Feature/thumbor basic auth (#14)

enable the option to set a basic auth for thumbor
Kurt108 · Oct 13, 2020 · a26e1e9 · a26e1e9
1 parent 96ef796
commit a26e1e9
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 31 deletions.
diff --git a/charts/thumbor/Chart.yaml b/charts/thumbor/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: thumbor
 icon: https://camo.githubusercontent.com/8add159463b5ef31481d1e0cc9fb590cd662fe62/68747470733a2f2f73332e65752d776573742d322e616d617a6f6e6177732e636f6d2f6d696e696d616c2d636f6d706163742f696d616765732f6d632d7468756d626f722e706e67
-version: 1.0.4
+version: 1.0.5
 appVersion: "6.7.5"
 description: A chart containing Thumbor
 home: http://thumbor.org/

diff --git a/charts/thumbor/README.md b/charts/thumbor/README.md
@@ -5,7 +5,7 @@
 =======
 A chart containing Thumbor
 
-Current chart version is `1.0.4`
+Current chart version is `1.0.5`
 
 ## Based on
 
@@ -32,20 +32,23 @@ NAME: my-release
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| auth.enabled | bool | `true` |  |
+| auth.password | string | `"$1$nwVVjM_Y$VeLOyr0CIIMXQajJL2pXT1"` |  |
+| auth.username | string | `"thumbor"` |  |
 | conf.allowedSources | string | `"'http://domain_or_wildcard', 'comma_seperated'"` |  |
-| env.ALLOW_UNSAFE_URL | string | `"True"` |  |
-| env.AUTO_WEBP | string | `"True"` |  |
-| env.CORS_ALLOW_ORIGIN | string | `"*"` |  |
-| env.HEALTHCHECK_ROUTE | string | `"/healthcheck"` |  |
-| env.LOG_LEVEL | string | `"error"` |  |
-| env.MAX_AGE | string | `"3600"` |  |
-| env.MAX_AGE_TEMP_IMAGE | string | `"300"` |  |
-| env.RESULT_STORAGE | string | `"thumbor.result_storages.no_storage"` |  |
-| env.RESULT_STORAGE_EXPIRATION_SECONDS | string | `"31536000"` |  |
-| env.RESULT_STORAGE_STORES_UNSAFE | string | `"True"` |  |
-| env.STORAGE | string | `"thumbor.storages.file_storage"` |  |
-| env.THUMBOR_NUM_PROCESSES | string | `"1"` |  |
-| env.THUMBOR_PORT | string | `"80"` |  |
+| env.open.ALLOW_UNSAFE_URL | string | `"True"` |  |
+| env.open.AUTO_WEBP | string | `"True"` |  |
+| env.open.CORS_ALLOW_ORIGIN | string | `"*"` |  |
+| env.open.HEALTHCHECK_ROUTE | string | `"/healthcheck"` |  |
+| env.open.LOG_LEVEL | string | `"error"` |  |
+| env.open.MAX_AGE | string | `"3600"` |  |
+| env.open.MAX_AGE_TEMP_IMAGE | string | `"300"` |  |
+| env.open.RESULT_STORAGE | string | `"thumbor.result_storages.no_storage"` |  |
+| env.open.RESULT_STORAGE_EXPIRATION_SECONDS | string | `"31536000"` |  |
+| env.open.RESULT_STORAGE_STORES_UNSAFE | string | `"True"` |  |
+| env.open.STORAGE | string | `"thumbor.storages.file_storage"` |  |
+| env.open.THUMBOR_NUM_PROCESSES | string | `"1"` |  |
+| env.open.THUMBOR_PORT | string | `"80"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"registry.hub.docker.com/minimalcompact/thumbor"` |  |
 | image.tag | string | `"6.7.5"` |  |

diff --git a/charts/thumbor/templates/NOTES.txt b/charts/thumbor/templates/NOTES.txt
@@ -1 +0,0 @@
-notes.txt

diff --git a/charts/thumbor/templates/deployment.yaml b/charts/thumbor/templates/deployment.yaml
@@ -38,7 +38,7 @@ spec:
         env:
         - name: THUMBOR_PORT
           value: {{ .Values.service.internalPort | quote }}
-{{- range $name, $value := .Values.env }}
+{{- range $name, $value := .Values.env.open }}
 {{- if not (empty $value) }}
         - name: {{ $name | quote }}
           value: {{ $value | quote }}

diff --git a/charts/thumbor/templates/ingress.yaml b/charts/thumbor/templates/ingress.yaml
@@ -4,9 +4,12 @@ apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
-{{- if .Values.ingress.annotations }}
+  {{- if or (.Values.ingress.annotations) (.Values.auth.enabled) }}
   annotations:
 {{ toYaml .Values.ingress.annotations | indent 4 }}
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: {{ template "thumbor.name" . }}-auth
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - Thumbor'
 {{- end }}
   labels:
     app: {{ template "thumbor.name" . }}

diff --git a/charts/thumbor/templates/secrets.yaml b/charts/thumbor/templates/secrets.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.auth.enabled -}}
+{{- if not .Values.auth.existingSecret -}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "thumbor.fullname" . }}-auth
+  labels:
+    chart: {{ template "thumbor.name" . }}
+    app: {{ template "thumbor.name" . }}
+    chart: {{ template "thumbor.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}   
+type: Opaque
+data:
+  auth: {{ print .Values.auth.username ":" .Values.auth.password | b64enc }}
+{{ end }}
+{{ end }}
diff --git a/charts/thumbor/values.yaml b/charts/thumbor/values.yaml
@@ -1,18 +1,25 @@
 replicaCount: 1
 env:
-  THUMBOR_NUM_PROCESSES: "1"
-  CORS_ALLOW_ORIGIN: "*"
-  AUTO_WEBP: "True"
-  RESULT_STORAGE: "thumbor.result_storages.no_storage"
-  RESULT_STORAGE_STORES_UNSAFE: "True"
-  STORAGE: "thumbor.storages.file_storage"
-  HEALTHCHECK_ROUTE: "/healthcheck"
-  THUMBOR_PORT: "80"
-  MAX_AGE: "3600"
-  MAX_AGE_TEMP_IMAGE: "300"
-  RESULT_STORAGE_EXPIRATION_SECONDS: "31536000"
-  ALLOW_UNSAFE_URL: "True"
-  LOG_LEVEL: "error"
+  open:
+    THUMBOR_NUM_PROCESSES: "1"
+    CORS_ALLOW_ORIGIN: "*"
+    AUTO_WEBP: "True"
+    RESULT_STORAGE: "thumbor.result_storages.no_storage"
+    RESULT_STORAGE_STORES_UNSAFE: "True"
+    STORAGE: "thumbor.storages.file_storage"
+    HEALTHCHECK_ROUTE: "/healthcheck"
+    THUMBOR_PORT: "80"
+    MAX_AGE: "3600"
+    MAX_AGE_TEMP_IMAGE: "300"
+    RESULT_STORAGE_EXPIRATION_SECONDS: "31536000"
+    ALLOW_UNSAFE_URL: "True"
+    LOG_LEVEL: "error"
+
+auth:
+  enabled: true
+  username: "thumbor"   # Username
+  password: "$1$nwVVjM_Y$VeLOyr0CIIMXQajJL2pXT1"   # Password generated via htpasswd (password)
+  # existingSecret: specify the name of a existing secret
 
 # Some Configs should be set via config-file and not as environment variable
 conf: