From c7b1db13ad8ef237dc477dadda281fec362b016a Mon Sep 17 00:00:00 2001
From: Fiete Ostkamp <fiete.ostkamp@telekom.de>
Date: Wed, 12 Nov 2025 16:07:04 +0100
Subject: [PATCH] [oauth2-proxy] Upgrade oauth2-proxy chart

- upgrade oauth-proxy chart (7.8.0 -> 8.3.3)
- notably, this change includes a move from
  bitnami/redis to dandydev/redis-ha

Issue-ID: OOM-3355
Change-Id: If83a0710b575d73d8c1e2343ba4ec64b97642ac9
Signed-off-by: Fiete Ostkamp <fiete.ostkamp@telekom.de>
---
 kubernetes/authentication/Chart.yaml  |  4 ++--
 kubernetes/authentication/values.yaml | 29 +++++------------------------
 2 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/kubernetes/authentication/Chart.yaml b/kubernetes/authentication/Chart.yaml
index 9eeb0e4e61..83006d956b 100644
--- a/kubernetes/authentication/Chart.yaml
+++ b/kubernetes/authentication/Chart.yaml
@@ -16,7 +16,7 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 apiVersion: v2
-version: 15.0.1
+version: 15.1.0
 description: ONAP Realm creation, Oauth2Proxy installation and configuration
 name: authentication
 sources:
@@ -33,5 +33,5 @@ dependencies:
     version: 6.2.1
     repository: 'file://components/keycloak-config-cli'
   - name: oauth2-proxy
-    version: 7.8.0
+    version: 8.3.3
     repository: https://oauth2-proxy.github.io/manifests
diff --git a/kubernetes/authentication/values.yaml b/kubernetes/authentication/values.yaml
index 70ec9b4ecc..0d16eb7b4a 100644
--- a/kubernetes/authentication/values.yaml
+++ b/kubernetes/authentication/values.yaml
@@ -24,12 +24,6 @@ global:
       # postfix for baseaddr
       # can be overwritten in component by setting ingress.postaddrOverride
       postaddr: ""
-  imagePullSecrets:
-    - '{{ include "common.names.namespace" . }}-docker-registry-key'
-
-  # Workaround to avoid redis restarts with ArgoCD
-  redis:
-    password: "32ugd3783rhfjdhow"
   # *************************************************
 
 
@@ -94,8 +88,7 @@ onap-keycloak-config-cli:
 oauth2-proxy:
   # Addition for oauth2-proxy deployment
   imagePullSecrets:
-    - name: '{{ include "common.namespace" . }}-docker-registry-key'
-
+    - name: 'onap-docker-registry-key'
   securityContext:
     capabilities:
       drop:
@@ -147,35 +140,23 @@ oauth2-proxy:
     type: redis
     redis:
       # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
-      existingSecret: "onap-authentication-redis"
-      # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
-      password: ""
-      # Key of the Kubernetes secret data containing the redis password value
-      passwordKey: "redis-password"
+      # existingSecret: "onap-authentication-redis-ha"
       # Can be one of standalone|cluster|sentinel
       clientType: "sentinel"
-      standalone:
-        # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
-        connectionUrl: ""
-      cluster:
-        # List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
-        connectionUrls: []
       sentinel:
-        # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
-        existingSecret: ""
-        # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
-        password: ""
         # Key of the Kubernetes secret data containing the redis sentinel password value
         passwordKey: "redis-password"
         # Redis sentinel master name
         masterName: "mymaster"
         # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
-        connectionUrls: "redis://onap-authentication-redis-node-0.onap-authentication-redis-headless.onap:26379,redis://onap-authentication-redis-node-1.onap-authentication-redis-headless.onap:26379,redis://onap-authentication-redis-node-2.onap-authentication-redis-headless.onap:26379"
+        connectionUrls: "redis://onap-authentication-redis-announce-0.onap:26379,redis://onap-authentication-redis-announce-1.onap:26379,redis://onap-authentication-redis-announce-2.onap:26379"
 
   # Enables and configure the automatic deployment of the redis subchart
   redis:
     # provision an instance of the redis sub-chart
     enabled: true
+    redis:
+      password: "32ugd3783rhfjdhow"
     master:
       containerSecurityContext:
         capabilities:
-- 
2.16.6