chore(chart-deps): update oauth2-proxy to version 8.5.0

chart/chart-index/Chart.yaml

@@ -81,7 +81,7 @@ dependencies:
     version: 5.4.0
     repository: https://charts.min.io/
   - name: oauth2-proxy
-    version: 8.3.3
+    version: 8.5.0
     repository: https://oauth2-proxy.github.io/manifests
   - name: opentelemetry-operator
     alias: otel-operator

charts/oauth2-proxy/Chart.yaml

@@ -1,10 +1,10 @@
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Updated OAuth2-Proxy image to v7.13.0
+    - kind: added
+      description: Add HTTPRoutes for Gateway API support
       links:
         - name: Github PR
-          url: https://github.com/oauth2-proxy/manifests/pull/366
+          url: https://github.com/oauth2-proxy/manifests/pull/369
 apiVersion: v2
 appVersion: 7.13.0
 dependencies:
@@ -36,4 +36,4 @@ name: oauth2-proxy
 sources:
 - https://github.com/oauth2-proxy/oauth2-proxy
 - https://github.com/oauth2-proxy/manifests
-version: 8.3.3
+version: 8.5.0

charts/oauth2-proxy/ci/gateway-api-minimal.yaml

@@ -0,0 +1,7 @@
+# Minimal Gateway API configuration with default rule
+gatewayApi:
+  enabled: true
+  gatewayRef:
+    name: minimal-gateway
+  hostnames:
+  - minimal.example.com

charts/oauth2-proxy/ci/gateway-api.yaml

@@ -0,0 +1,17 @@
+# Test values for Gateway API HTTPRoute configuration
+gatewayApi:
+  enabled: true
+  gatewayRef:
+    name: example-gateway
+    namespace: gateway-system
+  hostnames:
+  - oauth.example.com
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /oauth2
+  annotations:
+    example.com/annotation: "value"
+  labels:
+    example.com/label: "value"

charts/oauth2-proxy/templates/httproute.yaml

@@ -0,0 +1,65 @@
+{{- if .Values.gatewayApi.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.portNumber -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    {{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.gatewayApi.labels }}
+{{ toYaml .Values.gatewayApi.labels | indent 4 }}
+{{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+{{- with .Values.gatewayApi.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+spec:
+  {{- if .Values.gatewayApi.gatewayRef.name }}
+  parentRefs:
+  - name: {{ .Values.gatewayApi.gatewayRef.name }}
+    {{- if .Values.gatewayApi.gatewayRef.namespace }}
+    namespace: {{ .Values.gatewayApi.gatewayRef.namespace }}
+    {{- end }}
+  {{- end }}
+  {{- if .Values.gatewayApi.hostnames }}
+  hostnames:
+  {{- range .Values.gatewayApi.hostnames }}
+  - {{ tpl . $ | quote }}
+  {{- end }}
+  {{- end }}
+  rules:
+  {{- if .Values.gatewayApi.rules }}
+  {{- range .Values.gatewayApi.rules }}
+  - matches:
+    {{- if .matches }}
+    {{- toYaml .matches | nindent 4 }}
+    {{- else }}
+    - path:
+        type: PathPrefix
+        value: /
+    {{- end }}
+    backendRefs:
+    {{- if .backendRefs }}
+    {{- toYaml .backendRefs | nindent 4 }}
+    {{- else }}
+    - name: {{ $serviceName }}
+      port: {{ $servicePort }}
+    {{- end }}
+    {{- if .filters }}
+    filters:
+    {{- toYaml .filters | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- else }}
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: {{ $serviceName }}
+      port: {{ $servicePort }}
+  {{- end }}
+{{- end -}}

charts/oauth2-proxy/templates/serviceaccount.yaml

@@ -17,6 +17,10 @@ metadata:
 {{- $labels | indent 4 }}
   name: {{ $saName }}
   namespace: {{ $namespace }}
+{{- with .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+{{ toYaml . | indent 2 }}
+{{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
 {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
 ---

charts/oauth2-proxy/values.yaml

@@ -31,8 +31,7 @@ config:
   # The name of the cookie that oauth2-proxy will create
   # If left empty, it will default to the release name
   cookieName: ""
-  google:
-    {}
+  google: {}
     # adminEmail: xxxx
     # useApplicationDefaultCredentials: true
     # targetPrincipal: xxxx
@@ -84,8 +83,7 @@ image:
 # Optionally specify an array of imagePullSecrets.
 # Secrets must be manually created in the namespace.
 # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
-imagePullSecrets:
-  []
+imagePullSecrets: []
   # - name: myRegistryKeySecretName
 
 # Set a custom containerPort if required.
@@ -176,6 +174,9 @@ serviceAccount:
   name:
   automountServiceAccountToken: true
   annotations: {}
+  ## imagePullSecrets for the service account
+  imagePullSecrets: []
+    # - name: myRegistryKeySecretName
 
 # Network policy settings.
 networkPolicy:
@@ -212,8 +213,35 @@ ingress:
   #   hosts:
   #     - chart-example.local
 
-resources:
-  {}
+# Gateway API HTTPRoute configuration
+# Ref: https://gateway-api.sigs.k8s.io/api-types/httproute/
+gatewayApi:
+  enabled: false
+  # The name of the Gateway resource to attach the HTTPRoute to
+  # Example:
+  # gatewayRef:
+  #   name: gateway
+  #   namespace: gateway-system
+  gatewayRef:
+    name: ""
+    namespace: ""
+  # HTTPRoute rule configuration
+  # rules:
+  # - matches:
+  #   - path:
+  #       type: PathPrefix
+  #       value: /
+  rules: []
+  # Hostnames to match in the HTTPRoute
+  # hostnames:
+  # - chart-example.local
+  hostnames: []
+  # Additional labels to add to the HTTPRoute
+  labels: {}
+  # Additional annotations to add to the HTTPRoute
+  annotations: {}
+
+resources: {}
   # limits:
   #   cpu: 100m
   #   memory: 300Mi
@@ -229,26 +257,22 @@ resizePolicy: []
   # - resourceName: memory
   #   restartPolicy: RestartContainer
 
-extraVolumes:
-  []
+extraVolumes: []
   # - name: ca-bundle-cert
   #   secret:
   #     secretName: <secret-name>
 
-extraVolumeMounts:
-  []
+extraVolumeMounts: []
   # - mountPath: /etc/ssl/certs/
   #   name: ca-bundle-cert
 
 # Additional containers to be added to the pod.
-extraContainers:
-  []
+extraContainers: []
   #  - name: my-sidecar
   #    image: nginx:latest
 
 # Additional Init containers to be added to the pod.
-extraInitContainers:
-  []
+extraInitContainers: []
   #  - name: wait-for-idp
   #    image: my-idp-wait:latest
   #    command:
@@ -348,8 +372,7 @@ autoscaling:
   annotations: {}
   # Configure HPA behavior policies for scaling if needed
   # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior
-  behavior:
-    {}
+  behavior: {}
     # scaleDown:
     #   stabilizationWindowSeconds: 300
     #   policies:
@@ -402,8 +425,7 @@ initContainers:
       seccompProfile:
         type: RuntimeDefault
     timeout: 180
-    resources:
-      {}
+    resources: {}
       # limits:
       #   cpu: 100m
       #   memory: 300Mi
@@ -544,8 +566,7 @@ metrics:
     #   action: replace
 
 # Extra K8s manifests to deploy
-extraObjects:
-  []
+extraObjects: []
   # - apiVersion: secrets-store.csi.x-k8s.io/v1
   #   kind: SecretProviderClass
   #   metadata: