This PR configures spec.reporting-operator.spec.authProxy
by default.
Like other PRs, we do this using the top-level spec.tls.enabled
key, which is set to true by default.
When you run a minimal meteringconfig CR (still need to specify some sort of storage), the ansible-operator will set authProxy.enabled: true
.
We check if a authProxy.cookie.secretName: reporting-operator-auth-proxy-cookie-seed
already exists. If it does, we pull the existing data out, and let ansible re-template/re-create that secret.
However, if that secret name doesn't exist, we generate a random 32-bit character string, and create the cookie seed secret using that value.
As a reminder, if you want to manually configure TLS/auth yourself, you would need to set spec.tls.enabled: false
in your meteringconfig CR.