Merge branch 'main' into fix/rwx-pvc-resource-map-groups-4310

Author: devsubid

.github/workflows/helm-chart-release.yml

@@ -80,10 +80,9 @@ jobs:
 
       - name: Push Charts to GHCR
         run: |
-          for pkg in .cr-release-packages/*; do
+          for pkg in .cr-release-packages/*.tgz; do
             if [ -z "${pkg:-}" ]; then
               break
             fi
-
             helm push "${pkg}" oci://ghcr.io/${{ github.repository }}/charts
           done

charts/headlamp/README.md

@@ -90,7 +90,7 @@ $ helm install my-headlamp headlamp/headlamp \
 | config.oidc.secret.name | string | `"oidc"` | Name of the OIDC secret |
 | config.oidc.externalSecret.enabled | bool | `false` | Enable using external secret for OIDC |
 | config.oidc.externalSecret.name | string | `""` | Name of external OIDC secret |
-| config.oidc.meUserInfoURL | string | `""` | URL to fetch additional user info for the /me endpoint. For oauth2proxy /oauth2/userinfo can be used. |
+| config.oidc.meUserInfoURL | string | `""` | URL to fetch additional user info for the /me endpoint. Useful for providers like oauth2-proxy. |
 
 There are three ways to configure OIDC:
 
@@ -102,6 +102,7 @@ config:
     clientSecret: "your-client-secret"
     issuerURL: "https://your-issuer"
     scopes: "openid profile email"
+    meUserInfoURL: "https://headlamp.example.com/oauth2/userinfo"
 ```
 
 2. Using automatic secret creation:

charts/headlamp/templates/deployment.yaml

@@ -212,7 +212,7 @@ spec:
             {{- end }}
             {{- if $oidc.useAccessToken }}
             - name: OIDC_USE_ACCESS_TOKEN
-              value: {{ $oidc.useAccessToken }}
+              value: {{ $oidc.useAccessToken | quote }}
             {{- end }}
             {{- if $oidc.usePKCE }}
             - name: OIDC_USE_PKCE
@@ -388,6 +388,9 @@ spec:
               {{- toYaml $defaultSC | nindent 12 }}
             {{- end }}
         {{- end }}
+        {{- with .Values.extraContainers }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/headlamp/templates/secret.yaml

@@ -34,5 +34,8 @@ data:
 {{- with .usePKCE }}
   usePKCE: {{ . | toString | b64enc | quote }}
 {{- end }}
+{{- with .meUserInfoURL }}
+  meUserInfoURL: {{ . | b64enc | quote }}
+{{- end }}
 {{- end }}
 {{- end }}

charts/headlamp/tests/expected_templates/me-user-info-url.yaml

@@ -20,6 +20,7 @@ metadata:
   namespace: default
 type: Opaque
 data:
+  meUserInfoURL: "L29hdXRoMi91c2VyaW5mb2N1c3RvbTI="
 ---
 # Source: headlamp/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1

charts/headlamp/tests/expected_templates/oidc-validator-overrides.yaml

@@ -111,7 +111,7 @@ spec:
             - name: OIDC_VALIDATOR_ISSUER_URL
               value: overriddenIssuerURL
             - name: OIDC_USE_ACCESS_TOKEN
-              value: true
+              value: "true"
           args:
             - "-in-cluster"
             - "-in-cluster-context-name=main"

charts/headlamp/values.yaml

@@ -28,6 +28,9 @@ namespaceOverride: ""
 # -- An optional list of init containers to be run before the main containers.
 initContainers: []
 
+# -- An optional list of extra containers to be run along side the main containers.
+extraContainers: []
+
 config:
   inCluster: true
   inClusterContextName: "main"

docs/installation/in-cluster/dex/index.md

@@ -157,10 +157,10 @@ To configure Headlamp, you can use the Headlamp Helm chart. Follow these steps t
 ```yaml title="values.yaml"
 config:
   oidc:
-  clientID: "<YOUR-CLIENT-ID>"
-  clientSecret: "<YOUR-CLIENT-SECRET>"
-  issuerURL: "<YOUR-DEX-URL>"
-  scopes: "email"
+    clientID: "<YOUR-CLIENT-ID>"
+    clientSecret: "<YOUR-CLIENT-SECRET>"
+    issuerURL: "<YOUR-DEX-URL>"
+    scopes: "email"
 ```
 
 Replace `<YOUR-CLIENT-ID>`,`<YOUR-CLIENT-SECRET>`,`<YOUR-DEX-URL>` with your specific OIDC configuration details.