Skip to content

chore(chart-deps): update oauth2-proxy to version 7.15.1 #2405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

chore(chart-deps): update oauth2-proxy to version 7.15.1 #2405

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
03bd21c
chore(chart-deps): update oauth2-proxy to version 7.15.1
svcAPLBot Aug 1, 2025
9f46129
Merge remote-tracking branch 'origin/main' into ci-update-oauth2-prox…
svcAPLBot Aug 1, 2025
ffb3785
Merge remote-tracking branch 'origin/main' into ci-update-oauth2-prox…
svcAPLBot Aug 1, 2025
88f53a0
Merge remote-tracking branch 'origin/main' into ci-update-oauth2-prox…
svcAPLBot Aug 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion chart/chart-index/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ dependencies:
version: 11.10.13
repository: https://charts.bitnami.com/bitnami
- name: oauth2-proxy
version: 7.12.18
version: 7.15.1
repository: https://oauth2-proxy.github.io/manifests
- name: opentelemetry-operator
alias: otel-operator
Expand Down
6 changes: 3 additions & 3 deletions charts/oauth2-proxy/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 21.2.3
digest: sha256:43cdc9bb861291fef9537f0d7186fc8db6eba1a42df5d23ddb9a39ac7917702e
generated: "2025-06-11T07:39:11.941597009Z"
version: 21.2.13
digest: sha256:30d0d639dffab461d6ba8e398dca14de7c3f798a07111c851dc2b60d685bc24e
generated: "2025-07-31T07:39:57.497794176Z"
8 changes: 4 additions & 4 deletions charts/oauth2-proxy/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ annotations:
description: Updated the Redis chart to the latest version
links:
- name: Github PR
url: https://github.com/oauth2-proxy/manifests/pull/316
url: https://github.com/oauth2-proxy/manifests/pull/327
apiVersion: v2
appVersion: 7.9.0
appVersion: 7.10.0
dependencies:
- alias: redis
condition: redis.enabled
name: redis
repository: https://charts.bitnami.com/bitnami
version: 21.2.3
version: 21.2.13
description: A reverse proxy that provides authentication with Google, Github or other
providers
home: https://oauth2-proxy.github.io/oauth2-proxy/
Expand All @@ -36,4 +36,4 @@ name: oauth2-proxy
sources:
- https://github.com/oauth2-proxy/oauth2-proxy
- https://github.com/oauth2-proxy/manifests
version: 7.12.18
version: 7.15.1
7 changes: 6 additions & 1 deletion charts/oauth2-proxy/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,8 @@ The following table lists the configurable parameters of the oauth2-proxy chart
| `podAnnotations` | annotations to add to each pod | `{}` |
| `podLabels` | additional labels to add to each pod | `{}` |
| `podDisruptionBudget.enabled` | Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true |
| `podDisruptionBudget.minAvailable` | minAvailable parameter for PodDisruptionBudget | 1 |
| `podDisruptionBudget.maxUnavailable` | maxUnavailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | null |
| `podDisruptionBudget.minAvailable` | minAvailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null | 1 |
| `podSecurityContext` | Kubernetes security context to apply to pod | `{}` |
| `priorityClassName` | priorityClassName | `nil` |
| `readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true` |
Expand All @@ -199,6 +200,10 @@ The following table lists the configurable parameters of the oauth2-proxy chart
| `service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil` |
| `service.nodePort` | external port number for the service when service.type is `NodePort` | `nil` |
| `service.targetPort` | (optional) a numeric port number (e.g., 80) or a port name defined in the pod's container(s) (e.g., http) | `""` |
| `service.ipDualStack.enabled` | enable IPv4/IPv6 dual-stack for the service | `false` |
| `service.ipDualStack.ipFamilies` | ip families for the service if IPv4/IPv6 dual-stack is enabled | `["IPv6", "IPv4"]` |
| `service.ipDualStack.ipFamilyPolicy` | ip family policy for the service if IPv4/IPv6 dual-stack is enabled | `"PreferDualStack"` |
| `service.trafficDistribution` | traffic distribution policy for the service. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution) | `""` |
| `serviceAccount.enabled` | create a service account | `true` |
| `serviceAccount.name` | the service account name | `` |
| `serviceAccount.annotations` | (optional) annotations for the service account | `{}` |
Expand Down
14 changes: 7 additions & 7 deletions charts/oauth2-proxy/charts/redis/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,19 @@ annotations:
category: Database
images: |
- name: kubectl
image: docker.io/bitnami/kubectl:1.33.1-debian-12-r5
image: docker.io/bitnami/kubectl:1.33.3-debian-12-r0
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r46
image: docker.io/bitnami/os-shell:12-debian-12-r48
- name: redis
image: docker.io/bitnami/redis:8.0.2-debian-12-r3
image: docker.io/bitnami/redis:8.0.3-debian-12-r1
- name: redis-exporter
image: docker.io/bitnami/redis-exporter:1.74.0-debian-12-r0
image: docker.io/bitnami/redis-exporter:1.74.0-debian-12-r2
- name: redis-sentinel
image: docker.io/bitnami/redis-sentinel:8.0.2-debian-12-r2
image: docker.io/bitnami/redis-sentinel:8.0.3-debian-12-r1
licenses: Apache-2.0
tanzuCategory: service
apiVersion: v2
appVersion: 8.0.2
appVersion: 8.0.3
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
Expand All @@ -36,4 +36,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 21.2.3
version: 21.2.13
22 changes: 22 additions & 0 deletions charts/oauth2-proxy/charts/redis/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,17 @@ helm install my-release oci://registry-1.docker.io/bitnamicharts/redis

Looking to use Redis® in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.

## ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog

Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:

- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.

These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

## Introduction

This chart bootstraps a [Redis®](https://github.com/bitnami/containers/tree/main/bitnami/redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Expand Down Expand Up @@ -93,6 +104,17 @@ Bitnami will release a new chart updating its containers if a new version of the

To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter.

### Load custom modules in Redis®

You can use the `commonConfiguration` parameter to specify the modules to load. For example, to load the RediSearch, RedisBloom, RedisJSON and RedisTimeSeries modules supported from Redis® 8+, you can set the following:

```yaml
commonConfiguration: |
loadmodule /opt/bitnami/redis/lib/redis/modules/redisbloom.so
loadmodule /opt/bitnami/redis/lib/redis/modules/redisearch.so
loadmodule /opt/bitnami/redis/lib/redis/modules/rejson.so
loadmodule /opt/bitnami/redis/lib/redis/modules/redistimeseries.so

### Bootstrapping with an External Cluster

This chart is equipped with the ability to bring online a set of Pods that connect to an existing Redis deployment that lies outside of Kubernetes. This effectively creates a hybrid Redis Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Redis Deployment. This is helpful in situations where one may be migrating Redis from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration:
Expand Down
2 changes: 1 addition & 1 deletion charts/oauth2-proxy/charts/redis/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}

Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.
NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267

** Please be patient while the chart is being deployed **

Expand Down
62 changes: 53 additions & 9 deletions charts/oauth2-proxy/charts/redis/templates/scripts-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -534,9 +534,9 @@ data:

run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
redis-cli -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
redis-cli -p "$REDIS_SENTINEL_PORT" sentinel "$@"
fi
}
sentinel_failover_finished() {
Expand All @@ -545,8 +545,6 @@ data:
[[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
}

REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"

{{ if .Values.auth.sentinel -}}
# redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
Expand Down Expand Up @@ -583,10 +581,45 @@ data:
}
is_master() {
REDIS_ROLE=$(run_redis_command role | head -1)
echo "REDIS_ROLE: $REDIS_ROLE"
[[ "$REDIS_ROLE" == "master" ]]
}

{{- if .Values.sentinel.externalAccess.enabled }}
{{- if .Values.sentinel.externalAccess.service.loadBalancerIP }}

SERVICE_NAMES="{{
$fullname := include "common.names.fullname" . -}}
{{- range $i, $e := .Values.sentinel.externalAccess.service.loadBalancerIP -}}
{{- if $i }} {{ end }}{{ printf "%s-svc-%d" $fullname $i }}
{{- end }}"
SERVICE_IPS="{{- range $i, $ip := .Values.sentinel.externalAccess.service.loadBalancerIP -}}
{{- if $i }} {{ end }}{{ $ip }}
{{- end }}"


# Helper function to get IP by service name
get_service_ip() {
search_name="$1"
set -- $SERVICE_NAMES
for i in $(seq 1 $#); do
eval name=\${$i}
if [ "$name" = "$search_name" ]; then
set -- $SERVICE_IPS
eval echo \${$i}
return 0
fi
done
return 1
}

SVC_NAME=$(hostname | sed 's/node/svc/g')
EXTERNAL_SERVICE="$SVC_NAME.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
{{- else }}
HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
{{- end }}
{{- end }}


get_full_hostname() {
hostname="$1"
Expand Down Expand Up @@ -617,19 +650,30 @@ data:

run_sentinel_command() {
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
else
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -p "$REDIS_SENTINEL_PORT" sentinel "$@"
fi
}

sentinel_failover_finished() {
REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}"))
echo "REDIS_SENTINEL_INFO: $REDIS_SENTINEL_INFO"
REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
echo "REDIS_MASTER_HOST: $REDIS_MASTER_HOST"
{{- if .Values.sentinel.externalAccess.enabled }}
# Get the current service name and its IP
CURRENT_SERVICE_NAME="$SVC_NAME"
echo "CURRENT_SERVICE_NAME: $CURRENT_SERVICE_NAME"
CURRENT_SERVICE_IP=$(get_service_ip "$CURRENT_SERVICE_NAME")
echo "CURRENT_SERVICE_IP: $CURRENT_SERVICE_IP"
[[ "$REDIS_MASTER_HOST" != "$CURRENT_SERVICE_IP" ]]
{{- else }}
echo "REDIS_MASTER_HOST: $(get_full_hostname $HOSTNAME)"
[[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
{{- end }}
}

REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"

# redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
[[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")"
Expand Down Expand Up @@ -867,4 +911,4 @@ data:
exit
fi
done
{{- end }}
{{- end }}
Loading