mirror of
https://github.com/TheAnachronism/docspell.git
synced 2025-07-04 16:48:26 +00:00
eikek/docspell#2502 Added the option supply existing Kubernetes secrets to load secret values.
This commit is contained in:
@ -15,7 +15,9 @@
|
||||
{{- $envPrefix = "DOCSPELL_JOEX_JDBC" -}}
|
||||
{{- end }}
|
||||
{{ $envPrefix }}_USER: {{ .context.Values.postgresql.global.postgresql.auth.username }}
|
||||
{{- if not .context.Values.postgresql.global.postgresql.auth.existingSecret }}
|
||||
{{ $envPrefix }}_PASSWORD: {{ .context.Values.postgresql.global.postgresql.auth.password }}
|
||||
{{- end }}
|
||||
{{ $envPrefix }}_URL: {{ include "postgresql.jdbcUrl" .context }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@ -57,4 +57,4 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -0,0 +1,10 @@
|
||||
{{- define "docspell.joex.secrets.existingSecrets" -}}
|
||||
{{/*PostgreSQL Password*/}}
|
||||
{{- if .Values.postgresql.global.postgresql.auth.existingSecret -}}
|
||||
- name: DOCSPELL_JOEX_JDBC_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.postgresql.global.postgresql.auth.existingSecret }}
|
||||
key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -27,6 +27,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/joex/config.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/joex/secret.yaml") . | sha256sum }}
|
||||
{{- with .Values.joex.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -51,6 +52,8 @@ spec:
|
||||
ports:
|
||||
- containerPort: {{ .Values.joex.service.port }}
|
||||
name: http
|
||||
env:
|
||||
{{- include "docspell.joex.secrets.existingSecrets" . | nindent 10 }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "docspell.fullname" . }}-joex
|
||||
|
||||
@ -32,9 +32,14 @@
|
||||
|
||||
{{/*Auth Secrets*/}}
|
||||
{{- define "docspell.server.secrets.auth" -}}
|
||||
{{- with .Values.docspell.server.auth.serverSecret }}
|
||||
{{- if .Values.docspell.server.auth.serverSecret -}}
|
||||
{{- if and .Values.docspell.server.auth.serverSecret.value .Values.docspell.server.auth.serverSecret.existingSecret -}}
|
||||
{{- fail "Only either a fixed server secret or an existing secret should be specified" -}}
|
||||
{{- end -}}
|
||||
{{- with .Values.docspell.server.auth.serverSecret.value }}
|
||||
DOCSPELL_SERVER_AUTH_SERVER__SECRET: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*Download Config*/}}
|
||||
@ -71,7 +76,7 @@ DOCSPELL_SERVER_AUTH_SERVER__SECRET: {{ . }}
|
||||
{{- define "docspell.server.secrets.openid" -}}
|
||||
{{- $envPrefix := "DOCSPELL_SERVER_OPENID" -}}
|
||||
{{- range $index, $entry := .Values.docspell.server.openid -}}
|
||||
{{- if $entry.enabled -}}
|
||||
{{- if and $entry.enabled (not $entry.provider.existingSecret) -}}
|
||||
{{- $envPrefix = printf "%s_%s_PROVIDER" $envPrefix ($index | toString) }}
|
||||
{{ $envPrefix }}_CLIENT__ID: {{ $entry.provider.clientId }}
|
||||
{{ $envPrefix }}_CLIENT__SECRET: {{ $entry.provider.clientSecret }}
|
||||
@ -110,24 +115,40 @@ DOCSPELL_SERVER_AUTH_SERVER__SECRET: {{ . }}
|
||||
|
||||
{{/*Integration Endpoint Secrets*/}}
|
||||
{{- define "docspell.server.secrets.integrationEndpoint" -}}
|
||||
{{- if .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote -}}
|
||||
{{- $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT__HTTP__BASIC" -}}
|
||||
{{- if .Values.docspell.server.integrationEndpoint.httpBasic.enabled -}}
|
||||
{{- if and .Values.docspell.server.integrationEndpoint.httpBasic.credentials .Values.docspell.server.integrationEndpoint.httpBasic.existingSecret -}}
|
||||
{{- fail "Only either the fixed credentials or an existing secret for the httpBasic integration endpoint should be set" -}}
|
||||
{{- end -}}
|
||||
{{- $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__BASIC" -}}
|
||||
{{ $envPrefix}}_REALM: {{ .Values.docspell.server.integrationEndpoint.httpBasic.realm }}
|
||||
{{ $envPrefix}}_USER: {{ .Values.docspell.server.integrationEndpoint.httpBasic.user }}
|
||||
{{ $envPrefix}}_PASSWORD: {{ .Values.docspell.server.integrationEndpoint.httpBasic.password }}
|
||||
{{- with .Values.docspell.server.integrationEndpoint.httpBasic.credentials }}
|
||||
{{ $envPrefix}}_USER: {{ .username }}
|
||||
{{ $envPrefix}}_PASSWORD: {{ .password }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- if .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote -}}
|
||||
{{ $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT__HTTP__HEADER" }}
|
||||
{{- if .Values.docspell.server.integrationEndpoint.httpHeader.enabled -}}
|
||||
{{- if and .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.value .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.existingSecret -}}
|
||||
{{- fail "Only either the fixed header value or an existing secret for the http header ingration endpoint should be set" -}}
|
||||
{{- end -}}
|
||||
{{ $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER" }}
|
||||
{{ $envPrefix }}_HEADER__NAME: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerName }}
|
||||
{{ $envPrefix }}_HEADER__VALUE: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerValue }}
|
||||
{{- with .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.value -}}
|
||||
{{ $envPrefix }}_HEADER__VALUE: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.value }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*Admin Endpoint Secrets*/}}
|
||||
{{- define "docspell.server.secrets.adminEndpoint" -}}
|
||||
{{- with .Values.docspell.server.adminEndpoint.secret }}
|
||||
DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.docspell.server.adminEndpoint.enabled -}}
|
||||
{{- $context := . -}}
|
||||
{{- with .Values.docspell.server.adminEndpoint.secret -}}
|
||||
{{- if $context.Values.docspell.server.adminEndpoint.existingSecret }}
|
||||
{{- fail "Only either the fixed value or an existing secret for the admin endpoint should be set" -}}
|
||||
{{- end -}}
|
||||
DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET: {{ .value }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*Signup Settings*/}}
|
||||
@ -142,6 +163,12 @@ DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET: {{ . }}
|
||||
{{/*Signup Secrets*/}}
|
||||
{{- define "docspell.server.secrets.signup" -}}
|
||||
{{- if eq .Values.docspell.server.backend.signup.mode "invite" }}
|
||||
DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD: {{ .Values.docspell.server.backend.signup.newInvitePassword }}
|
||||
{{- $context := . -}}
|
||||
{{- with .Values.docspell.server.backend.signup.newInvitePassword.value -}}
|
||||
{{- if $context.Values.docspell.server.backend.signup.newInvitePassword.existingSecret -}}
|
||||
{{- fail "Only either the fixed value or an existing secret for the new invite password should be set" -}}
|
||||
{{- end -}}
|
||||
DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD: {{ . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -0,0 +1,86 @@
|
||||
{{- define "docspell.server.secrets.existingSecrets" -}}
|
||||
{{/*Server Secret*/}}
|
||||
{{- if .Values.docspell.server.auth.serverSecret -}}
|
||||
{{- if and .Values.docspell.server.auth.serverSecret.existingSecret (not .Values.docspell.server.auth.serverSecret.value) -}}
|
||||
- name: DOCSPELL_SERVER_AUTH_SERVER__SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.docspell.server.auth.serverSecret.existingSecret.name }}
|
||||
key: {{ .Values.docspell.server.auth.serverSecret.existingSecret.key }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{/*OIDC Secrets*/}}
|
||||
{{- range $index, $entry := .Values.docspell.server.openid -}}
|
||||
{{- if and $entry.enabled $entry.provider.existingSecret -}}
|
||||
{{- $envPrefix := printf "%s_%s_PROVIDER" "DOCSPELL_SERVER_OPENID" ($index | toString) -}}
|
||||
- name: {{ $envPrefix }}_CLIENT__ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $entry.provider.existingSecret.name }}
|
||||
key: {{ $entry.provider.existingSecret.clientIdKey }}
|
||||
- name: {{ $envPrefix }}_CLIENT__SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $entry.provider.existingSecret.name }}
|
||||
key: {{ $entry.provider.existingSecret.clientSecretKey }}
|
||||
- name: {{ $envPrefix }}_SIGN__KEY
|
||||
{{- if $entry.provider.existingSecret.signKeyKey -}}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $entry.provider.existingSecret.name }}
|
||||
key: {{ $entry.provider.existingSecret.signKeyKey }}
|
||||
{{- else }}
|
||||
value: ""
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{/*Integration Endpoint Http Basic Auth*/}}
|
||||
{{- if .Values.docspell.server.integrationEndpoint.httpBasic.existingSecret }}
|
||||
- name: DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__BASIC_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.docspell.server.integrationEndpoint.httpBasic.existingSecret.name }}
|
||||
key: {{ .Values.docspell.server.integrationEndpoint.httpBasic.existingSecret.usernameKey }}
|
||||
- name: DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__BASIC_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.docspell.server.integrationEndpoint.httpBasic.existingSecret.name }}
|
||||
key: {{ .Values.docspell.server.integrationEndpoint.httpBasic.existingSecret.passwordKey }}
|
||||
{{- end }}
|
||||
{{/*Integration Endpoint Http Header Auth*/}}
|
||||
{{- if and .Values.docspell.server.integrationEndpoint.enabled .Values.docspell.server.integrationEndpoint.httpHeader.enabled -}}
|
||||
{{- if .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.existingSecret }}
|
||||
- name: DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_HEADER__VALUE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.existingSecret.name }}
|
||||
key: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerValue.existingSecret.key }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{/*Admin Endpoint Secret*/}}
|
||||
{{- with .Values.docspell.server.adminEndpoint.existingSecret }}
|
||||
- name: DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .name }}
|
||||
key: {{ .key }}
|
||||
{{- end }}
|
||||
{{/*Sign Up Invitation Generation Password*/}}
|
||||
{{- if eq .Values.docspell.server.backend.signup.mode "invite" -}}
|
||||
{{- with .Values.docspell.server.backend.signup.newInvitePassword.existingSecret }}
|
||||
- name: DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .name }}
|
||||
key: {{ .key }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{/*PostgreSQL Password*/}}
|
||||
{{- if .Values.postgresql.global.postgresql.auth.existingSecret -}}
|
||||
- name: DOCSPELL_SERVER_BACKEND_JDBC_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.postgresql.global.postgresql.auth.existingSecret }}
|
||||
key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -27,6 +27,7 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/restserver/config.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/restserver/secret.yaml") . | sha256sum }}
|
||||
{{- with .Values.restserver.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -47,6 +48,8 @@ spec:
|
||||
ports:
|
||||
- containerPort: {{ .Values.restserver.service.port }}
|
||||
name: http
|
||||
env:
|
||||
{{- include "docspell.server.secrets.existingSecrets" . | nindent 10 }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "docspell.fullname" . }}-restserver
|
||||
|
||||
@ -7,11 +7,19 @@ metadata:
|
||||
type: Opaque
|
||||
stringData:
|
||||
assertions:
|
||||
{{- if and (gt .Values.restserver.replicaCount 1.0) (not .Values.docspell.server.auth.serverSecret) -}}
|
||||
{{- if gt .Values.restserver.replicaCount 1.0 }}
|
||||
{{- if not .Values.docspell.server.auth.serverSecret -}}
|
||||
{{- fail "If multiple replicas are running of the rest server, the server secret has to be fixed." -}}
|
||||
{{- else if not (or .Values.docspell.server.auth.serverSecret.existingSecret .Values.docspell.server.auth.serverSecret.value) }}
|
||||
{{- end -}}
|
||||
{{- if and .Values.docspell.server.adminEndpoint.enabled (and (not .Values.docspell.server.adminEndpoint.existingSecret) (not .Values.docspell.server.adminEndpoint.secret)) -}}
|
||||
{{- fail "When enabling the administration endpoint, a value for authentication has the supplied." -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if eq .Values.docspell.server.backend.signup.mode "invite" -}}
|
||||
{{- if not .Values.docspell.server.backend.signup.newInvitePassword -}}
|
||||
{{- fail "Invite password has to be set, when using signup mode 'invite'." -}}
|
||||
{{- end -}}
|
||||
{{- if and (eq .Values.docspell.server.backend.signup.mode "invite") (not .Values.docspell.server.backend.signup.newInvitePassword) -}}
|
||||
{{- fail "Invite password has to be set, when using signup mode 'invite'" -}}
|
||||
{{- end -}}
|
||||
{{- include "docspell.server.secrets.auth" . | nindent 4 }}
|
||||
{{- include "docspell.server.secrets.openid" . | nindent 4 }}
|
||||
|
||||
@ -60,13 +60,19 @@ docspell:
|
||||
bind:
|
||||
address: 0.0.0.0
|
||||
port: 7880
|
||||
## @param docspell.server.auth.serverSecret Secret to sign the authenticator tokens. If empty, one will be generated
|
||||
## @param docspell.server.auth.serverSecret.value Secret to sign the authenticator tokens. If empty, one will be generated
|
||||
## @param docspell.server.auth.serverSecret.existingSecret.name The name of an existing Kubernetes secret that contains the server secret
|
||||
## @param docspell.server.auth.serverSecret.existingSecret.key The key inside the existing Kubernetes secret that contains the server secret
|
||||
## @param docspell.server.auth.sessionValid How long an authentication token is valid
|
||||
## @param docspell.server.auth.onAccountSourceConflict Fail if a duplicate account from an external source should fail the login. Can be: fail, convert
|
||||
## @param docspell.server.auth.rememberMe.enabled Enable/disable the remember me function
|
||||
## @param docspell.server.auth.rememberMe.valid How long the remember me cookie/token is valid
|
||||
auth:
|
||||
serverSecret: b64:YRx77QujCGkHSvll0TVEmtTaw3Z5eXr+nWMsEJowgKg=
|
||||
serverSecret:
|
||||
# value: asdf
|
||||
# existingSecret:
|
||||
# name: "my-existing-secret"
|
||||
# key: "key-inside-secret"
|
||||
sessionValid: "5 minutes"
|
||||
onAccountSourceConflict: fail
|
||||
rememberMe:
|
||||
@ -85,14 +91,19 @@ docspell:
|
||||
providerId: keycloak
|
||||
clientId: docspell
|
||||
clientSecret: example-secret-439e-bf06-911e4cdd56a6
|
||||
scope: profile
|
||||
authorizeUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/auth
|
||||
tokenUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/token
|
||||
scope: openid profile email
|
||||
# User URL is not used when signature key is set
|
||||
# userUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/userinfo
|
||||
logoutUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/logout
|
||||
signKey: b64:anVzdC1hLXRlc3Q=
|
||||
sigAlgo: RS512
|
||||
# existingSecret:
|
||||
# name: "my-existing-secret"
|
||||
# clientIdKey: clientId
|
||||
# clientSecretKey: clientSecret
|
||||
# signKeyKey: signKey
|
||||
# The collective of the user is given in the access token as property `docspell_collective`
|
||||
collectiveKey: "lookup:docspell_collective"
|
||||
# The username to use for the docspell account
|
||||
@ -104,8 +115,6 @@ docspell:
|
||||
## @param docspell.server.integrationEndpoint.sourceName The name used for the item "source" property when uploaded through this endpoint
|
||||
## @param docspell.server.integrationEndpoint.allowedIps.enabled Enable ip-allow-access-list
|
||||
## @param docspell.server.integrationEndpoint.allowedIps.ips List of ips which should be added to the access list
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.enabled Whether integration endpoint requests are expected to use http basic auth when uploading files
|
||||
## @param doscpell.server.integrationEndpoint.httpHeader.enabled Whether integration endpoint requests are expected to supply some specific header when uploading files
|
||||
integrationEndpoint:
|
||||
enabled: true
|
||||
priority: low
|
||||
@ -115,18 +124,46 @@ docspell:
|
||||
ips:
|
||||
# IP addresses may be specific as simple globs: a part marked as '*' matches any octet, like in `192.168.*.*`
|
||||
- 127.0.0.1
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.enabled Whether integration endpoint requests are expected to use http basic auth when uploading files
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.credentials.user The username for httpBasic authentication
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.credentials.password The password for the httpBasic authentication
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.existingSecret.name Name of an existing Kubernetes secret that contains the httpBasic credentials
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.existingSecret.usernameKey The key inside the existing Kubernetes secret that contains the username for httpBasic
|
||||
## @param docspell.server.integrationEndpoint.httpBasic.existingSecret.passwordKey The key inside the existing Kubernetes secret that contains the password for httpBasic
|
||||
httpBasic:
|
||||
enabled: false
|
||||
realm: "Docspell Integration"
|
||||
user: "docspell-int"
|
||||
password: "docspell-int"
|
||||
credentials:
|
||||
# username: "docspell-int"
|
||||
# password: "docspell-int"
|
||||
# existingSecret:
|
||||
# name: "http-basic-secret-name"
|
||||
# usernameKey: "username-key-inside-secret"
|
||||
# passwordKey: "password-key-inside-secret"
|
||||
## @param doscpell.server.integrationEndpoint.httpHeader.enabled Whether integration endpoint requests are expected to supply some specific header when uploading files
|
||||
## @param docpsell.server.integrationEndpoint.httpHeader.headerName The name of the header that has to be included in the integration endpoint request
|
||||
## @param docspell.server.integrationEndpoint.httpHeader.headerValue.value The header value that is expected to be included in the integration endpoint request
|
||||
## @param docspell.server.integrationEndpojnt.httpHeader.headerValue.existingSecret.name The name of an existing Kubernetes secret that contains the value expected to be included in the integration endpoint request
|
||||
## @param docspell.server.integrationEndpojnt.httpHeader.headerValue.existingSecret.key The key inside of an existing Kubernetes secret that contains the value expected to be included in the integration endpoint
|
||||
httpHeader:
|
||||
enabled: true
|
||||
enabled: false
|
||||
headerName: "Docspell-Integration"
|
||||
headerValue: "SomeSecret"
|
||||
## @param docspell.server.adminEndpoint.secret Special administration endpoint. If a secret isn't supplied, the endpont is disabled
|
||||
headerValue:
|
||||
# value: "SomeSecret"
|
||||
# existingSecret:
|
||||
# name: "my-existing-secret"
|
||||
# key: "header-value-key-inside-secret"
|
||||
## @param docspell.server.adminEndpoint.enabled Whether to enable the special administration endpoint. A secret value or existing secret containing the value has to be supplied when enabled
|
||||
## @param docspell.server.adminEndpoint.secret.value Value for the administration endpoint
|
||||
## @param docspell.server.adminEndpoint.existingSecret.name The name of an existing Kubernetes secret that contains the value for the admin endpoint
|
||||
## @param docspell.server.adminEndpoint.existingSecret.key The key inside of an existing Kubernetes secret that contains the value for the admin endpoint
|
||||
adminEndpoint:
|
||||
secret:
|
||||
enabled: false
|
||||
# secret:
|
||||
# value: "test"
|
||||
# existingSecret:
|
||||
# name: "my-existing-secret"
|
||||
# key: "admin-key-inside-secret"
|
||||
|
||||
## @param docspell.server.backend.mailDebug Enable or disabling debugging for e-mail related functionality
|
||||
backend:
|
||||
@ -139,11 +176,17 @@ docspell:
|
||||
runFixupMigrations: true
|
||||
repairSchema: false
|
||||
## @param docspell.server.backend.signup.mode The mode defines if new users can signup or not (open, invite, closed)
|
||||
## @param docspell.server.backend.signup.newInvitePassword If mode is 'invite', a password must be provided to generate invitation keys
|
||||
## @param docspell.server.backend.signup.newInvitePassword.value If mode is 'invite', a password must be provided to generate invitation keys
|
||||
## @param docspell.server.backend.signup.newInvitePassword.existingSecret.name The name of an existing Kubernetes secret that contains the invitation generation password
|
||||
## @param docspell.server.backend.signup.newINvitePassword.existingSecret.key The key inside of an existing Kubernetes secret that contains the invitation generation password
|
||||
## @param docspell.server.backend.signup.inviteTime If mode is 'invite', this is the period an invitation token is considered valid
|
||||
signup:
|
||||
mode: open
|
||||
newInvitePassword:
|
||||
newInvitePassword:
|
||||
# value: asdf
|
||||
# existingSecret:
|
||||
# name: "my-existing-secret"
|
||||
# key: "invite-password-key"
|
||||
inviteTime: "3 days"
|
||||
## @param docspell.joex.appId Id of the node
|
||||
## @param docspell.joex.mailDebug Enable or disabling debugging for e-mail related functionality
|
||||
@ -295,9 +338,6 @@ ingress:
|
||||
# - secretName: chart-exmaple-tls
|
||||
# hosts:
|
||||
# - docspell.example.com
|
||||
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
|
||||
# If helm doesn't correctly detect your ingress API version you can set it here.
|
||||
# apiVersion: networking.k8s.io/v1
|
||||
|
||||
## @section ServiceAccount
|
||||
#
|
||||
@ -542,6 +582,9 @@ solr:
|
||||
## @param postgresql.global.postgresql.auth.password Password for the `dbname` user (overrides `auth.password`)
|
||||
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
|
||||
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
|
||||
## @param postgresql.global.postgresql.auth.existingSecret Name of an existing Kubernetes secret that contains the postgresql credentials. `auth.password` will be ignored and picked up from this secret
|
||||
## @param postgresql.global.postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials.
|
||||
## @param postgresql.global.postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials.
|
||||
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
|
||||
postgresql:
|
||||
@ -552,6 +595,10 @@ postgresql:
|
||||
database: dbname
|
||||
username: dbuser
|
||||
password: dbpass
|
||||
# existingSecret: postgres-secret
|
||||
# secretKeys:
|
||||
# adminPasswordKey: postgres-password
|
||||
# userPasswordKey: password
|
||||
service:
|
||||
postgresql: 5432
|
||||
primary:
|
||||
|
||||
Reference in New Issue
Block a user