Add support for administrators to be provided via helm values (#74)

* added administrators config value in helm chart

Signed-off-by: Shreyas Karnik <[email protected]>

charts/pomerium/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: pomerium
-version: 6.0.3
+version: 6.0.4
 appVersion: 0.6.2
 home: http://www.pomerium.io/
 icon: https://www.pomerium.io/logo-long.svg

charts/pomerium/README.md

@@ -61,7 +61,7 @@ The command removes nearly all the Kubernetes components associated with the cha
 
 ## Pomerium Operator (EXPERIMENTAL)
 
-To provide dynamic pomerium configuration, an [operator](https://github.com/pomerium/pomerium-operator) is being introduced to this chart.  
+To provide dynamic pomerium configuration, an [operator](https://github.com/pomerium/pomerium-operator) is being introduced to this chart.
 
 To enable pomerium-operator, set `operator.enabled` to `true`.  Your existing values should continue to work as-is.  Enabling it will allow you to take advantage of `Service` and `Ingress` annotations to dynamically configure pomerium policies.
 
@@ -105,6 +105,7 @@ A full listing of Pomerium's configuration variables can be found on the [config
 | `nameOverride`                        | Name of the chart.                                                                                                                                                                                                                                                                                 | `pomerium`                                                                            |
 | `fullnameOverride`                    | Full name of the chart.                                                                                                                                                                                                                                                                            | `pomerium`                                                                            |
 | `config.rootDomain`                   | Root Domain specifies the sub-domain handled by pomerium. [See more](https://www.pomerium.io/docs/reference/reference.html#proxy-root-domains).                                                                                                                                                    | `corp.pomerium.io`                                                                    |
+| `config.administrators`     | Comma seperated list of email addresses of administrative users [See more](https://www.pomerium.io/configuration/#administrators).                                                                                                                                                                      | Optional                                                                              |
 | `config.existingSecret`               | Name of the existing Kubernetes Secret.                                                                                                                                                                                                                                                            |                                                                                       |
 | `config.existingConfig`               | Name of the existing Config Map deployed on Kubernetes.                                                                                                                                                                                                                                            |                                                                                       |
 | `config.existingCASecret`             | Name of the existing CA Secret.                                                                                                                                                                                                                                                                    |                                                                                       |

charts/pomerium/templates/authenticate-deployment.yaml

@@ -31,7 +31,7 @@ spec:
       annotations:
         {{- /* policy is already covered by hot-reloading */}}
         {{- if not .Values.operator.enabled }}
-        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}	
+        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}
         {{- end }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- if .Values.podAnnotations }}

charts/pomerium/templates/authorize-deployment.yaml

@@ -33,7 +33,7 @@ spec:
       annotations:
         {{- /* policy is already covered by hot-reloading */}}
         {{- if not .Values.operator.enabled }}
-        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}	
+        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}
         {{- end }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- if .Values.podAnnotations }}

charts/pomerium/templates/cache-deployment.yaml

@@ -31,7 +31,7 @@ spec:
       annotations:
         {{- /* policy is already covered by hot-reloading */}}
         {{- if not .Values.operator.enabled }}
-        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}	
+        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}
         {{- end }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- if .Values.podAnnotations }}

charts/pomerium/templates/configmap.yaml

@@ -35,6 +35,9 @@ data:
 {{- if and .Values.config.existingPolicy .Values.config.policy }}
 {{ fail "Cannot use config.policy with config.existingPolicy" }}
 {{- end }}
+{{- if .Values.config.administrators }}
+    administrators: {{ .Values.config.administrators | quote }}
+{{- end -}}
 {{- if .Values.config.extraOpts }}
 {{ toYaml .Values.config.extraOpts | indent 4 -}}
 {{- end -}}
@@ -55,7 +58,7 @@ data:
     forward_auth_url: https://{{ template "pomerium.forwardAuth.name" . }}
 {{- end -}}
 {{- if .Values.config.policy }}
-    policy: 
+    policy:
 {{ toYaml .Values.config.policy | indent 6 }}
 {{- end -}}
 {{- end }}
@@ -73,4 +76,4 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 
-{{- end }}
+{{- end }}

charts/pomerium/templates/proxy-deployment.yaml

@@ -25,15 +25,15 @@ metadata:
 spec:
   replicas: {{ default .Values.replicaCount .Values.proxy.replicaCount }}
   selector:
-    matchLabels:  
+    matchLabels:
       app.kubernetes.io/name: {{ template "pomerium.proxy.name" . }}
       app.kubernetes.io/instance: {{ .Release.Name }}
   template:
     metadata:
       annotations:
         {{- /* policy is already covered by hot-reloading */}}
         {{- if not .Values.operator.enabled }}
-        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}	
+        checksum/config: {{ print .Values.config.extraOpts | sha256sum }}
         {{- end }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
 {{- if .Values.podAnnotations }}

charts/pomerium/templates/secret.yaml

@@ -19,4 +19,3 @@ data:
   idp-service-account: {{ .Values.authenticate.idp.serviceAccount | b64enc }}
 {{- end }}
 {{- end }}
-

charts/pomerium/values.yaml

@@ -20,6 +20,7 @@ config:
   forceGenerateTLS: false
   extraOpts: {}
   existingPolicy: ""
+  administrators: ""
   policy: []
 
 authenticate: