Skip to content

Commit

Permalink
fix(authproxy): deploy openshift-oauth-proxy fork
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewazores
andrewazores committed Jun 7, 2024
1 parent 95c8e99 commit 659e5d8
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 18 deletions.
28 changes: 14 additions & 14 deletions charts/cryostat/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,20 +113,20 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op

### OpenShift OAuth Proxy

| Name | Description | Value |
| ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
| `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/openshift/origin-oauth-proxy` |
| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` |
| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `latest` |
| `openshiftOauthProxy.accessReview.enabled` | Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token. | `true` |
| `openshiftOauthProxy.accessReview.group` | The OpenShift resource group that the SubjectAccessReview/TokenAccessReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `""` |
| `openshiftOauthProxy.accessReview.resource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `pods` |
| `openshiftOauthProxy.accessReview.subresource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `exec` |
| `openshiftOauthProxy.accessReview.name` | The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` |
| `openshiftOauthProxy.accessReview.namespace` | The OpenShift namespace that the SubjectAccessReview/TokenAccessReview will be performed for. | `{{ .Release.Namespace }}` |
| `openshiftOauthProxy.accessReview.verb` | The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. | `create` |
| `openshiftOauthProxy.accessReview.version` | The OpenShift resource version that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` |
| `openshiftOauthProxy.securityContext` | Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` |
| Name | Description | Value |
| ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- |
| `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/cryostat/openshift-oauth-proxy` |
| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` |
| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `cryostat-v3.0` |
| `openshiftOauthProxy.accessReview.enabled` | Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token. | `true` |
| `openshiftOauthProxy.accessReview.group` | The OpenShift resource group that the SubjectAccessReview/TokenAccessReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `""` |
| `openshiftOauthProxy.accessReview.resource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `pods` |
| `openshiftOauthProxy.accessReview.subresource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `exec` |
| `openshiftOauthProxy.accessReview.name` | The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` |
| `openshiftOauthProxy.accessReview.namespace` | The OpenShift namespace that the SubjectAccessReview/TokenAccessReview will be performed for. | `{{ .Release.Namespace }}` |
| `openshiftOauthProxy.accessReview.verb` | The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. | `create` |
| `openshiftOauthProxy.accessReview.version` | The OpenShift resource version that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` |
| `openshiftOauthProxy.securityContext` | Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` |


### Other Parameters
Expand Down
4 changes: 2 additions & 2 deletions charts/cryostat/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -595,7 +595,7 @@
"repository": {
"type": "string",
"description": "Repository for the OpenShift OAuth Proxy container image",
"default": "quay.io/openshift/origin-oauth-proxy"
"default": "quay.io/cryostat/openshift-oauth-proxy"
},
"pullPolicy": {
"type": "string",
Expand All @@ -605,7 +605,7 @@
"tag": {
"type": "string",
"description": "Tag for the OpenShift OAuth Proxy container image",
"default": "latest"
"default": "cryostat-v3.0"
}
}
},
Expand Down
4 changes: 2 additions & 2 deletions charts/cryostat/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,11 +208,11 @@ oauth2Proxy:
openshiftOauthProxy:
image:
## @param openshiftOauthProxy.image.repository Repository for the OpenShift OAuth Proxy container image
repository: "quay.io/openshift/origin-oauth-proxy"
repository: "quay.io/cryostat/openshift-oauth-proxy"
## @param openshiftOauthProxy.image.pullPolicy Image pull policy for the OpenShift OAuth Proxy container image
pullPolicy: Always
## @param openshiftOauthProxy.image.tag Tag for the OpenShift OAuth Proxy container image
tag: "latest"
tag: "cryostat-v3.0"
accessReview:
## @param openshiftOauthProxy.accessReview.enabled Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token.
enabled: true
Expand Down

0 comments on commit 659e5d8

Please sign in to comment.