You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: helm/oauth2-proxy/README.md
+60-4Lines changed: 60 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -127,7 +127,7 @@ The following table lists the configurable parameters of the oauth2-proxy chart
127
127
|`autoscaling.targetCPUUtilizationPercentage`| Horizontal Pod Autoscaler setting. |`80`|
128
128
|`autoscaling.targetMemoryUtilizationPercentage`| Horizontal Pod Autoscaler setting. | `` |
129
129
|`autoscaling.annotations`| Horizontal Pod Autoscaler annotations. |`{}`|
130
-
|`autoscaling.behavior`| Configure HPA behavior policies for scaling. See [docs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior)|`{}`|
130
+
|`autoscaling.behavior`| Configure HPA behavior policies for scaling. See [docs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior)|`{}`|
131
131
|`alphaConfig.enabled`| Flag to toggle any alpha config-related logic |`false`|
|`gatewayApi.enabled`| Enable Gateway API HTTPRoute |`false`|
174
+
|`gatewayApi.gatewayRef.name`| Name of the Gateway resource to attach the HTTPRoute to |`""`|
175
+
|`gatewayApi.gatewayRef.namespace`| Namespace of the Gateway resource |`""`|
176
+
|`gatewayApi.hostnames`| Hostnames to match in the HTTPRoute |`[]`|
177
+
|`gatewayApi.rules`| HTTPRoute rule configuration. If not specified, a default rule with PathPrefix `/` will be created |`[]`|
178
+
|`gatewayApi.labels`| Additional labels to add to the HTTPRoute |`{}`|
179
+
|`gatewayApi.annotations`| Additional annotations to add to the HTTPRoute |`{}`|
173
180
|`initContainers.waitForRedis.enabled`| If `redis.enabled` is true, use an init container to wait for the Redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list, and watch the Redis master pod |`true`|
|`initContainers.waitForRedis.kubectlVersion`| kubectl version to use for the init container |`printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor \| replace "+" "")`|
177
184
|`initContainers.waitForRedis.securityContext.enabled`| enable Kubernetes security context on container |`true`|
178
185
|`initContainers.waitForRedis.timeout`| number of seconds | 180 |
@@ -191,7 +198,7 @@ The following table lists the configurable parameters of the oauth2-proxy chart
191
198
|`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true |
192
199
|`podDisruptionBudget.maxUnavailable`| maxUnavailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | null |
193
200
|`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | 1 |
194
-
|`podDisruptionBudget.unhealthyPodEvictionPolicy`| Policy for when unhealthy pods should be considered for eviction. Valid values are "IfHealthyBudget" and "AlwaysAllow". See [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)|`""`|
201
+
|`podDisruptionBudget.unhealthyPodEvictionPolicy`| Policy for when unhealthy pods should be considered for eviction. Valid values are "IfHealthyBudget" and "AlwaysAllow". See [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)|`""`|
195
202
|`podSecurityContext`| Kubernetes security context to apply to pod |`{}`|
196
203
|`priorityClassName`| priorityClassName |`nil`|
197
204
|`readinessProbe.enabled`| enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks)|`true`|
@@ -201,7 +208,7 @@ The following table lists the configurable parameters of the oauth2-proxy chart
201
208
|`readinessProbe.successThreshold`| number of successes | 1 |
202
209
|`replicaCount`| desired number of pods |`1`|
203
210
|`resources`| pod resource requests & limits |`{}`|
204
-
|`resizePolicy`| Container resize policy for runtime resource updates. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/)|`[]`|
211
+
|`resizePolicy`| Container resize policy for runtime resource updates. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/)|`[]`|
205
212
|`revisionHistoryLimit`| maximum number of revisions maintained | 10 |
206
213
|`service.portNumber`| port number for the service |`80`|
207
214
|`service.appProtocol`| application protocol on the port of the service |`http`|
> **Tip**: You can use the default [values.yaml](values.yaml)
275
282
283
+
## Gateway API HTTPRoute Configuration
284
+
285
+
This chart supports using [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) HTTPRoute resources as an alternative to traditional Ingress resources. To use Gateway API:
286
+
287
+
1. Ensure the Gateway API CRDs are installed in your cluster
288
+
2. Create a Gateway resource (or use an existing one)
289
+
3. Configure the chart to create an HTTPRoute
290
+
291
+
### Basic Gateway API Configuration
292
+
293
+
```yaml
294
+
gatewayApi:
295
+
enabled: true
296
+
gatewayRef:
297
+
name: my-gateway
298
+
namespace: gateway-system
299
+
hostnames:
300
+
- oauth.example.com
301
+
```
302
+
303
+
### Advanced Gateway API Configuration with Custom Rules
304
+
305
+
```yaml
306
+
gatewayApi:
307
+
enabled: true
308
+
gatewayRef:
309
+
name: my-gateway
310
+
namespace: gateway-system
311
+
hostnames:
312
+
- oauth.example.com
313
+
rules:
314
+
- matches:
315
+
- path:
316
+
type: PathPrefix
317
+
value: /oauth2
318
+
filters:
319
+
- type: RequestHeaderModifier
320
+
requestHeaderModifier:
321
+
add:
322
+
- name: X-Auth-Request
323
+
value: "true"
324
+
labels:
325
+
app: oauth2-proxy
326
+
annotations:
327
+
example.com/annotation: "value"
328
+
```
329
+
330
+
If you don't specify custom rules, the chart will create a default rule that matches all paths with `PathPrefix: /` and routes to the oauth2-proxy service.
0 commit comments