Installer: use helm secrets to encrypt secrets locally and avoid regenerating them on every upgrade

commit: 99c6cdd4d538ae3a560921451d29fa890ad5d332 [log] [tgz]
author: giolekva <giolekva@gmail.com> Wed Nov 10 15:12:48 2021 +0400
committer: giolekva <giolekva@gmail.com> Wed Nov 10 15:12:48 2021 +0400
tree: 1067a5d222df72f779bee329abe2a520bd67ea3e
parent: 17861bc0aff3b876e2cbaf8e64459348bc7efc59 [diff] [blame]
diff --git a/charts/pihole/templates/oauth2-proxy-config.yaml b/charts/pihole/templates/oauth2-proxy-config.yaml
index 1ce0ffa..69a6448 100644
--- a/charts/pihole/templates/oauth2-proxy-config.yaml
+++ b/charts/pihole/templates/oauth2-proxy-config.yaml

@@ -1,15 +1,3 @@
-{{- $secret := include "clientSecret" . -}}
----
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ .Values.oauth2.secretName }}
-  namespace: {{ .Release.Namespace }}
-data:
-  client_id: {{ .Values.oauth2.clientId | b64enc  }}
-  client_secret: {{ $secret | b64enc }}
----
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -43,13 +31,13 @@
 
     ## The OAuth Client ID, Secret
     client_id = "{{ .Values.oauth2.clientId }}"
-    client_secret = "{{ $secret }}"
+    client_secret = "{{ .Values.oauth2.clientSecret }}"
 
     ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
     pass_access_token = false
 
     cookie_name = "_oauth2_proxy_pihole"
-    cookie_secret = "123456789012345678901234567890--"
+    cookie_secret = "{{ .Values.oauth2.cookieSecret }}"
     cookie_domains = "pihole.p.{{ .Values.domain }}"
     cookie_expire = "168h"
     cookie_refresh = "100h"
commit	99c6cdd4d538ae3a560921451d29fa890ad5d332	[log] [tgz]
author	giolekva <giolekva@gmail.com>	Wed Nov 10 15:12:48 2021 +0400
committer	giolekva <giolekva@gmail.com>	Wed Nov 10 15:12:48 2021 +0400
tree	1067a5d222df72f779bee329abe2a520bd67ea3e
parent	17861bc0aff3b876e2cbaf8e64459348bc7efc59 [diff] [blame]