mirror of
https://github.com/zoriya/Kyoo.git
synced 2026-03-22 17:37:49 -04:00
Some helm fixes (#1380)
This commit is contained in:
Zoe Roux
GitHub
commit
d4d9359461
2
.github/workflows/auth-hurl.yml
vendored
2
.github/workflows/auth-hurl.yml
vendored
@ -52,6 +52,8 @@ jobs:
|
||||
hurl --error-format long --variable host=http://localhost:4568/auth tests/*
|
||||
env:
|
||||
PGHOST: localhost
|
||||
PGUSER: kyoo
|
||||
PGPASSWORD: password
|
||||
FIRST_USER_CLAIMS: '{"permissions": ["users.read"]}'
|
||||
KEIBI_APIKEY_HURL: 1234apikey
|
||||
KEIBI_APIKEY_HURL_CLAIMS: '{"permissions": ["apikeys.write", "apikeys.read"]}'
|
||||
|
||||
@ -23,7 +23,7 @@ export async function setupLogging() {
|
||||
const minLevel = aliasMap[minLevelRaw] ?? minLevelRaw;
|
||||
return withFilter(
|
||||
redactByField(getConsoleSink(), {
|
||||
fieldPatterns: [/password/i, /secret/i, /apikey/i],
|
||||
fieldPatterns: [/password/i, /secret/i, /apikey/i, /ca/i, /cert/i],
|
||||
action: () => "[REDACTED]",
|
||||
}),
|
||||
getLevelFilter(parseLogLevel(minLevel)),
|
||||
@ -38,7 +38,7 @@ export async function setupLogging() {
|
||||
const minLevel = aliasMap[minLevelRaw] ?? minLevelRaw;
|
||||
return withFilter(
|
||||
redactByField(getOpenTelemetrySink({ loggerProvider }), {
|
||||
fieldPatterns: [/password/i, /secret/i, /apikey/i],
|
||||
fieldPatterns: [/password/i, /secret/i, /apikey/i, /ca/i, /cert/i],
|
||||
action: () => "[REDACTED]",
|
||||
}),
|
||||
getLevelFilter(parseLogLevel(minLevel)),
|
||||
|
||||
22
auth/main.go
22
auth/main.go
@ -3,12 +3,10 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/user"
|
||||
"slices"
|
||||
"sort"
|
||||
"strings"
|
||||
@ -103,10 +101,10 @@ func GetenvOr(env string, def string) string {
|
||||
}
|
||||
|
||||
func OpenDatabase(ctx context.Context) (*pgxpool.Pool, error) {
|
||||
connectionString := GetenvOr("POSTGRES_URL", "")
|
||||
connectionString := os.Getenv("POSTGRES_URL")
|
||||
config, err := pgxpool.ParseConfig(connectionString)
|
||||
if err != nil {
|
||||
return nil, errors.New("failed to create postgres config from environment variables")
|
||||
return nil, fmt.Errorf("failed to create postgres config from environment variables: %v", err)
|
||||
}
|
||||
|
||||
// Set default values
|
||||
@ -116,22 +114,6 @@ func OpenDatabase(ctx context.Context) (*pgxpool.Pool, error) {
|
||||
if config.ConnConfig.Database == "" {
|
||||
config.ConnConfig.Database = "kyoo"
|
||||
}
|
||||
// The pgx library will set the username to the name of the current user if not provided via
|
||||
// environment variable or connection string. Make a best-effort attempt to see if the user
|
||||
// was explicitly specified, without implementing full connection string parsing. If not, set
|
||||
// the username to the default value of "kyoo".
|
||||
if os.Getenv("PGUSER") == "" {
|
||||
currentUserName, _ := user.Current()
|
||||
// If the username matches the current user and it's not in the connection string, then it was set
|
||||
// by the pgx library. This doesn't cover the case where the system username happens to be in some other part
|
||||
// of the connection string, but this cannot be checked without full connection string parsing.
|
||||
if currentUserName.Username == config.ConnConfig.User && !strings.Contains(connectionString, currentUserName.Username) {
|
||||
config.ConnConfig.User = "kyoo"
|
||||
}
|
||||
}
|
||||
if config.ConnConfig.Password == "" {
|
||||
config.ConnConfig.Password = "password"
|
||||
}
|
||||
if _, ok := config.ConnConfig.RuntimeParams["application_name"]; !ok {
|
||||
config.ConnConfig.RuntimeParams["application_name"] = "keibi"
|
||||
}
|
||||
|
||||
@ -37,7 +37,6 @@ func setupOtel(ctx context.Context) (func(context.Context) error, error) {
|
||||
resource.WithAttributes(semconv.ServiceNameKey.String("kyoo.auth")),
|
||||
resource.WithFromEnv(),
|
||||
resource.WithTelemetrySDK(),
|
||||
resource.WithProcess(),
|
||||
resource.WithOS(),
|
||||
resource.WithContainer(),
|
||||
resource.WithHost(),
|
||||
|
||||
@ -14,7 +14,7 @@ metadata:
|
||||
spec:
|
||||
replicas: {{ .Values.api.replicaCount }}
|
||||
{{- with .Values.api.updateStrategy }}
|
||||
strategy:
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
@ -38,7 +38,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.api.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -63,15 +63,23 @@ spec:
|
||||
- name: IMAGES_PATH
|
||||
value: "/images"
|
||||
- name: PGUSER
|
||||
{{- if .Values.global.postgres.shared.userOverride }}
|
||||
value: {{ .Values.global.postgres.shared.userOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_api.kyoo_api.userKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_api.kyoo_api.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGPASSWORD
|
||||
{{- if .Values.global.postgres.shared.passwordOverride }}
|
||||
value: {{ .Values.global.postgres.shared.passwordOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_api.kyoo_api.passwordKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_api.kyoo_api.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGDATABASE
|
||||
value: {{ default .Values.global.postgres.kyoo_api.database .Values.global.postgres.shared.databaseOverride | quote }}
|
||||
- name: PGHOST
|
||||
@ -79,7 +87,7 @@ spec:
|
||||
- name: PGPORT
|
||||
value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_api.port | quote }}
|
||||
- name: PGSSLMODE
|
||||
value: {{ .Values.global.postgres.kyoo_api.sslmode | quote }}
|
||||
value: {{ default .Values.global.postgres.kyoo_api.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }}
|
||||
{{- with (concat .Values.global.extraEnv .Values.api.kyoo_api.extraEnv) }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -99,7 +107,7 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.api.kyoo_api.containerSecurityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.api.kyoo_api.containerSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -108,6 +116,9 @@ spec:
|
||||
- name: apiimagedata
|
||||
mountPath: /images
|
||||
{{- end }}
|
||||
{{- with .Values.global.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.api.kyoo_api.volumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -129,6 +140,9 @@ spec:
|
||||
claimName: {{ include "kyoo.apiimagedata.fullname" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.api.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@ -14,7 +14,7 @@ metadata:
|
||||
spec:
|
||||
replicas: {{ .Values.auth.replicaCount }}
|
||||
{{- with .Values.auth.updateStrategy }}
|
||||
strategy:
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
@ -38,7 +38,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.auth.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -79,15 +79,23 @@ spec:
|
||||
value: {{ $entry.claims | quote }}
|
||||
{{- end }}
|
||||
- name: PGUSER
|
||||
{{- if .Values.global.postgres.shared.userOverride }}
|
||||
value: {{ .Values.global.postgres.shared.userOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_auth.kyoo_auth.userKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGPASSWORD
|
||||
{{- if .Values.global.postgres.shared.passwordOverride }}
|
||||
value: {{ .Values.global.postgres.shared.passwordOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_auth.kyoo_auth.passwordKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGDATABASE
|
||||
value: {{ default .Values.global.postgres.kyoo_auth.database .Values.global.postgres.shared.databaseOverride | quote }}
|
||||
- name: PGHOST
|
||||
@ -95,7 +103,7 @@ spec:
|
||||
- name: PGPORT
|
||||
value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_auth.port | quote }}
|
||||
- name: PGSSLMODE
|
||||
value: {{ .Values.global.postgres.kyoo_auth.sslmode | quote }}
|
||||
value: {{ default .Values.global.postgres.kyoo_auth.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }}
|
||||
{{- if .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
- name: RSA_PRIVATE_KEY_PATH
|
||||
value: /mnt/private_key/private_key.pem
|
||||
@ -145,14 +153,17 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.auth.kyoo_auth.containerSecurityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.auth.kyoo_auth.containerSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
{{- if or .Values.global.extraVolumeMounts .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
volumeMounts:
|
||||
{{- with .Values.global.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.auth.kyoo_auth.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
- name: private-key
|
||||
@ -167,10 +178,13 @@ spec:
|
||||
initContainers:
|
||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
{{- if or .Values.global.extraVolumes .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
volumes:
|
||||
{{- with .Values.global.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.auth.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kyoo.auth.privatekey.existingSecret }}
|
||||
- name: private-key
|
||||
|
||||
@ -14,7 +14,7 @@ metadata:
|
||||
spec:
|
||||
replicas: {{ .Values.front.replicaCount }}
|
||||
{{- with .Values.front.updateStrategy }}
|
||||
strategy:
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
@ -38,7 +38,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.front.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -73,13 +73,18 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.kyoo_front.containerSecurityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.front.kyoo_front.containerSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.kyoo_front.extraVolumeMounts }}
|
||||
{{- if or .Values.global.extraVolumeMounts .Values.front.kyoo_front.extraVolumeMounts }}
|
||||
volumeMounts:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- with .Values.global.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.kyoo_front.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.extraContainers }}
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
@ -88,7 +93,12 @@ spec:
|
||||
initContainers:
|
||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.extraVolumes }}
|
||||
{{- if or .Values.global.extraVolumes .Values.front.extraVolumes }}
|
||||
volumes:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- with .Values.global.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -38,7 +38,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.scanner.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -74,15 +74,23 @@ spec:
|
||||
name: {{ .Values.contentdatabase.tmdb.existingSecret }}
|
||||
optional: true
|
||||
- name: PGUSER
|
||||
{{- if .Values.global.postgres.shared.userOverride }}
|
||||
value: {{ .Values.global.postgres.shared.userOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_scanner.kyoo_scanner.userKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_scanner.kyoo_scanner.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGPASSWORD
|
||||
{{- if .Values.global.postgres.shared.passwordOverride }}
|
||||
value: {{ .Values.global.postgres.shared.passwordOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_scanner.kyoo_scanner.passwordKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_scanner.kyoo_scanner.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGDATABASE
|
||||
value: {{ default .Values.global.postgres.kyoo_scanner.database .Values.global.postgres.shared.databaseOverride | quote }}
|
||||
- name: PGHOST
|
||||
@ -90,7 +98,7 @@ spec:
|
||||
- name: PGPORT
|
||||
value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_scanner.port | quote }}
|
||||
- name: PGSSLMODE
|
||||
value: {{ .Values.global.postgres.kyoo_scanner.sslmode | quote }}
|
||||
value: {{ default .Values.global.postgres.kyoo_scanner.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }}
|
||||
{{- with (concat .Values.global.extraEnv .Values.scanner.kyoo_scanner.extraEnv) }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -110,11 +118,14 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.scanner.kyoo_scanner.containerSecurityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.scanner.kyoo_scanner.containerSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- with .Values.global.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.media.volumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -129,6 +140,9 @@ spec:
|
||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- with .Values.global.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.media.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@ -39,7 +39,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.traefikproxy.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -78,7 +78,7 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.traefikproxy.traefik.containerSecurityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.traefikproxy.traefik.containerSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@ -48,7 +48,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.global.securityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.transcoder.securityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -81,15 +81,23 @@ spec:
|
||||
- name: GOCODER_SAFE_PATH
|
||||
value: {{ .Values.media.baseMountPath | quote }}
|
||||
- name: PGUSER
|
||||
{{- if .Values.global.postgres.shared.userOverride }}
|
||||
value: {{ .Values.global.postgres.shared.userOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.userKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGPASSWORD
|
||||
{{- if .Values.global.postgres.shared.passwordOverride }}
|
||||
value: {{ .Values.global.postgres.shared.passwordOverride | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.passwordKey }}
|
||||
name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }}
|
||||
{{- end }}
|
||||
- name: PGDATABASE
|
||||
value: {{ default .Values.global.postgres.kyoo_transcoder.database .Values.global.postgres.shared.databaseOverride | quote }}
|
||||
- name: PGHOST
|
||||
@ -97,7 +105,7 @@ spec:
|
||||
- name: PGPORT
|
||||
value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_transcoder.port | quote }}
|
||||
- name: PGSSLMODE
|
||||
value: {{ .Values.global.postgres.kyoo_transcoder.sslmode | quote }}
|
||||
value: {{ default .Values.global.postgres.kyoo_transcoder.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }}
|
||||
{{- with (concat .Values.global.extraEnv .Values.transcoder.kyoo_transcoder.extraEnv) }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -117,11 +125,14 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.transcoder.kyoo_transcoder.containerSecurityContext }}
|
||||
{{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.transcoder.kyoo_transcoder.containerSecurityContext) }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- with .Values.global.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.media.volumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
@ -143,6 +154,9 @@ spec:
|
||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- with .Values.global.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.media.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@ -13,7 +13,11 @@ global:
|
||||
persistentVolumeClaimAnnotations: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
securityContext: {}
|
||||
containerSecurityContext: {}
|
||||
extraEnv: []
|
||||
extraVolumes: []
|
||||
extraVolumeMounts: []
|
||||
|
||||
# kyoo connectivity & subchart settings for postgres
|
||||
# subchart configuration can be found at .postgresql
|
||||
@ -33,6 +37,9 @@ global:
|
||||
port: 5432
|
||||
# setting the database here will override the other database settings
|
||||
databaseOverride: ~
|
||||
userOverride: ~
|
||||
passwordOverride: ~
|
||||
sslmodeOverride: ~
|
||||
# base setting for specifying existingSecret for all kyoo workloads
|
||||
existingSecret: bigsecret
|
||||
# base setting for specifying userKey for all kyoo workloads
|
||||
@ -203,6 +210,7 @@ api:
|
||||
# default to recreate for better user experience with ReadWriteOnce volumes
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
securityContext: {}
|
||||
podLabels: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
@ -253,6 +261,7 @@ auth:
|
||||
tag: ~
|
||||
replicaCount: 1
|
||||
updateStrategy: ~
|
||||
securityContext: {}
|
||||
podLabels: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
@ -287,6 +296,7 @@ front:
|
||||
tag: ~
|
||||
replicaCount: 1
|
||||
updateStrategy: ~
|
||||
securityContext: {}
|
||||
podLabels: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
@ -328,6 +338,7 @@ scanner:
|
||||
# scanner does not support multiple replicas
|
||||
replicaCount: 1
|
||||
updateStrategy: ~
|
||||
securityContext: {}
|
||||
podLabels: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
@ -388,6 +399,7 @@ transcoder:
|
||||
# default to recreate for better user experience with ReadWriteOnce volumes & hardware resources
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
securityContext: {}
|
||||
podLabels: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
@ -437,20 +449,21 @@ traefikproxy:
|
||||
containerSecurityContext: {}
|
||||
extraVolumeMounts: []
|
||||
extraArgs:
|
||||
- '--entryPoints.web.address=:80/tcp'
|
||||
- '--entryPoints.websecure.address=:443/tcp'
|
||||
- '--entryPoints.web.forwardedHeaders.insecure=true'
|
||||
- '--entryPoints.websecure.forwardedHeaders.insecure=true'
|
||||
- '--api.dashboard=true'
|
||||
- '--api.insecure=true'
|
||||
- '--log.level=INFO'
|
||||
- '--providers.file.filename=/dynamic_config/dynamic_config.yaml'
|
||||
- "--entryPoints.web.address=:80/tcp"
|
||||
- "--entryPoints.websecure.address=:443/tcp"
|
||||
- "--entryPoints.web.forwardedHeaders.insecure=true"
|
||||
- "--entryPoints.websecure.forwardedHeaders.insecure=true"
|
||||
- "--api.dashboard=true"
|
||||
- "--api.insecure=true"
|
||||
- "--log.level=INFO"
|
||||
- "--providers.file.filename=/dynamic_config/dynamic_config.yaml"
|
||||
extraEnv: []
|
||||
image:
|
||||
repository: docker.io/traefik
|
||||
tag: v3.6.10
|
||||
replicaCount: 1
|
||||
updateStrategy: ~
|
||||
securityContext: {}
|
||||
podLabels: {}
|
||||
configmapAnnotations: {}
|
||||
deploymentAnnotations: {}
|
||||
|
||||
@ -312,25 +312,28 @@ const ExternalIdChip = ({
|
||||
size="small"
|
||||
outline
|
||||
className="m-1"
|
||||
onPress={() =>
|
||||
setPopup(
|
||||
<Popup title={capitalize(name)} close={closePopup}>
|
||||
{withLinks
|
||||
.sort((a, b) =>
|
||||
(a.label ?? a.link!).localeCompare(b.label ?? b.link!),
|
||||
onPress={
|
||||
withLinks.length > 1
|
||||
? () =>
|
||||
setPopup(
|
||||
<Popup title={capitalize(name)} close={closePopup}>
|
||||
{withLinks
|
||||
.sort((a, b) =>
|
||||
(a.label ?? a.link!).localeCompare(b.label ?? b.link!),
|
||||
)
|
||||
.map((x) => (
|
||||
<A
|
||||
key={x.dataId}
|
||||
href={x.link!}
|
||||
target="_blank"
|
||||
className="rounded p-4 hover:bg-popover"
|
||||
>
|
||||
{x.label ?? x.link}
|
||||
</A>
|
||||
))}
|
||||
</Popup>,
|
||||
)
|
||||
.map((x) => (
|
||||
<A
|
||||
key={x.dataId}
|
||||
href={x.link!}
|
||||
target="_blank"
|
||||
className="rounded p-4 hover:bg-popover"
|
||||
>
|
||||
{x.label ?? x.link}
|
||||
</A>
|
||||
))}
|
||||
</Popup>,
|
||||
)
|
||||
: undefined
|
||||
}
|
||||
/>
|
||||
);
|
||||
|
||||
@ -37,7 +37,6 @@ func setupOtel(ctx context.Context) (func(context.Context) error, error) {
|
||||
resource.WithAttributes(semconv.ServiceNameKey.String("kyoo.transcoder")),
|
||||
resource.WithFromEnv(),
|
||||
resource.WithTelemetrySDK(),
|
||||
resource.WithProcess(),
|
||||
resource.WithOS(),
|
||||
resource.WithContainer(),
|
||||
resource.WithHost(),
|
||||
|
||||
@ -6,8 +6,6 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/user"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/config"
|
||||
"github.com/aws/aws-sdk-go-v2/service/s3"
|
||||
@ -78,7 +76,7 @@ func (s *MetadataService) setupDb() (*pgxpool.Pool, error) {
|
||||
connectionString := os.Getenv("POSTGRES_URL")
|
||||
config, err := pgxpool.ParseConfig(connectionString)
|
||||
if err != nil {
|
||||
return nil, errors.New("failed to create postgres config from environment variables")
|
||||
return nil, fmt.Errorf("failed to create postgres config from environment variables: %v", err)
|
||||
}
|
||||
|
||||
// Set default values
|
||||
@ -88,19 +86,6 @@ func (s *MetadataService) setupDb() (*pgxpool.Pool, error) {
|
||||
if config.ConnConfig.Database == "" {
|
||||
config.ConnConfig.Database = "kyoo"
|
||||
}
|
||||
// The pgx library will set the username to the name of the current user if not provided via
|
||||
// environment variable or connection string. Make a best-effort attempt to see if the user
|
||||
// was explicitly specified, without implementing full connection string parsing. If not, set
|
||||
// the username to the default value of "kyoo".
|
||||
if os.Getenv("PGUSER") == "" {
|
||||
currentUserName, _ := user.Current()
|
||||
// If the username matches the current user and it's not in the connection string, then it was set
|
||||
// by the pgx library. This doesn't cover the case where the system username happens to be in some other part
|
||||
// of the connection string, but this cannot be checked without full connection string parsing.
|
||||
if currentUserName.Username == config.ConnConfig.User && !strings.Contains(connectionString, currentUserName.Username) {
|
||||
config.ConnConfig.User = "kyoo"
|
||||
}
|
||||
}
|
||||
if _, ok := config.ConnConfig.RuntimeParams["application_name"]; !ok {
|
||||
config.ConnConfig.RuntimeParams["application_name"] = "gocoder"
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user