Merge branch 'main' into feat/proxyVarsFromSecret

oauth2-proxy · May 1, 2024 · 73adb59 · 73adb59
2 parents a78c177 + 1d09e96
commit 73adb59
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 13 deletions.
diff --git a/helm/oauth2-proxy/Chart.yaml b/helm/oauth2-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.5.0
+version: 7.6.0
 apiVersion: v2
 appVersion: 7.6.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

diff --git a/helm/oauth2-proxy/scripts/check-redis.sh b/helm/oauth2-proxy/scripts/check-redis.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+RETRY_INTERVAL=5  # Interval between retries in seconds
+elapsed=0  # Elapsed time
+
+check_redis() {
+    host=$1
+    port=$2
+    while [ $elapsed -lt $TOTAL_RETRY_TIME ]; do
+        echo "Checking Redis at $host:$port... Elapsed time: ${elapsed}s"
+        if nc -z -w1 $TIMEOUT $host $port > /dev/null 2>&1; then
+            echo "Redis is up at $host:$port!"
+            return 0
+        else
+            echo "Redis is down at $host:$port. Retrying in $RETRY_INTERVAL seconds."
+            sleep $RETRY_INTERVAL
+            elapsed=$((elapsed + RETRY_INTERVAL))
+        fi
+    done
+    echo "Failed to connect to Redis at $host:$port after $TOTAL_RETRY_TIME seconds."
+    return 1
+}
+
+# For parsing and checking connections
+parse_and_check() {
+    url=$1
+    clean_url=${url#redis://}
+    host=$(echo $clean_url | cut -d':' -f1)
+    port=$(echo $clean_url | cut -d':' -f2)
+    check_redis $host $port
+}
+
+# Main
+if [ "$OAUTH2_PROXY_REDIS_USE_CLUSTER" = "true" ]; then
+    echo "Checking Redis in cluster mode..."
+    echo "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ "$OAUTH2_PROXY_REDIS_USE_SENTINEL" = "true" ]; then
+    echo "Checking Redis in sentinel mode..."
+    echo "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ -n "$OAUTH2_PROXY_REDIS_CONNECTION_URL" ]; then
+    echo "Checking standalone Redis..."
+    parse_and_check "$OAUTH2_PROXY_REDIS_CONNECTION_URL" || exit 1
+else
+    echo "Redis configuration not specified."
+    exit 1
+fi
+
+echo "Redis check completed."
diff --git a/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml b/helm/oauth2-proxy/templates/configmap-wait-for-redis.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  check-redis.sh: |
+{{ .Files.Get "scripts/check-redis.sh" | indent 4 }}
+{{- end }}
diff --git a/helm/oauth2-proxy/templates/deployment.yaml b/helm/oauth2-proxy/templates/deployment.yaml
@@ -62,20 +62,32 @@ spec:
       {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
       initContainers:
       - name: wait-for-redis
-        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ include "kubectl.version" . }}"
+        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}"
         imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }}
-        args:
-          - wait
-          - pod/{{ include "oauth2-proxy.redis.fullname" . }}-master-0
-          - --for=condition=ready
-          - --timeout={{ .Values.initContainers.waitForRedis.timeout }}s
+        command: ["/bin/sh", "-c", "/scripts/check-redis.sh"]    
+        env:
+        - name: TOTAL_RETRY_TIME
+          value: "{{ .Values.initContainers.waitForRedis.timeout }}"
+        {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+        - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+          value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+        - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+          value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+          value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }}
+        {{- end }}
       {{- if .Values.initContainers.waitForRedis.securityContext.enabled }}
       {{- $securityContext := unset .Values.initContainers.waitForRedis.securityContext "enabled" }}
         securityContext:
           {{- toYaml $securityContext | nindent 10 }}
       {{- end }}
         resources:
           {{- toYaml .Values.initContainers.waitForRedis.resources | nindent 10 }}
+        volumeMounts:
+        - name: redis-script
+          mountPath: /scripts
       {{- end }}
       {{- if .Values.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
@@ -215,6 +227,10 @@ spec:
         {{- end }}
         {{- if .Values.extraEnv }}
 {{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
+        {{- end }}
+        {{- if .Values.envFrom }}
+        envFrom:
+{{ tpl (toYaml .Values.envFrom) . | indent 8 }}
         {{- end }}
         ports:
         {{- if .Values.containerPort }}
@@ -324,7 +340,12 @@ spec:
           secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
 {{- end }}
 {{- end }}
-
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+      - name: redis-script
+        configMap:
+          name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+          defaultMode: 0775
+{{- end }}
 {{- if or .Values.config.existingConfig .Values.config.configFile }}
       - configMap:
           defaultMode: 420

diff --git a/helm/oauth2-proxy/templates/servicemonitor.yaml b/helm/oauth2-proxy/templates/servicemonitor.yaml
@@ -44,7 +44,7 @@ spec:
     {{- end }}
     {{- with .Values.metrics.serviceMonitor.tlsConfig }}
     tlsConfig:
-      {{- toYaml .| nindent 4 }}
+      {{- toYaml .| nindent 6 }}
     {{- end }}
     {{- with .Values.metrics.serviceMonitor.metricRelabelings }}
     metricRelabelings:

diff --git a/helm/oauth2-proxy/values.yaml b/helm/oauth2-proxy/values.yaml
@@ -86,6 +86,19 @@ image:
 extraArgs: {}
 extraEnv: []
 
+envFrom: []
+# Load environment variables from a ConfigMap(s) and/or Secret(s)
+# that already exists (created and managed by you).
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
+#
+# PS: Changes in these ConfigMaps or Secrets will not be automatically
+#     detected and you must manually restart the relevant Pods after changes.
+#
+#  - configMapRef:
+#      name: special-config
+#  - secretRef:
+#      name: special-config-secret
+
 # -- Custom labels to add into metadata
 customLabels: {}
 
@@ -282,7 +295,8 @@ initContainers:
   waitForRedis:
     enabled: true
     image:
-      repository: "docker.io/bitnami/kubectl"
+      repository: "alpine"
+      tag: "latest"
       pullPolicy: "IfNotPresent"
     # uses the kubernetes version of the cluster
     # the chart is deployed on, if not set
@@ -357,9 +371,7 @@ redis:
   # Redis specific helm chart settings, please see:
   # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
   # redisPort: 6379
-  # cluster:
-  #   enabled: false
-  #   slaveCount: 1
+  # architecture: standalone
 
 # Enables apiVersion deprecation checks
 checkDeprecation: true