidc.create }}
+{{- with .Values.config.oidc }}
+{{- if .secret.create -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: oidc
+  name: {{ .secret.name }}
 type: Opaque
 data:
-{{- with .Values.config.oidc.clientID }}
+{{- with .clientID }}
   clientID: {{ . | b64enc | quote }}
 {{- end }}
-{{- with .Values.config.oidc.clientSecret }}
+{{- with .clientSecret }}
   clientSecret: {{ . | b64enc | quote }}
 {{- end }}
-{{- with .Values.config.oidc.issuerURL }}
+{{- with .issuerURL }}
   issuerURL: {{ . | b64enc | quote }}
 {{- end }}
-{{- with .Values.config.oidc.scopes }}
+{{- with .scopes }}
   scopes: {{ . | b64enc | quote }}
 {{- end }}
 {{- end }}
+{{- end }}

charts/headlamp/values.yaml

@@ -29,8 +29,11 @@ config:
   # -- base url path at which headlamp should run
   baseURL: ""
   oidc:
-    # -- Generate OIDC secret. If true, will generate a secret using the values below.
-    create: true
+    secret:
+      # -- Generate OIDC secret. If true, will generate a secret using .config.oidc.
+      create: true
+      # -- Name of the OIDC secret.
+      name: oidc
     # -- OIDC client ID
     clientID: ""
     # -- OIDC client secret