Skip to content

Commit

Permalink
add export feature + force mfa + and more fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@cedricve
cedricve committed Mar 19, 2024
1 parent fb1c40e commit c3cb5b4
Show file tree
Hide file tree
Showing 3 changed files with 139 additions and 5 deletions.
4 changes: 2 additions & 2 deletions charts/hub/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.51.0
version: 0.52.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.1.1"
appVersion: "1.2.0"
125 changes: 125 additions & 0 deletions charts/hub/templates/kerberos-pipeline/pipe-export.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: pipe-export
spec:
replicas: {{ .Values.kerberospipeline.export.replicas }}
selector:
matchLabels:
app: pipe-export
minReadySeconds: 10
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
template:
metadata:
labels:
app: pipe-export
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: pipe-export
image: "{{ .Values.kerberospipeline.export.repository }}:{{ .Values.kerberospipeline.export.tag }}"
imagePullPolicy: {{ .Values.kerberospipeline.export.pullPolicy }}
{{- with .Values.kerberospipeline.export.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: CLOUD_PROVIDER
value: "{{ .Values.cloudProvider }}"
- name: QUEUE_SYSTEM
value: "{{ .Values.queueProvider }}"

# Database
- name: MONGODB_DATABASE_CLOUD
value: "Kerberos"
- name: MONGODB_URI
value: "{{ .Values.mongodb.uri }}"
- name: MONGODB_HOST
value: "{{ .Values.mongodb.host }}"
- name: MONGODB_DATABASE_CREDENTIALS
value: "{{ .Values.mongodb.adminDatabase }}"
- name: MONGODB_USERNAME
value: "{{ .Values.mongodb.username }}"
- name: MONGODB_PASSWORD
value: "{{ .Values.mongodb.password }}"

# Kafka settings
- name: KAFKA_BROKER
value: "{{ .Values.kafka.broker }}"
- name: KAFKA_USERNAME
value: "{{ .Values.kafka.username }}"
- name: KAFKA_PASSWORD
value: "{{ .Values.kafka.password }}"
- name: KAFKA_MECHANISM
value: "{{ .Values.kafka.mechanism }}"
- name: KAFKA_SECURITY
value: "{{ .Values.kafka.security }}"

# RabbitMQ settings
- name: RABBITMQ_HOST
value: "{{ .Values.rabbitmq.host }}"
- name: RABBITMQ_EXCHANGE
value: "{{ .Values.rabbitmq.exchange }}"
- name: RABBITMQ_USERNAME
value: "{{ .Values.rabbitmq.username }}"
- name: RABBITMQ_PASSWORD
value: "{{ .Values.rabbitmq.password }}"

# Kerberos Vault (Main instance, within Kerberos Hub you can assign additional Vaults to sites).
- name: STORAGE_URI
value: "{{ .Values.kerberosvault.uri }}"
- name: STORAGE_ACCESS_KEY
value: "{{ .Values.kerberosvault.accesskey }}"
- name: STORAGE_SECRET_KEY
value: "{{ .Values.kerberosvault.secretkey }}"

# Kerberos Vault: archiving credentials. When creating a task, the underlying recording will be
# copied to this storage provider, using the specific account credentials, for deletion/retention.
- name: STORAGE_ARCHIVE_PROVIDER
value: "{{ .Values.kerberosvault.archive.provider }}"
- name: STORAGE_ARCHIVE_ACCESS_KEY
value: "{{ .Values.kerberosvault.archive.accesskey }}"
- name: STORAGE_ARCHIVE_SECRET_KEY
value: "{{ .Values.kerberosvault.archive.secretkey }}"

# Sprites
- name: SPRITE_ENABLED
value: "{{ .Values.kerberospipeline.sprite.enabled }}"
- name: VAULT_SPRITE_PROVIDER
value: "{{ .Values.kerberosvault.sprite.provider }}"
- name: VAULT_SPRITE_ACCESS_KEY
value: "{{ .Values.kerberosvault.sprite.accessKey }}"
- name: VAULT_SPRITE_SECRET_KEY
value: "{{ .Values.kerberosvault.sprite.secretKey }}"
# Thumbnails
- name: THUMBNAIL_VAULT_ENABLED
value: "{{ .Values.kerberospipeline.thumbnail.kerberosvault.enabled }}"
- name: VAULT_THUMBNAIL_PROVIDER
value: "{{ .Values.kerberosvault.thumbnail.provider }}"
- name: VAULT_THUMBNAIL_ACCESS_KEY
value: "{{ .Values.kerberosvault.thumbnail.accessKey }}"
- name: VAULT_THUMBNAIL_SECRET_KEY
value: "{{ .Values.kerberosvault.thumbnail.secretKey }}"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: pipe-export
service: pipe
name: pipe-export
spec:
ports:
- name: hub-metrics
port: 8080
targetPort: 8080
protocol: TCP
selector:
app: pipe-export
15 changes: 12 additions & 3 deletions charts/hub/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ kerberoshub:
api:
repository: kerberos/hub-api
pullPolicy: IfNotPresent
tag: "1.0.1195226311"
tag: "1.0.1219162731"
replicas: 2
jwtSecret: "this-is-a-secret-please-change-to-random-string" # change to a random value, this is for generating JWT tokens.
schema: "https"
Expand Down Expand Up @@ -230,7 +230,7 @@ kerberoshub:
frontend:
repository: kerberos/hub-frontend
pullPolicy: IfNotPresent
tag: "1.0.1172733722"
tag: "1.0.1219811275"
replicas: 2
schema: "https"
url: "yourdomain.com"
Expand Down Expand Up @@ -464,7 +464,7 @@ kerberospipeline:
analysis:
repository: kerberos/pipe-analysis
pullPolicy: IfNotPresent
tag: "1.0.6256066045"
tag: "1.0.6426898456"
replicas: 1
resources:
requests:
Expand Down Expand Up @@ -524,3 +524,12 @@ kerberospipeline:
limits:
memory: 2Gi
cpu: 1000m
export:
repository: kerberos/pipe-export
pullPolicy: IfNotPresent
tag: "1.0.6427528901"
replicas: 2
resources:
requests:
memory: 10Mi
cpu: 10m

0 comments on commit c3cb5b4

Please sign in to comment.