feat: add secrets for oauth (#582)

charts/testkube-dashboard/templates/oauth2-deployment.yaml

@@ -51,14 +51,42 @@ spec:
         # https://github.com/settings/applications/new
         env:
         - name: OAUTH2_PROXY_CLIENT_ID
+          {{- if .Values.oauth2.env.secretClientIdName }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.oauth2.env.secretClientIdName }}
+              key: {{ .Values.oauth2.env.secretClientIdKey }}
+          {{- else }}
           value: "{{ .Values.oauth2.env.clientId }}"
+          {{- end }}
         - name: OAUTH2_PROXY_CLIENT_SECRET
+          {{- if .Values.oauth2.env.secretClientSecretName }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.oauth2.env.secretClientSecretName }}
+              key: {{ .Values.oauth2.env.secretClientSecretKey }}
+          {{- else }}
           value: "{{ .Values.oauth2.env.clientSecret }}"
+          {{- end }}
         - name: OAUTH2_PROXY_GITHUB_ORG
+          {{- if .Values.oauth2.env.secretGithubOrgName }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.oauth2.env.secretGithubOrgName }}
+              key: {{ .Values.oauth2.env.secretGithubOrgKey }}
+          {{- else }}
           value: "{{ .Values.oauth2.env.githubOrg }}"
+          {{- end }}
         # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'
         - name: OAUTH2_PROXY_COOKIE_SECRET
+          {{- if .Values.oauth2.env.secretCookieSecretName }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.oauth2.env.secretCookieSecretName }}
+              key: {{ .Values.oauth2.env.secretCookieSecretKey }}
+          {{- else }}
           value: "{{ .Values.oauth2.env.cookieSecret }}"
+          {{- end }}
         - name: OAUTH2_PROXY_HTTP_ADDRESS
           value: "0.0.0.0:{{ .Values.oauth2.port }}"
         - name: OAUTH2_PROXY_COOKIE_SECURE

charts/testkube-dashboard/values.yaml

@@ -183,6 +183,28 @@ oauth2:
     cookieSecret: ""
     cookieSecure: "false"
     redirectUrl: "http://testkube.example.com/oauth2/callback"
+
+    ## values that are taken from k8s secrets
+    # k8s Secret Name for clientId
+    # k8s Secret Name key for clientId
+    secretClientIdName: ""
+    secretClientIdKey: ""
+
+    # k8s Secret Name for clientSecret
+    # k8s Secret Key for clientSecret
+    secretClientSecretName: ""
+    secretClientSecretKey: ""
+
+    # k8s Secret Name for CookieSecret
+    # k8s Secret Key for CookieSecret
+    secretCookieSecretName: ""
+    secretCookieSecretKey: ""
+
+    # k8s Secret Name for GithubOrg
+    # k8s Secret Key for GithubOrg
+    secretGithubOrgName: ""
+    secretGithubOrgKey: ""
+
   ## Add additional Ingress labels
   ingress:
     labels: {}

charts/testkube/values.yaml

@@ -681,6 +681,24 @@ testkube-dashboard:
       # -- "http://demo.testkube.io/oauth2/callback"
       redirectUrl: "http://testkube.example.com/oauth2/callback"
 
+      ## values that are taken from k8s secrets
+      # -- k8s Secret Name for clientId
+      secretClientIdName: ""
+      # -- k8s Secret Name key for clientId
+      secretClientIdKey: ""
+      # -- k8s Secret Name for clientSecret
+      secretClientSecretName: ""
+      # -- k8s Secret Key for clientSecret
+      secretClientSecretKey: ""
+      # -- k8s Secret Name for CookieSecret
+      secretCookieSecretName: ""
+      # -- k8s Secret Key for CookieSecret
+      secretCookieSecretKey: ""
+      # -- k8s Secret Name for GithubOrg
+      secretGithubOrgName: ""
+      # -- k8s Secret Key for GithubOrg
+      secretGithubOrgKey: ""
+
     # -- Add additional Ingress labels
     ingress:
       labels: {}