Add paramaters in Helm chart to load OIDC clientSecret from Secret Resource (#17784)

2025-04-23 03:45:49 -04:00 · 2023-09-30 22:44:38 +02:00 · 2023-09-30 22:44:38 +02:00 · c053e57068
commit c053e57068
parent 6d20ec3bea
3 changed files with 17 additions and 0 deletions
--- a/helm/minio/templates/deployment.yaml
+++ b/helm/minio/templates/deployment.yaml
@ -120,7 +120,14 @@ spec:
            - name: MINIO_IDENTITY_OPENID_CLIENT_ID
              value: {{ .Values.oidc.clientId }}
            - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
+            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.oidc.existingClientSecretName }}
+                  key: {{ .Values.oidc.existingClientSecretKey }}
+            {{- else }}
              value: {{ .Values.oidc.clientSecret }}
+            {{- end }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
              value: {{ .Values.oidc.claimName }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX
--- a/helm/minio/templates/statefulset.yaml
+++ b/helm/minio/templates/statefulset.yaml
@ -158,7 +158,14 @@ spec:
            - name: MINIO_IDENTITY_OPENID_CLIENT_ID
              value: {{ .Values.oidc.clientId }}
            - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
+            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.oidc.existingClientSecretName }}
+                  key: {{ .Values.oidc.existingClientSecretKey }}
+            {{- else }}
              value: {{ .Values.oidc.clientSecret }}
+            {{- end }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
              value: {{ .Values.oidc.claimName }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX
--- a/helm/minio/values.yaml
+++ b/helm/minio/values.yaml
@ -486,6 +486,9 @@ oidc:
  configUrl: "https://identity-provider-url/.well-known/openid-configuration"
  clientId: "minio"
  clientSecret: ""
+  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientSecret`
+  existingClientSecretName: ""
+  existingClientSecretKey: ""
  claimName: "policy"
  scopes: "openid,profile,email"
  redirectUri: "https://console-endpoint-url/oauth_callback"