diff --git a/charts/cosmo/Chart.yaml b/charts/cosmo/Chart.yaml index 00a8ccb..1b2d78a 100644 --- a/charts/cosmo/Chart.yaml +++ b/charts/cosmo/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: cosmo description: COSMO Helm chart for Kubernetes type: application -version: 1.0.0-rc1 -appVersion: v1.0.0-rc1 +version: 1.0.0-rc2 +appVersion: v1.0.0-rc2 kubeVersion: ">= 1.19.0-0" home: https://github.com/cosmo-workspace/cosmo icon: https://raw.githubusercontent.com/cosmo-workspace/cosmo/main/logo/logo-square-small.png diff --git a/charts/cosmo/templates/_helpers.tpl b/charts/cosmo/templates/_helpers.tpl index a1e51b5..d58928b 100644 --- a/charts/cosmo/templates/_helpers.tpl +++ b/charts/cosmo/templates/_helpers.tpl @@ -62,5 +62,5 @@ Required domain Dashboad URL */}} {{- define "cosmo.dashboard.signinUrl" -}} -{{ if .Values.dashboard.tls.insecure -}}http{{- else -}}https{{ end }}://{{ .Values.dashboard.ingressRoute.host }}.{{ .Values.domain }}/#/signin +{{ if not .Values.dashboard.tls.enabled -}}http{{- else -}}https{{ end }}://{{ .Values.dashboard.ingressRoute.host }}.{{ .Values.domain }}/#/signin {{- end }} \ No newline at end of file diff --git a/charts/cosmo/templates/auth-env-secret.yaml b/charts/cosmo/templates/auth-env-secret.yaml index 95a26e4..4c68489 100644 --- a/charts/cosmo/templates/auth-env-secret.yaml +++ b/charts/cosmo/templates/auth-env-secret.yaml @@ -3,6 +3,7 @@ kind: Secret metadata: name: cosmo-auth-env namespace: "{{ .Release.Namespace }}" +immutable: {{ .Values.dashboard.session.secretKeys.immutable }} data: COOKIE_DOMAIN: "{{ include "cosmo.domain" . | b64enc }}" SIGNIN_URL: {{ include "cosmo.dashboard.signinUrl" . | b64enc | quote }} diff --git a/charts/cosmo/templates/dashboard/ingressroute.yaml b/charts/cosmo/templates/dashboard/ingressroute.yaml index 583fdbe..85004cf 100644 --- a/charts/cosmo/templates/dashboard/ingressroute.yaml +++ b/charts/cosmo/templates/dashboard/ingressroute.yaml @@ -26,7 +26,7 @@ spec: name: cosmo-dashboard namespace: {{ .Release.Namespace }} port: cosmo-dashboard-ui-server - scheme: {{ if .Values.dashboard.tls.insecure -}}http{{- else -}}https{{ end }} + scheme: {{ if not .Values.dashboard.tls.enabled -}}http{{- else -}}https{{ end }} {{- end }} - kind: Rule match: Host(`{{ .Values.dashboard.ingressRoute.host }}.{{ .Values.domain }}`) && (Path(`/`) || PathPrefix(`/logo`,`/assets/`,`/dashboard.v1alpha1.AuthService/`)) @@ -36,7 +36,7 @@ spec: name: cosmo-dashboard namespace: {{ .Release.Namespace }} port: cosmo-dashboard-server - scheme: {{ if .Values.dashboard.tls.insecure -}}http{{- else -}}https{{ end }} + scheme: {{ if not .Values.dashboard.tls.enabled -}}http{{- else -}}https{{ end }} - kind: Rule match: Host(`{{ .Values.dashboard.ingressRoute.host }}.{{ .Values.domain }}`) priority: 1000 @@ -45,7 +45,7 @@ spec: name: cosmo-dashboard namespace: {{ .Release.Namespace }} port: cosmo-dashboard-server - scheme: {{ if .Values.dashboard.tls.insecure -}}http{{- else -}}https{{ end }} + scheme: {{ if not .Values.dashboard.tls.enabled -}}http{{- else -}}https{{ end }} {{- with .Values.dashboard.ingressRoute.middlewares }} middlewares: {{- toYaml . | nindent 8 }} diff --git a/charts/cosmo/test/__snapshots__/test-certManager-existing-issuer.snap b/charts/cosmo/test/__snapshots__/test-certManager-existing-issuer.snap index 63a6b39..3ddf38a 100644 --- a/charts/cosmo/test/__snapshots__/test-certManager-existing-issuer.snap +++ b/charts/cosmo/test/__snapshots__/test-certManager-existing-issuer.snap @@ -1056,6 +1056,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-healthz.snap b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-healthz.snap index e7b967c..c95a448 100644 --- a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-healthz.snap +++ b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-healthz.snap @@ -1056,6 +1056,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics-kubeRbacProxy.snap b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics-kubeRbacProxy.snap index d7cadc6..795f09e 100644 --- a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics-kubeRbacProxy.snap +++ b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics-kubeRbacProxy.snap @@ -1053,6 +1053,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics.snap b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics.snap index 655141d..1f6227f 100644 --- a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics.snap +++ b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-metrics.snap @@ -1048,6 +1048,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-webhook.snap b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-webhook.snap index bc2efd2..391fa99 100644 --- a/charts/cosmo/test/__snapshots__/test-controllerManager-disable-webhook.snap +++ b/charts/cosmo/test/__snapshots__/test-controllerManager-disable-webhook.snap @@ -861,6 +861,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-controllerManager-hostnetwork.snap b/charts/cosmo/test/__snapshots__/test-controllerManager-hostnetwork.snap index 14305d4..49ed94b 100644 --- a/charts/cosmo/test/__snapshots__/test-controllerManager-hostnetwork.snap +++ b/charts/cosmo/test/__snapshots__/test-controllerManager-hostnetwork.snap @@ -1072,6 +1072,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-dashboard-disable-ingressroute.snap b/charts/cosmo/test/__snapshots__/test-dashboard-disable-ingressroute.snap index 4f4c4ce..f1cc788 100644 --- a/charts/cosmo/test/__snapshots__/test-dashboard-disable-ingressroute.snap +++ b/charts/cosmo/test/__snapshots__/test-dashboard-disable-ingressroute.snap @@ -1024,7 +1024,8 @@ SnapShot = """ COOKIE_DOMAIN: ZXhhbXBsZS5jb20= COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' - SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + SIGNIN_URL: aHR0cDovL2Rhc2hib2FyZC5leGFtcGxlLmNvbS8jL3NpZ25pbg== + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-bind.snap b/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-bind.snap index a256fc1..b0c6b3c 100644 --- a/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-bind.snap +++ b/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-bind.snap @@ -1078,6 +1078,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-searchfilter.snap b/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-searchfilter.snap index 464e3cb..255186d 100644 --- a/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-searchfilter.snap +++ b/charts/cosmo/test/__snapshots__/test-dashboard-enable-ldap-searchfilter.snap @@ -1078,6 +1078,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-dashboard-fixed-session-key.snap b/charts/cosmo/test/__snapshots__/test-dashboard-fixed-session-key.snap index ddbdde4..ad00bb4 100644 --- a/charts/cosmo/test/__snapshots__/test-dashboard-fixed-session-key.snap +++ b/charts/cosmo/test/__snapshots__/test-dashboard-fixed-session-key.snap @@ -1070,6 +1070,7 @@ SnapShot = """ COOKIE_HASHKEY: hash_key COOKIE_SESSION_NAME: sess_name SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: false kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-dashboard-timeout.snap b/charts/cosmo/test/__snapshots__/test-dashboard-timeout.snap index 5fab97e..8ae13db 100644 --- a/charts/cosmo/test/__snapshots__/test-dashboard-timeout.snap +++ b/charts/cosmo/test/__snapshots__/test-dashboard-timeout.snap @@ -1070,6 +1070,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-default.snap b/charts/cosmo/test/__snapshots__/test-default.snap index 8f1d0a0..848ba3e 100644 --- a/charts/cosmo/test/__snapshots__/test-default.snap +++ b/charts/cosmo/test/__snapshots__/test-default.snap @@ -1070,6 +1070,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-fullnameOverride.snap b/charts/cosmo/test/__snapshots__/test-fullnameOverride.snap index 15f91ce..91c2213 100644 --- a/charts/cosmo/test/__snapshots__/test-fullnameOverride.snap +++ b/charts/cosmo/test/__snapshots__/test-fullnameOverride.snap @@ -1070,6 +1070,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-localRunTest.snap b/charts/cosmo/test/__snapshots__/test-localRunTest.snap index 604dd80..a74a426 100644 --- a/charts/cosmo/test/__snapshots__/test-localRunTest.snap +++ b/charts/cosmo/test/__snapshots__/test-localRunTest.snap @@ -1119,6 +1119,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-logging.snap b/charts/cosmo/test/__snapshots__/test-logging.snap index f77bdd2..938d059 100644 --- a/charts/cosmo/test/__snapshots__/test-logging.snap +++ b/charts/cosmo/test/__snapshots__/test-logging.snap @@ -1072,6 +1072,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-nameOverride.snap b/charts/cosmo/test/__snapshots__/test-nameOverride.snap index d4ac5ed..ff6b270 100644 --- a/charts/cosmo/test/__snapshots__/test-nameOverride.snap +++ b/charts/cosmo/test/__snapshots__/test-nameOverride.snap @@ -1070,6 +1070,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-podAnnotations-podLabels.snap b/charts/cosmo/test/__snapshots__/test-podAnnotations-podLabels.snap index a22f4ec..92145e7 100644 --- a/charts/cosmo/test/__snapshots__/test-podAnnotations-podLabels.snap +++ b/charts/cosmo/test/__snapshots__/test-podAnnotations-podLabels.snap @@ -1076,6 +1076,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-traefik-diabled.snap b/charts/cosmo/test/__snapshots__/test-traefik-diabled.snap index e23b1b4..fb8f379 100644 --- a/charts/cosmo/test/__snapshots__/test-traefik-diabled.snap +++ b/charts/cosmo/test/__snapshots__/test-traefik-diabled.snap @@ -825,6 +825,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/__snapshots__/test-use-existing-serviceaccount.snap b/charts/cosmo/test/__snapshots__/test-use-existing-serviceaccount.snap index 7de3665..9a32d45 100644 --- a/charts/cosmo/test/__snapshots__/test-use-existing-serviceaccount.snap +++ b/charts/cosmo/test/__snapshots__/test-use-existing-serviceaccount.snap @@ -1070,6 +1070,7 @@ SnapShot = """ COOKIE_HASHKEY: '###DYNAMIC_FIELD###' COOKIE_SESSION_NAME: '###DYNAMIC_FIELD###' SIGNIN_URL: aHR0cHM6Ly9kYXNoYm9hcmQuZXhhbXBsZS5jb20vIy9zaWduaW4= + immutable: true kind: Secret metadata: name: cosmo-auth-env diff --git a/charts/cosmo/test/test-dashboard-fixed-session-key.yaml b/charts/cosmo/test/test-dashboard-fixed-session-key.yaml index ca35039..251552b 100644 --- a/charts/cosmo/test/test-dashboard-fixed-session-key.yaml +++ b/charts/cosmo/test/test-dashboard-fixed-session-key.yaml @@ -6,6 +6,7 @@ domain: example.com dashboard: session: secretKeys: + immutable: false COOKIE_HASHKEY: hash_key COOKIE_BLOCKKEY: block_key COOKIE_SESSION_NAME: sess_name diff --git a/charts/cosmo/values.yaml b/charts/cosmo/values.yaml index 2862b33..0054f01 100644 --- a/charts/cosmo/values.yaml +++ b/charts/cosmo/values.yaml @@ -192,6 +192,7 @@ dashboard: # but when you are using ArgoCD, these secret keys are changed every sync # because it uses 'helm template' command and lookup function does not work. secretKeys: + immutable: true COOKIE_HASHKEY: COOKIE_BLOCKKEY: COOKIE_SESSION_NAME: