Skip to content

Commit

Permalink
Merge pull request #698 from lsst-sqre/tickets/DM-34317
Browse files Browse the repository at this point in the history
[DM-34317] Sherlock auth and push secret
  • Loading branch information
cbanek authored Apr 7, 2022
2 parents 45de35c + 5e63f94 commit 252388a
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 3 deletions.
2 changes: 1 addition & 1 deletion charts/sherlock/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ appVersion: 0.1.4
description: A Helm chart for Kubernetes
name: sherlock
type: application
version: 0.1.7
version: 0.1.8
maintainers:
- name: cbanek
7 changes: 7 additions & 0 deletions charts/sherlock/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,13 @@ spec:
env:
- name: "PUBLISH_URL"
value: {{ .Values.publish_url }}
{{- if .Values.publish_url }}
- name: "PUBLISH_KEY"
valueFrom:
secretKeyRef:
name: {{ include "sherlock.fullname" . }}-secret
key: "publish_key"
{{- end }}
ports:
- name: http
containerPort: 8080
Expand Down
2 changes: 1 addition & 1 deletion charts/sherlock/templates/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
{{- include "sherlock.labels" . | nindent 4 }}
annotations:
kubernetes.io/ingress.class: "nginx"
{{- if .Values.ingress.gafaelfawrAuthQuery -}}
{{- if .Values.ingress.gafaelfawrAuthQuery }}
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Request-User,X-Auth-Request-Email,X-Auth-Request-Token
nginx.ingress.kubernetes.io/auth-signin: "https://{{ .Values.ingress.host }}/login"
Expand Down
9 changes: 9 additions & 0 deletions charts/sherlock/templates/vault-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: ricoberger.de/v1alpha1
kind: VaultSecret
metadata:
name: {{ include "sherlock.fullname" . }}-secret
labels:
{{- include "sherlock.labels" . | nindent 4 }}
spec:
path: {{ required "vaultSecretsPath must be set" .Values.vaultSecretsPath | quote }}
type: Opaque
4 changes: 3 additions & 1 deletion charts/sherlock/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ ingress:
host: ""

# -- Gafaelfawr auth query string (default, unauthenticated)
gafaelfawrAuthQuery: ""
gafaelfawrAuthQuery: "scope=exec:admin"

# -- Additional annotations for the ingress rule
annotations: {}
Expand Down Expand Up @@ -84,3 +84,5 @@ serviceAccount:

# -- URL to push status to via HTTP PUTs.
publish_url: ""

vaultSecretsPath: ""

0 comments on commit 252388a

Please sign in to comment.