feat(chart): add auth private key

2025-11-21 05:53:11 -05:00 · 2025-11-03 23:50:25 +01:00 · 2025-11-03 23:50:25 +01:00 · 9c57e01426
commit 9c57e01426
parent 66dedaee29
2 changed files with 29 additions and 3 deletions
--- a/chart/templates/auth/deployment.yaml
+++ b/chart/templates/auth/deployment.yaml
@ -96,6 +96,10 @@ spec:
              value: {{ .Values.global.postgres.kyoo_auth.port | quote }}
            - name: PGSSLMODE
              value: {{ .Values.global.postgres.kyoo_auth.sslmode | quote  }}
+            {{- if .Values.kyoo.auth.privatekey.existingSecret }}
+            - name: RSA_PRIVATE_KEY_PATH
+              value: /mnt/private_key/private_key.pem
+            {{- end }}
            {{- with (concat .Values.global.extraEnv .Values.auth.kyoo_auth.extraEnv) }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
@ -119,10 +123,17 @@ spec:
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
-          {{- with .Values.auth.kyoo_auth.extraVolumeMounts }}
+          {{- if or .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }}
          volumeMounts:
+            {{- with .Values.auth.kyoo_auth.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
+            {{- if .Values.kyoo.auth.privatekey.existingSecret }}
+            - name: private-key
+              mountPath: /mnt/private_key
+              readOnly: true
+            {{- end }}
+          {{- end }}
        {{- with .Values.auth.extraContainers }}
          {{- tpl (toYaml .) $ | nindent 8 }}
        {{- end }}
@ -130,7 +141,17 @@ spec:
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
-      {{- with .Values.auth.extraVolumes }}
+      {{- if or .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }}
      volumes:
+        {{- with .Values.auth.extraVolumes }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
+        {{- if .Values.kyoo.auth.privatekey.existingSecret }}
+        - name: private-key
+          secret:
+            secretName: {{ .Values.kyoo.auth.privatekey.existingSecret }}
+            items:
+              - key: {{ .Values.kyoo.auth.privatekey.privatekeyKey }}
+                path: private_key.pem
+        {{- end }}
+      {{- end }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@ -90,6 +90,11 @@ kyoo:
    extraClaims: '{"permissions": ["core.read"], "verified": false}'
    protectedClaims: "permissions,verified"

+    # Providing a private key is optional, one will be generated at startup
+    privatekey:
+      existingSecret:
+      privatekeyKey: private_key_rsa
+
    apikeys:
      scanner:
        existingSecret: bigsecret