allow overriding csrfkey with custom value

kubernetes · Apr 9, 2024 · a409053 · a409053
1 parent 3f286ca
commit a409053
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/charts/kubernetes-dashboard/templates/_helpers.tpl b/charts/kubernetes-dashboard/templates/_helpers.tpl
@@ -78,7 +78,9 @@ app.kubernetes.io/part-of: {{ include "kubernetes-dashboard.name" . }}
 {{- define "kubernetes-dashboard.app.csrf.secret.value" -}}
 {{- $secretName := (include "kubernetes-dashboard.app.csrf.secret.name" .) -}}
 {{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName -}}
-{{- if and $secret (hasKey $secret "data") (hasKey $secret.data "private.key") (index $secret.data "private.key") -}}
+{{- if .Values.app.security.csrfKey }}
+private.key: {{ .Values.app.security.csrfKey | b64enc | quote }}
+{{- else if and $secret (hasKey $secret "data") (hasKey $secret.data "private.key") (index $secret.data "private.key") -}}
 private.key: {{ index $secret.data "private.key" }}
 {{- else -}}
 private.key: {{ randBytes 256 | b64enc | quote }}

diff --git a/charts/kubernetes-dashboard/values.yaml b/charts/kubernetes-dashboard/values.yaml
@@ -26,6 +26,10 @@ app:
     # Ref: https://kubernetes.io/docs/user-guide/node-selection/
     nodeSelector: {}
   security:
+    # Allow overriding csrfKey used by API/Auth containers.
+    # It has to be base64 encoded random 256 bytes string.
+    # If empty, it will be autogenerated.
+    csrfKey: ~
     # SecurityContext to be added to pods
     # To disable set the following configuration to null:
     # securityContext: null