diff --git a/charts/kellnr/templates/_helpers.tpl b/charts/kellnr/templates/_helpers.tpl index 4dd3368..40a0a88 100644 --- a/charts/kellnr/templates/_helpers.tpl +++ b/charts/kellnr/templates/_helpers.tpl @@ -91,4 +91,172 @@ Note: Helm templates don't have a "bytes" unit here; we can only validate string {{- end -}} {{- end }} +{{/* +Generate Kellnr environment variables. +Only generate variables if they are explicitly set (not null) in values.yaml. +Note: We avoid using "{{- if" and "{{- end" inside to prevent stripping newlines between variables. +*/}} +{{- define "kellnr.envVars" -}} +{{ if not (eq .Values.kellnr.setup.adminPwd nil) }} +KELLNR_SETUP__ADMIN_PWD: {{ .Values.kellnr.setup.adminPwd | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.setup.adminToken nil) }} +KELLNR_SETUP__ADMIN_TOKEN: {{ .Values.kellnr.setup.adminToken | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.dataDir nil) }} +KELLNR_REGISTRY__DATA_DIR: {{ .Values.kellnr.registry.dataDir | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.sessionAgeSeconds nil) }} +KELLNR_REGISTRY__SESSION_AGE_SECONDS: {{ .Values.kellnr.registry.sessionAgeSeconds | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.cacheSize nil) }} +KELLNR_REGISTRY__CACHE_SIZE: {{ .Values.kellnr.registry.cacheSize | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.maxCrateSize nil) }} +KELLNR_REGISTRY__MAX_CRATE_SIZE: {{ .Values.kellnr.registry.maxCrateSize | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.maxDbConnections nil) }} +KELLNR_REGISTRY__MAX_DB_CONNECTIONS: {{ .Values.kellnr.registry.maxDbConnections | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.authRequired nil) }} +KELLNR_REGISTRY__AUTH_REQUIRED: {{ .Values.kellnr.registry.authRequired | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.allowOwnerlessCrates nil) }} +KELLNR_REGISTRY__ALLOW_OWNERLESS_CRATES: {{ .Values.kellnr.registry.allowOwnerlessCrates | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.token.cache.enabled nil) }} +KELLNR_REGISTRY__TOKEN_CACHE_ENABLED: {{ .Values.kellnr.registry.token.cache.enabled | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.token.cache.ttlSeconds nil) }} +KELLNR_REGISTRY__TOKEN_CACHE_TTL_SECONDS: {{ .Values.kellnr.registry.token.cache.ttlSeconds | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.token.cache.maxCapacity nil) }} +KELLNR_REGISTRY__TOKEN_CACHE_MAX_CAPACITY: {{ .Values.kellnr.registry.token.cache.maxCapacity | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.token.db.retryCount nil) }} +KELLNR_REGISTRY__TOKEN_DB_RETRY_COUNT: {{ .Values.kellnr.registry.token.db.retryCount | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.token.db.retryDelayMs nil) }} +KELLNR_REGISTRY__TOKEN_DB_RETRY_DELAY_MS: {{ .Values.kellnr.registry.token.db.retryDelayMs | quote }} +{{ end }} +{{ $cookieKey := include "kellnr.cookieSigningKey" . }} +{{ if ne $cookieKey "" }} +KELLNR_REGISTRY__COOKIE_SIGNING_KEY: {{ $cookieKey | quote }} +{{ end }} +{{ if .Values.kellnr.registry.requiredCrateFields }} +KELLNR_REGISTRY__REQUIRED_CRATE_FIELDS: {{ .Values.kellnr.registry.requiredCrateFields | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.registry.newCratesRestricted nil) }} +KELLNR_REGISTRY__NEW_CRATES_RESTRICTED: {{ .Values.kellnr.registry.newCratesRestricted | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.docs.enabled nil) }} +KELLNR_DOCS__ENABLED: {{ .Values.kellnr.docs.enabled | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.docs.maxSize nil) }} +KELLNR_DOCS__MAX_SIZE: {{ .Values.kellnr.docs.maxSize | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.proxy.enabled nil) }} +KELLNR_PROXY__ENABLED: {{ .Values.kellnr.proxy.enabled | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.proxy.numThreads nil) }} +KELLNR_PROXY__NUM_THREADS: {{ .Values.kellnr.proxy.numThreads | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.proxy.downloadOnUpdate nil) }} +KELLNR_PROXY__DOWNLOAD_ON_UPDATE: {{ .Values.kellnr.proxy.downloadOnUpdate | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.log.level nil) }} +KELLNR_LOG__LEVEL: {{ .Values.kellnr.log.level | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.log.format nil) }} +KELLNR_LOG__FORMAT: {{ .Values.kellnr.log.format | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.log.levelWebServer nil) }} +KELLNR_LOG__LEVEL_WEB_SERVER: {{ .Values.kellnr.log.levelWebServer | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.local.ip nil) }} +KELLNR_LOCAL__IP: {{ .Values.kellnr.local.ip | quote }} +{{ end }} +KELLNR_LOCAL__PORT: {{ .Values.service.api.port | quote }} +KELLNR_ORIGIN__HOSTNAME: {{ required "A valid hostname, where Kellnr will be reachable is required." .Values.kellnr.origin.hostname | quote }} +{{ if .Values.ingress.path }} +KELLNR_ORIGIN__PATH: {{ .Values.ingress.path | quote }} +{{ end }} +KELLNR_ORIGIN__PORT: {{ include "kellnr.serviceOriginPort" . | quote }} +{{ if not (eq .Values.kellnr.origin.protocol nil) }} +KELLNR_ORIGIN__PROTOCOL: {{ .Values.kellnr.origin.protocol | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.postgres.enabled nil) }} +KELLNR_POSTGRESQL__ENABLED: {{ .Values.kellnr.postgres.enabled | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.postgres.address nil) }} +KELLNR_POSTGRESQL__ADDRESS: {{ .Values.kellnr.postgres.address | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.postgres.port nil) }} +KELLNR_POSTGRESQL__PORT: {{ .Values.kellnr.postgres.port | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.postgres.user nil) }} +KELLNR_POSTGRESQL__USER: {{ .Values.kellnr.postgres.user | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.postgres.db nil) }} +KELLNR_POSTGRESQL__DB: {{ .Values.kellnr.postgres.db | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.s3.enabled nil) }} +KELLNR_S3__ENABLED: {{ .Values.kellnr.s3.enabled | quote }} +{{ end }} +{{ if .Values.kellnr.s3.accessKey }} +KELLNR_S3__ACCESS_KEY: {{ .Values.kellnr.s3.accessKey | quote }} +{{ end }} +{{ if .Values.kellnr.s3.secretKey }} +KELLNR_S3__SECRET_KEY: {{ .Values.kellnr.s3.secretKey | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.s3.region nil) }} +KELLNR_S3__REGION: {{ .Values.kellnr.s3.region | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.s3.endpoint nil) }} +KELLNR_S3__ENDPOINT: {{ .Values.kellnr.s3.endpoint | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.s3.allowHttp nil) }} +KELLNR_S3__ALLOW_HTTP: {{ .Values.kellnr.s3.allowHttp | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.s3.crates_bucket nil) }} +KELLNR_S3__CRATES_BUCKET: {{ .Values.kellnr.s3.crates_bucket | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.s3.cratesio_bucket nil) }} +KELLNR_S3__CRATESIO_BUCKET: {{ .Values.kellnr.s3.cratesio_bucket | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.oauth2.enabled nil) }} +KELLNR_OAUTH2__ENABLED: {{ .Values.kellnr.oauth2.enabled | quote }} +{{ end }} +{{ if .Values.kellnr.oauth2.issuerUrl }} +KELLNR_OAUTH2__ISSUER_URL: {{ .Values.kellnr.oauth2.issuerUrl | quote }} +{{ end }} +{{ if .Values.kellnr.oauth2.clientId }} +KELLNR_OAUTH2__CLIENT_ID: {{ .Values.kellnr.oauth2.clientId | quote }} +{{ end }} +{{ if and .Values.kellnr.oauth2.clientSecret (not .Values.kellnr.oauth2.clientSecretRef.name) }} +KELLNR_OAUTH2__CLIENT_SECRET: {{ .Values.kellnr.oauth2.clientSecret | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.oauth2.scopes nil) }} +KELLNR_OAUTH2__SCOPES: {{ .Values.kellnr.oauth2.scopes | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.oauth2.autoProvisionUsers nil) }} +KELLNR_OAUTH2__AUTO_PROVISION_USERS: {{ .Values.kellnr.oauth2.autoProvisionUsers | quote }} +{{ end }} +{{ if .Values.kellnr.oauth2.adminGroupClaim }} +KELLNR_OAUTH2__ADMIN_GROUP_CLAIM: {{ .Values.kellnr.oauth2.adminGroupClaim | quote }} +{{ end }} +{{ if .Values.kellnr.oauth2.adminGroupValue }} +KELLNR_OAUTH2__ADMIN_GROUP_VALUE: {{ .Values.kellnr.oauth2.adminGroupValue | quote }} +{{ end }} +{{ if .Values.kellnr.oauth2.readOnlyGroupClaim }} +KELLNR_OAUTH2__READ_ONLY_GROUP_CLAIM: {{ .Values.kellnr.oauth2.readOnlyGroupClaim | quote }} +{{ end }} +{{ if .Values.kellnr.oauth2.readOnlyGroupValue }} +KELLNR_OAUTH2__READ_ONLY_GROUP_VALUE: {{ .Values.kellnr.oauth2.readOnlyGroupValue | quote }} +{{ end }} +{{ if not (eq .Values.kellnr.oauth2.buttonText nil) }} +KELLNR_OAUTH2__BUTTON_TEXT: {{ .Values.kellnr.oauth2.buttonText | quote }} +{{ end }} +{{- end }} + diff --git a/charts/kellnr/templates/config.yaml b/charts/kellnr/templates/config.yaml index 0f194fe..132386c 100644 --- a/charts/kellnr/templates/config.yaml +++ b/charts/kellnr/templates/config.yaml @@ -3,84 +3,4 @@ kind: ConfigMap metadata: name: {{ .Values.configMap.name | quote }} data: - KELLNR_SETUP__ADMIN_PWD: {{ .Values.kellnr.setup.adminPwd | quote }} - KELLNR_SETUP__ADMIN_TOKEN: {{ .Values.kellnr.setup.adminToken | quote }} - KELLNR_REGISTRY__DATA_DIR: {{ .Values.kellnr.registry.dataDir | quote }} - KELLNR_REGISTRY__SESSION_AGE_SECONDS: {{ .Values.kellnr.registry.sessionAgeSeconds | quote }} - KELLNR_REGISTRY__CACHE_SIZE: {{ .Values.kellnr.registry.cacheSize | quote }} - KELLNR_REGISTRY__MAX_CRATE_SIZE: {{ .Values.kellnr.registry.maxCrateSize | quote }} - KELLNR_REGISTRY__MAX_DB_CONNECTIONS: {{ .Values.kellnr.registry.maxDbConnections | quote }} - KELLNR_REGISTRY__AUTH_REQUIRED: {{ .Values.kellnr.registry.authRequired | quote }} - KELLNR_REGISTRY__ALLOW_OWNERLESS_CRATES: {{ .Values.kellnr.registry.allowOwnerlessCrates | quote }} - KELLNR_REGISTRY__TOKEN_CACHE_ENABLED: {{ .Values.kellnr.registry.token.cache.enabled | quote }} - KELLNR_REGISTRY__TOKEN_CACHE_TTL_SECONDS: {{ .Values.kellnr.registry.token.cache.ttlSeconds | quote }} - KELLNR_REGISTRY__TOKEN_CACHE_MAX_CAPACITY: {{ .Values.kellnr.registry.token.cache.maxCapacity | quote }} - KELLNR_REGISTRY__TOKEN_DB_RETRY_COUNT: {{ .Values.kellnr.registry.token.db.retryCount | quote }} - KELLNR_REGISTRY__TOKEN_DB_RETRY_DELAY_MS: {{ .Values.kellnr.registry.token.db.retryDelayMs | quote }} -{{- if .Values.kellnr.registry.cookieSigningKey }} - KELLNR_REGISTRY__COOKIE_SIGNING_KEY: {{ .Values.kellnr.registry.cookieSigningKey | quote }} -{{- end }} -{{- if .Values.kellnr.registry.requiredCrateFields }} - - KELLNR_REGISTRY__REQUIRED_CRATE_FIELDS: {{ .Values.kellnr.registry.requiredCrateFields | quote }} -{{- end }} - KELLNR_REGISTRY__NEW_CRATES_RESTRICTED: {{ .Values.kellnr.registry.newCratesRestricted | quote }} - KELLNR_DOCS__ENABLED: {{ .Values.kellnr.docs.enabled | quote }} - KELLNR_DOCS__MAX_SIZE: {{ .Values.kellnr.docs.maxSize | quote }} - KELLNR_PROXY__ENABLED: {{ .Values.kellnr.proxy.enabled | quote }} - KELLNR_PROXY__NUM_THREADS: {{ .Values.kellnr.proxy.numThreads | quote }} - KELLNR_PROXY__DOWNLOAD_ON_UPDATE: {{ .Values.kellnr.proxy.downloadOnUpdate | quote }} - KELLNR_LOG__LEVEL: {{ .Values.kellnr.log.level | quote }} - KELLNR_LOG__FORMAT: {{ .Values.kellnr.log.format | quote }} - KELLNR_LOG__LEVEL_WEB_SERVER: {{ .Values.kellnr.log.levelWebServer | quote }} - KELLNR_LOCAL__IP: {{ .Values.kellnr.local.ip | quote }} - KELLNR_LOCAL__PORT: {{ .Values.service.api.port | quote }} - KELLNR_ORIGIN__HOSTNAME: {{ required "A valid hostname, where Kellnr will be reachable is required." .Values.kellnr.origin.hostname | quote }} -{{- if .Values.ingress.path }} - KELLNR_ORIGIN__PATH: {{ .Values.ingress.path | quote }} -{{- end }} - KELLNR_ORIGIN__PORT: {{ include "kellnr.serviceOriginPort" . | quote }} - KELLNR_ORIGIN__PROTOCOL: {{ .Values.kellnr.origin.protocol | quote }} - KELLNR_POSTGRESQL__ENABLED: {{ .Values.kellnr.postgres.enabled | quote }} - KELLNR_POSTGRESQL__ADDRESS: {{ .Values.kellnr.postgres.address | quote }} - KELLNR_POSTGRESQL__PORT: {{ .Values.kellnr.postgres.port | quote }} - KELLNR_POSTGRESQL__USER: {{ .Values.kellnr.postgres.user | quote }} - KELLNR_POSTGRESQL__DB: {{ .Values.kellnr.postgres.db | quote }} - KELLNR_S3__ENABLED: {{ .Values.kellnr.s3.enabled | quote }} -{{- if .Values.kellnr.s3.accessKey }} - KELLNR_S3__ACCESS_KEY: {{ .Values.kellnr.s3.accessKey | quote }} -{{- end }} -{{- if .Values.kellnr.s3.secretKey }} - KELLNR_S3__SECRET_KEY: {{ .Values.kellnr.s3.secretKey | quote }} -{{- end }} - KELLNR_S3__REGION: {{ .Values.kellnr.s3.region | quote }} - KELLNR_S3__ENDPOINT: {{ .Values.kellnr.s3.endpoint | quote }} - KELLNR_S3__ALLOW_HTTP: {{ .Values.kellnr.s3.allowHttp | quote }} - KELLNR_S3__CRATES_BUCKET: {{ .Values.kellnr.s3.crates_bucket | quote }} - KELLNR_S3__CRATESIO_BUCKET: {{ .Values.kellnr.s3.cratesio_bucket | quote }} - # OAuth2/OpenID Connect - KELLNR_OAUTH2__ENABLED: {{ .Values.kellnr.oauth2.enabled | quote }} -{{- if .Values.kellnr.oauth2.issuerUrl }} - KELLNR_OAUTH2__ISSUER_URL: {{ .Values.kellnr.oauth2.issuerUrl | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.clientId }} - KELLNR_OAUTH2__CLIENT_ID: {{ .Values.kellnr.oauth2.clientId | quote }} -{{- end }} -{{- if and .Values.kellnr.oauth2.clientSecret (not .Values.kellnr.oauth2.clientSecretRef.name) }} - KELLNR_OAUTH2__CLIENT_SECRET: {{ .Values.kellnr.oauth2.clientSecret | quote }} -{{- end }} - KELLNR_OAUTH2__SCOPES: {{ .Values.kellnr.oauth2.scopes | quote }} - KELLNR_OAUTH2__AUTO_PROVISION_USERS: {{ .Values.kellnr.oauth2.autoProvisionUsers | quote }} -{{- if .Values.kellnr.oauth2.adminGroupClaim }} - KELLNR_OAUTH2__ADMIN_GROUP_CLAIM: {{ .Values.kellnr.oauth2.adminGroupClaim | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.adminGroupValue }} - KELLNR_OAUTH2__ADMIN_GROUP_VALUE: {{ .Values.kellnr.oauth2.adminGroupValue | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.readOnlyGroupClaim }} - KELLNR_OAUTH2__READ_ONLY_GROUP_CLAIM: {{ .Values.kellnr.oauth2.readOnlyGroupClaim | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.readOnlyGroupValue }} - KELLNR_OAUTH2__READ_ONLY_GROUP_VALUE: {{ .Values.kellnr.oauth2.readOnlyGroupValue | quote }} -{{- end }} - KELLNR_OAUTH2__BUTTON_TEXT: {{ .Values.kellnr.oauth2.buttonText | quote }} +{{- include "kellnr.envVars" . | nindent 2 }} \ No newline at end of file diff --git a/charts/kellnr/templates/secret-config.yaml b/charts/kellnr/templates/secret-config.yaml index a7500bb..caffcae 100644 --- a/charts/kellnr/templates/secret-config.yaml +++ b/charts/kellnr/templates/secret-config.yaml @@ -4,76 +4,6 @@ kind: Secret metadata: name: {{ .Values.secret.name | quote }} type: Opaque -stringData: - KELLNR_SETUP__ADMIN_PWD: {{ .Values.kellnr.setup.adminPwd | quote }} - KELLNR_SETUP__ADMIN_TOKEN: {{ .Values.kellnr.setup.adminToken | quote }} - KELLNR_REGISTRY__DATA_DIR: {{ .Values.kellnr.registry.dataDir | quote }} - KELLNR_REGISTRY__SESSION_AGE_SECONDS: {{ .Values.kellnr.registry.sessionAgeSeconds | quote }} - KELLNR_REGISTRY__CACHE_SIZE: {{ .Values.kellnr.registry.cacheSize | quote }} - KELLNR_REGISTRY__MAX_CRATE_SIZE: {{ .Values.kellnr.registry.maxCrateSize | quote }} - KELLNR_REGISTRY__AUTH_REQUIRED: {{ .Values.kellnr.registry.authRequired | quote }} - KELLNR_REGISTRY__ALLOW_OWNERLESS_CRATES: {{ .Values.kellnr.registry.allowOwnerlessCrates | quote }} - KELLNR_REGISTRY__TOKEN_CACHE_ENABLED: {{ .Values.kellnr.registry.token.cache.enabled | quote }} - KELLNR_REGISTRY__TOKEN_CACHE_TTL_SECONDS: {{ .Values.kellnr.registry.token.cache.ttlSeconds | quote }} - KELLNR_REGISTRY__TOKEN_CACHE_MAX_CAPACITY: {{ .Values.kellnr.registry.token.cache.maxCapacity | quote }} - KELLNR_REGISTRY__TOKEN_DB_RETRY_COUNT: {{ .Values.kellnr.registry.token.db.retryCount | quote }} - KELLNR_REGISTRY__TOKEN_DB_RETRY_DELAY_MS: {{ .Values.kellnr.registry.token.db.retryDelayMs | quote }} -{{- $cookieKey := include "kellnr.cookieSigningKey" . -}} -{{- if ne $cookieKey "" }} - KELLNR_REGISTRY__COOKIE_SIGNING_KEY: {{ $cookieKey | quote }} -{{- end }} - - - KELLNR_DOCS__ENABLED: {{ .Values.kellnr.docs.enabled | quote }} - KELLNR_DOCS__MAX_SIZE: {{ .Values.kellnr.docs.maxSize | quote }} - KELLNR_PROXY__ENABLED: {{ .Values.kellnr.proxy.enabled | quote }} - KELLNR_PROXY__NUM_THREADS: {{ .Values.kellnr.proxy.numThreads | quote }} - KELLNR_PROXY__DOWNLOAD_ON_UPDATE: {{ .Values.kellnr.proxy.downloadOnUpdate | quote }} - KELLNR_LOG__LEVEL: {{ .Values.kellnr.log.level | quote }} - KELLNR_LOG__FORMAT: {{ .Values.kellnr.log.format | quote }} - KELLNR_LOG__LEVEL_WEB_SERVER: {{ .Values.kellnr.log.levelWebServer | quote }} - KELLNR_LOCAL__IP: {{ .Values.kellnr.local.ip | quote }} - KELLNR_LOCAL__PORT: {{ .Values.service.api.port | quote }} - KELLNR_ORIGIN__HOSTNAME: {{ required "A valid hostname, where Kellnr will be reachable is required." .Values.kellnr.origin.hostname | quote }} - KELLNR_ORIGIN__PORT: {{ include "kellnr.serviceOriginPort" . | quote }} - KELLNR_ORIGIN__PROTOCOL: {{ .Values.kellnr.origin.protocol | quote }} - KELLNR_POSTGRESQL__ENABLED: {{ .Values.kellnr.postgres.enabled | quote }} - KELLNR_POSTGRESQL__ADDRESS: {{ .Values.kellnr.postgres.address | quote }} - KELLNR_POSTGRESQL__PORT: {{ .Values.kellnr.postgres.port | quote }} - KELLNR_POSTGRESQL__USER: {{ .Values.kellnr.postgres.user | quote }} - KELLNR_POSTGRESQL__DB: {{ .Values.kellnr.postgres.db | quote }} - KELLNR_S3__ENABLED: {{ .Values.kellnr.s3.enabled | quote }} - KELLNR_S3__ACCESS_KEY: {{ .Values.kellnr.s3.accessKey | quote }} - KELLNR_S3__SECRET_KEY: {{ .Values.kellnr.s3.secretKey | quote }} - KELLNR_S3__REGION: {{ .Values.kellnr.s3.region | quote }} - KELLNR_S3__ENDPOINT: {{ .Values.kellnr.s3.endpoint | quote }} - KELLNR_S3__ALLOW_HTTP: {{ .Values.kellnr.s3.allowHttp | quote }} - KELLNR_S3__CRATES_BUCKET: {{ .Values.kellnr.s3.crates_bucket | quote }} - KELLNR_S3__CRATESIO_BUCKET: {{ .Values.kellnr.s3.cratesio_bucket | quote }} - # OAuth2/OpenID Connect - KELLNR_OAUTH2__ENABLED: {{ .Values.kellnr.oauth2.enabled | quote }} -{{- if .Values.kellnr.oauth2.issuerUrl }} - KELLNR_OAUTH2__ISSUER_URL: {{ .Values.kellnr.oauth2.issuerUrl | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.clientId }} - KELLNR_OAUTH2__CLIENT_ID: {{ .Values.kellnr.oauth2.clientId | quote }} -{{- end }} -{{- if and .Values.kellnr.oauth2.clientSecret (not .Values.kellnr.oauth2.clientSecretRef.name) }} - KELLNR_OAUTH2__CLIENT_SECRET: {{ .Values.kellnr.oauth2.clientSecret | quote }} -{{- end }} - KELLNR_OAUTH2__SCOPES: {{ .Values.kellnr.oauth2.scopes | quote }} - KELLNR_OAUTH2__AUTO_PROVISION_USERS: {{ .Values.kellnr.oauth2.autoProvisionUsers | quote }} -{{- if .Values.kellnr.oauth2.adminGroupClaim }} - KELLNR_OAUTH2__ADMIN_GROUP_CLAIM: {{ .Values.kellnr.oauth2.adminGroupClaim | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.adminGroupValue }} - KELLNR_OAUTH2__ADMIN_GROUP_VALUE: {{ .Values.kellnr.oauth2.adminGroupValue | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.readOnlyGroupClaim }} - KELLNR_OAUTH2__READ_ONLY_GROUP_CLAIM: {{ .Values.kellnr.oauth2.readOnlyGroupClaim | quote }} -{{- end }} -{{- if .Values.kellnr.oauth2.readOnlyGroupValue }} - KELLNR_OAUTH2__READ_ONLY_GROUP_VALUE: {{ .Values.kellnr.oauth2.readOnlyGroupValue | quote }} -{{- end }} - KELLNR_OAUTH2__BUTTON_TEXT: {{ .Values.kellnr.oauth2.buttonText | quote }} -{{- end }} +stringData: +{{- include "kellnr.envVars" . | nindent 2 }} +{{- end }} \ No newline at end of file diff --git a/charts/kellnr/values.yaml b/charts/kellnr/values.yaml index 107681a..0e3e8aa 100644 --- a/charts/kellnr/values.yaml +++ b/charts/kellnr/values.yaml @@ -66,25 +66,25 @@ kellnr: adminToken: "Zy9HhJ02RJmg0GCrgLfaCVfU6IwDfhXD" registry: dataDir: "/var/lib/kellnr" - sessionAgeSeconds: 28800 - cacheSize: 1000 - maxCrateSize: 10 - authRequired: false + sessionAgeSeconds: null # 28800 + cacheSize: null # 1000 + maxCrateSize: null # 10 + authRequired: null # false requiredCrateFields: "" # Comma-separated list of fields, e.g. "description,license,repository" - newCratesRestricted: false - maxDbConnections: 0 # 0 means no limit + newCratesRestricted: null # false + maxDbConnections: null # 0 means no limit # Allow publishing crates without an owner - allowOwnerlessCrates: false + allowOwnerlessCrates: null # false token: cache: - enabled: true - ttlSeconds: 1800 - maxCapacity: 10000 + enabled: null # true + ttlSeconds: null # 1800 + maxCapacity: null # 10000 db: - retryCount: 3 - retryDelayMs: 100 + retryCount: null # 3 + retryDelayMs: null # 100 # Used to sign the session cookie. Must be at least 64 bytes. # If empty, a random 64-byte value is generated by the chart (when `secret.enabled: true`). @@ -92,47 +92,47 @@ kellnr: cookieSigningKey: "" docs: - enabled: false - maxSize: 100 + enabled: null # false + maxSize: null # 100 proxy: - enabled: false - numThreads: 20 - downloadOnUpdate: false + enabled: null # false + numThreads: null # 20 + downloadOnUpdate: null # false log: - level: "info" - format: "compact" - levelWebServer: "warn" + level: null # "info" + format: null # "compact" + levelWebServer: null # "warn" local: ip: "0.0.0.0" origin: hostname: "localhost" # Can be a number, or null (~) to automatically set to 443 if protocol is https, otherwise 80 port: null - protocol: "http" + protocol: null # "http" postgres: - enabled: false - address: "localhost" - port: 5432 - db: "kellnr" + enabled: null # false + address: null # "localhost" + port: null # 5432 + db: null # "kellnr" user: "" pwd: "" pwdSecretRef: name: kellnr-postgres-user key: password s3: - enabled: false + enabled: null # false accessKey: "" secretKey: "" region: "" endpoint: "" - allowHttp: true - crates_bucket: "kellnr-crates" - cratesio_bucket: "kellnr-cratesio" + allowHttp: null # true + crates_bucket: null # "kellnr-crates" + cratesio_bucket: null # "kellnr-cratesio" # OAuth2/OpenID Connect authentication # See https://kellnr.io/documentation for details oauth2: - enabled: false + enabled: null # false # OIDC issuer URL (discovery URL) # Example: "https://authentik.example.com/application/o/kellnr/" issuerUrl: "" @@ -146,9 +146,9 @@ kellnr: name: "" key: "client-secret" # OAuth2 scopes to request (comma-separated) - scopes: "openid,profile,email" + scopes: null # "openid,profile,email" # Automatically create local user accounts for new OAuth2 users - autoProvisionUsers: true + autoProvisionUsers: null # true # Claim name to check for admin group membership (e.g., "groups") adminGroupClaim: "" # Value in the admin group claim that grants admin privileges (e.g., "kellnr-admins") @@ -158,7 +158,7 @@ kellnr: # Value in the read-only group claim that grants read-only access (e.g., "kellnr-readonly") readOnlyGroupValue: "" # Text displayed on the OAuth2 login button - buttonText: "Login with SSO" + buttonText: null # "Login with SSO" service: api: