Allow CA secret name to be specified for oidc-client

This commit allows the CA secret name for the oidc client to be specified through a helm override. By default, if no overrides are given, the secret name is assumed to be dex-client-secret, same as the old forced secret name, for compatibility with older systems. Change-Id: I4a86f3262050a4638fd6f16192490ce1e1e11ff2 Story: 2007361 Task: 42649 Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2021-06-28 16:28:18 -04:00 · 2021-06-28 16:28:18 -04:00 · 5b0faac2d6
parent 6ccf7952bd
commit 5b0faac2d6
2 changed files with 2 additions and 1 deletions
--- a/stx-oidc-auth-helm/stx-oidc-auth-helm/helm-charts/oidc-client/templates/deployment.yaml
+++ b/stx-oidc-auth-helm/stx-oidc-auth-helm/helm-charts/oidc-client/templates/deployment.yaml
@ -83,7 +83,7 @@ spec:
      volumes:
        - name: dex-client-secret-volume
          secret:
-            secretName: dex-client-secret
+            secretName: {{ .Values.config.issuer_root_ca_secret }}
        - name: https-tls
          secret:
            secretName: {{ .Values.tlsName }}
--- a/stx-oidc-auth-helm/stx-oidc-auth-helm/helm-charts/oidc-client/values.yaml
+++ b/stx-oidc-auth-helm/stx-oidc-auth-helm/helm-charts/oidc-client/values.yaml
@ -30,6 +30,7 @@ config:
  client_secret: St8rlingX
  issuer: https://10.10.10.3:30556/dex
  issuer_root_ca: /home/dex-ca.pem
+  issuer_root_ca_secret: dex-client-secret
  listen: https://0.0.0.0:5555
  redirect_uri: https://10.10.10.3:30555/callback