Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 99c6cdd4d538ae3a560921451d29fa890ad5d332^! / . / charts
commit99c6cdd4d538ae3a560921451d29fa890ad5d332[log] [tgz]
authorgiolekva <giolekva@gmail.com>Wed Nov 10 15:12:48 2021 +0400
committergiolekva <giolekva@gmail.com>Wed Nov 10 15:12:48 2021 +0400
tree1067a5d222df72f779bee329abe2a520bd67ea3e
parent17861bc0aff3b876e2cbaf8e64459348bc7efc59 [diff]
Installer: use helm secrets to encrypt secrets locally and avoid regenerating them on every upgrade

diff --git a/charts/pihole/templates/_helpers.tpl b/charts/pihole/templates/_helpers.tpl
deleted file mode 100644
index 063b2b4..0000000
--- a/charts/pihole/templates/_helpers.tpl
+++ /dev/null

@@ -1,7 +0,0 @@
-{{- define "clientSecret" -}}
-{{- if .Values.oauth2.clientSecret -}}
-{{- .Values.oauth2.clientSecret -}}
-{{- else -}}
-{{- randAlphaNum 32 -}}
-{{- end -}}
-{{- end -}}

diff --git a/charts/pihole/templates/oauth2-client-secret.yaml b/charts/pihole/templates/oauth2-client-secret.yaml
new file mode 100644
index 0000000..bff9df3
--- /dev/null
+++ b/charts/pihole/templates/oauth2-client-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ .Values.oauth2.secretName }}
+  namespace: {{ .Release.Namespace }}
+data:
+  client_id: {{ .Values.oauth2.clientId | b64enc  }}
+  client_secret: {{ .Values.oauth2.clientSecret | b64enc }}

diff --git a/charts/pihole/templates/oauth2-proxy-config.yaml b/charts/pihole/templates/oauth2-proxy-config.yaml
index 1ce0ffa..69a6448 100644
--- a/charts/pihole/templates/oauth2-proxy-config.yaml
+++ b/charts/pihole/templates/oauth2-proxy-config.yaml

@@ -1,15 +1,3 @@
-{{- $secret := include "clientSecret" . -}}
----
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ .Values.oauth2.secretName }}
-  namespace: {{ .Release.Namespace }}
-data:
-  client_id: {{ .Values.oauth2.clientId | b64enc  }}
-  client_secret: {{ $secret | b64enc }}
----
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -43,13 +31,13 @@
 
     ## The OAuth Client ID, Secret
     client_id = "{{ .Values.oauth2.clientId }}"
-    client_secret = "{{ $secret }}"
+    client_secret = "{{ .Values.oauth2.clientSecret }}"
 
     ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
     pass_access_token = false
 
     cookie_name = "_oauth2_proxy_pihole"
-    cookie_secret = "123456789012345678901234567890--"
+    cookie_secret = "{{ .Values.oauth2.cookieSecret }}"
     cookie_domains = "pihole.p.{{ .Values.domain }}"
     cookie_expire = "168h"
     cookie_refresh = "100h"

diff --git a/charts/pihole/values.yaml b/charts/pihole/values.yaml
index 9c038d6..a7ced0b 100644
--- a/charts/pihole/values.yaml
+++ b/charts/pihole/values.yaml

@@ -1,6 +1,8 @@
 pihole: {}
 oauth2:
   clientId: app-pihole
+  clientSecret: ""
+  cookieSecret: ""
   secretName: oauth2-secret
   configName: oauth2-proxy
 domain: example.com