tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2e2b8b329d
browsertrix/chart/templates/secrets.yaml
Ilya Kreymer 2e2b8b329d
Add signing server via authsign (k8s only) (#107) 
- add k8s deployment of signing server, if 'signer.enabled' chart value if set
- update ingress to provide access for 'signer.host' if signing server enabled to verify domain, run signing server itself on different port (also turn off ssl redirects to support signing server)
- set WACZ_SIGN_URL and WACZ_SIGN_TOKEN (supported in browesertrix-crawler 0.5.0)
- authsign deployment uses a volume to store current certs
- add sample signer block, with signing disabled by default
2022-01-26 23:27:13 -08:00

62 lines
1.8 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Secret
metadata:
name: auth-secrets
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
PASSWORD_SECRET: "{{ .Values.api_password_secret }}"
{{- if .Values.minio_local }}
{{- with (first .Values.storages) }}
MINIO_ROOT_USER: "{{ .access_key }}"
MINIO_ROOT_PASSWORD: "{{ .secret_key }}"
MC_HOST: "{{ $.Values.minio_scheme }}://{{ .access_key }}:{{ .secret_key }}@{{ $.Values.minio_host }}"
{{- end }}
{{- end }}
EMAIL_SMTP_PORT: "{{ .Values.email.smtp_port }}"
EMAIL_SMTP_HOST: "{{ .Values.email.smtp_host }}"
EMAIL_SENDER: "{{ .Values.email.sender_email }}"
EMAIL_PASSWORD: "{{ .Values.email.password }}"
SUPERUSER_EMAIL: "{{ .Values.superuser.email }}"
SUPERUSER_PASSWORD: "{{ .Values.superuser.password }}"
{{- range $storage := .Values.storages }}
---
apiVersion: v1
kind: Secret
metadata:
name: storage-{{ $storage.name }}
namespace: {{ $.Values.crawler_namespace }}
type: Opaque
stringData:
STORE_ACCESS_KEY: "{{ $storage.access_key }}"
STORE_SECRET_KEY: "{{ $storage.secret_key }}"
{{- if $storage.bucket_name }}
STORE_ENDPOINT_URL: "{{ $storage.endpoint_url }}{{ $storage.bucket_name }}"
{{- else }}
STORE_ENDPOINT_URL: "{{ $storage.endpoint_url }}"
{{- end }}
{{- if $storage.access_endpoint_url }}
STORE_ACCESS_ENDPOINT_URL: "{{ $storage.access_endpoint_url }}"
{{- else if and $.Values.ingress.host $.Values.minio_local }}
STORE_ACCESS_ENDPOINT_URL: {{ $.Values.ingress.scheme | default "https" }}://{{ $.Values.ingress.host }}/data/{{ $storage.bucket_name }}/
{{- else }}
STORE_ACCESS_ENDPOINT_URL: "{{ $storage.endpoint_url }}"
{{- end }}
{{- if $.Values.signer.auth_token }}
WACZ_SIGN_TOKEN: "{{ $.Values.signer.auth_token }}"
WACZ_SIGN_URL: "http://auth-signer.default:5053/sign"
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink