diff --git a/.github/workflows/auth-hurl.yml b/.github/workflows/auth-hurl.yml index da3c0fa4..d4db2c7f 100644 --- a/.github/workflows/auth-hurl.yml +++ b/.github/workflows/auth-hurl.yml @@ -52,6 +52,8 @@ jobs: hurl --error-format long --variable host=http://localhost:4568/auth tests/* env: PGHOST: localhost + PGUSER: kyoo + PGPASSWORD: password FIRST_USER_CLAIMS: '{"permissions": ["users.read"]}' KEIBI_APIKEY_HURL: 1234apikey KEIBI_APIKEY_HURL_CLAIMS: '{"permissions": ["apikeys.write", "apikeys.read"]}' diff --git a/api/src/logtape.ts b/api/src/logtape.ts index eaaa818b..2966e5ea 100644 --- a/api/src/logtape.ts +++ b/api/src/logtape.ts @@ -23,7 +23,7 @@ export async function setupLogging() { const minLevel = aliasMap[minLevelRaw] ?? minLevelRaw; return withFilter( redactByField(getConsoleSink(), { - fieldPatterns: [/password/i, /secret/i, /apikey/i], + fieldPatterns: [/password/i, /secret/i, /apikey/i, /ca/i, /cert/i], action: () => "[REDACTED]", }), getLevelFilter(parseLogLevel(minLevel)), @@ -38,7 +38,7 @@ export async function setupLogging() { const minLevel = aliasMap[minLevelRaw] ?? minLevelRaw; return withFilter( redactByField(getOpenTelemetrySink({ loggerProvider }), { - fieldPatterns: [/password/i, /secret/i, /apikey/i], + fieldPatterns: [/password/i, /secret/i, /apikey/i, /ca/i, /cert/i], action: () => "[REDACTED]", }), getLevelFilter(parseLogLevel(minLevel)), diff --git a/auth/main.go b/auth/main.go index 16299045..fbb6ccaa 100644 --- a/auth/main.go +++ b/auth/main.go @@ -3,12 +3,10 @@ package main import ( "context" "encoding/base64" - "errors" "fmt" "log/slog" "net/http" "os" - "os/user" "slices" "sort" "strings" @@ -103,10 +101,10 @@ func GetenvOr(env string, def string) string { } func OpenDatabase(ctx context.Context) (*pgxpool.Pool, error) { - connectionString := GetenvOr("POSTGRES_URL", "") + connectionString := os.Getenv("POSTGRES_URL") config, err := pgxpool.ParseConfig(connectionString) if err != nil { - return nil, errors.New("failed to create postgres config from environment variables") + return nil, fmt.Errorf("failed to create postgres config from environment variables: %v", err) } // Set default values @@ -116,22 +114,6 @@ func OpenDatabase(ctx context.Context) (*pgxpool.Pool, error) { if config.ConnConfig.Database == "" { config.ConnConfig.Database = "kyoo" } - // The pgx library will set the username to the name of the current user if not provided via - // environment variable or connection string. Make a best-effort attempt to see if the user - // was explicitly specified, without implementing full connection string parsing. If not, set - // the username to the default value of "kyoo". - if os.Getenv("PGUSER") == "" { - currentUserName, _ := user.Current() - // If the username matches the current user and it's not in the connection string, then it was set - // by the pgx library. This doesn't cover the case where the system username happens to be in some other part - // of the connection string, but this cannot be checked without full connection string parsing. - if currentUserName.Username == config.ConnConfig.User && !strings.Contains(connectionString, currentUserName.Username) { - config.ConnConfig.User = "kyoo" - } - } - if config.ConnConfig.Password == "" { - config.ConnConfig.Password = "password" - } if _, ok := config.ConnConfig.RuntimeParams["application_name"]; !ok { config.ConnConfig.RuntimeParams["application_name"] = "keibi" } diff --git a/auth/otel.go b/auth/otel.go index 8f34ef18..21801906 100644 --- a/auth/otel.go +++ b/auth/otel.go @@ -37,7 +37,6 @@ func setupOtel(ctx context.Context) (func(context.Context) error, error) { resource.WithAttributes(semconv.ServiceNameKey.String("kyoo.auth")), resource.WithFromEnv(), resource.WithTelemetrySDK(), - resource.WithProcess(), resource.WithOS(), resource.WithContainer(), resource.WithHost(), diff --git a/chart/templates/api/deployment.yaml b/chart/templates/api/deployment.yaml index 5880280c..7a9b5b60 100644 --- a/chart/templates/api/deployment.yaml +++ b/chart/templates/api/deployment.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: {{ .Values.api.replicaCount }} {{- with .Values.api.updateStrategy }} - strategy: + strategy: {{- toYaml . | nindent 4 }} {{- end }} selector: @@ -38,7 +38,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.global.securityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.api.securityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -63,15 +63,23 @@ spec: - name: IMAGES_PATH value: "/images" - name: PGUSER + {{- if .Values.global.postgres.shared.userOverride }} + value: {{ .Values.global.postgres.shared.userOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_api.kyoo_api.userKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_api.kyoo_api.existingSecret }} + {{- end }} - name: PGPASSWORD + {{- if .Values.global.postgres.shared.passwordOverride }} + value: {{ .Values.global.postgres.shared.passwordOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_api.kyoo_api.passwordKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_api.kyoo_api.existingSecret }} + {{- end }} - name: PGDATABASE value: {{ default .Values.global.postgres.kyoo_api.database .Values.global.postgres.shared.databaseOverride | quote }} - name: PGHOST @@ -79,7 +87,7 @@ spec: - name: PGPORT value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_api.port | quote }} - name: PGSSLMODE - value: {{ .Values.global.postgres.kyoo_api.sslmode | quote }} + value: {{ default .Values.global.postgres.kyoo_api.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }} {{- with (concat .Values.global.extraEnv .Values.api.kyoo_api.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} @@ -99,7 +107,7 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.api.kyoo_api.containerSecurityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.api.kyoo_api.containerSecurityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -108,6 +116,9 @@ spec: - name: apiimagedata mountPath: /images {{- end }} + {{- with .Values.global.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.api.kyoo_api.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -129,6 +140,9 @@ spec: claimName: {{ include "kyoo.apiimagedata.fullname" . }} {{- end }} {{- end }} + {{- with .Values.global.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.api.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/templates/auth/deployment.yaml b/chart/templates/auth/deployment.yaml index 1656869b..29fa5e2f 100644 --- a/chart/templates/auth/deployment.yaml +++ b/chart/templates/auth/deployment.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: {{ .Values.auth.replicaCount }} {{- with .Values.auth.updateStrategy }} - strategy: + strategy: {{- toYaml . | nindent 4 }} {{- end }} selector: @@ -38,7 +38,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.global.securityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.auth.securityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -79,15 +79,23 @@ spec: value: {{ $entry.claims | quote }} {{- end }} - name: PGUSER + {{- if .Values.global.postgres.shared.userOverride }} + value: {{ .Values.global.postgres.shared.userOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_auth.kyoo_auth.userKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }} + {{- end }} - name: PGPASSWORD + {{- if .Values.global.postgres.shared.passwordOverride }} + value: {{ .Values.global.postgres.shared.passwordOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_auth.kyoo_auth.passwordKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_auth.kyoo_auth.existingSecret }} + {{- end }} - name: PGDATABASE value: {{ default .Values.global.postgres.kyoo_auth.database .Values.global.postgres.shared.databaseOverride | quote }} - name: PGHOST @@ -95,7 +103,7 @@ spec: - name: PGPORT value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_auth.port | quote }} - name: PGSSLMODE - value: {{ .Values.global.postgres.kyoo_auth.sslmode | quote }} + value: {{ default .Values.global.postgres.kyoo_auth.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }} {{- if .Values.kyoo.auth.privatekey.existingSecret }} - name: RSA_PRIVATE_KEY_PATH value: /mnt/private_key/private_key.pem @@ -145,14 +153,17 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.auth.kyoo_auth.containerSecurityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.auth.kyoo_auth.containerSecurityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} - {{- if or .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }} + {{- if or .Values.global.extraVolumeMounts .Values.auth.kyoo_auth.extraVolumeMounts .Values.kyoo.auth.privatekey.existingSecret }} volumeMounts: + {{- with .Values.global.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.auth.kyoo_auth.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.kyoo.auth.privatekey.existingSecret }} - name: private-key @@ -167,10 +178,13 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- if or .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }} + {{- if or .Values.global.extraVolumes .Values.auth.extraVolumes .Values.kyoo.auth.privatekey.existingSecret }} volumes: + {{- with .Values.global.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.auth.extraVolumes }} - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.kyoo.auth.privatekey.existingSecret }} - name: private-key diff --git a/chart/templates/front/deployment.yaml b/chart/templates/front/deployment.yaml index 5343216d..b6f62a8d 100644 --- a/chart/templates/front/deployment.yaml +++ b/chart/templates/front/deployment.yaml @@ -14,7 +14,7 @@ metadata: spec: replicas: {{ .Values.front.replicaCount }} {{- with .Values.front.updateStrategy }} - strategy: + strategy: {{- toYaml . | nindent 4 }} {{- end }} selector: @@ -38,7 +38,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.global.securityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.front.securityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -73,13 +73,18 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.front.kyoo_front.containerSecurityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.front.kyoo_front.containerSecurityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.front.kyoo_front.extraVolumeMounts }} + {{- if or .Values.global.extraVolumeMounts .Values.front.kyoo_front.extraVolumeMounts }} volumeMounts: - {{- toYaml . | nindent 12 }} + {{- with .Values.global.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.front.extraContainers }} {{- tpl (toYaml .) $ | nindent 8 }} @@ -88,7 +93,12 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.front.extraVolumes }} + {{- if or .Values.global.extraVolumes .Values.front.extraVolumes }} volumes: - {{- toYaml . | nindent 8 }} + {{- with .Values.global.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.front.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/templates/scanner/deployment.yaml b/chart/templates/scanner/deployment.yaml index 7862acc4..af432bb3 100644 --- a/chart/templates/scanner/deployment.yaml +++ b/chart/templates/scanner/deployment.yaml @@ -38,7 +38,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.global.securityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.scanner.securityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -74,15 +74,23 @@ spec: name: {{ .Values.contentdatabase.tmdb.existingSecret }} optional: true - name: PGUSER + {{- if .Values.global.postgres.shared.userOverride }} + value: {{ .Values.global.postgres.shared.userOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_scanner.kyoo_scanner.userKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_scanner.kyoo_scanner.existingSecret }} + {{- end }} - name: PGPASSWORD + {{- if .Values.global.postgres.shared.passwordOverride }} + value: {{ .Values.global.postgres.shared.passwordOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_scanner.kyoo_scanner.passwordKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_scanner.kyoo_scanner.existingSecret }} + {{- end }} - name: PGDATABASE value: {{ default .Values.global.postgres.kyoo_scanner.database .Values.global.postgres.shared.databaseOverride | quote }} - name: PGHOST @@ -90,7 +98,7 @@ spec: - name: PGPORT value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_scanner.port | quote }} - name: PGSSLMODE - value: {{ .Values.global.postgres.kyoo_scanner.sslmode | quote }} + value: {{ default .Values.global.postgres.kyoo_scanner.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }} {{- with (concat .Values.global.extraEnv .Values.scanner.kyoo_scanner.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} @@ -110,11 +118,14 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.scanner.kyoo_scanner.containerSecurityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.scanner.kyoo_scanner.containerSecurityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: + {{- with .Values.global.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.media.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -129,6 +140,9 @@ spec: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} volumes: + {{- with .Values.global.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.media.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/templates/traefikproxy/deployment.yaml b/chart/templates/traefikproxy/deployment.yaml index 97c3a911..7ca548f5 100644 --- a/chart/templates/traefikproxy/deployment.yaml +++ b/chart/templates/traefikproxy/deployment.yaml @@ -39,7 +39,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.global.securityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.traefikproxy.securityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -78,7 +78,7 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.traefikproxy.traefik.containerSecurityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.traefikproxy.traefik.containerSecurityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/chart/templates/transcoder/deployment.yaml b/chart/templates/transcoder/deployment.yaml index 03ea6334..29d9a32d 100644 --- a/chart/templates/transcoder/deployment.yaml +++ b/chart/templates/transcoder/deployment.yaml @@ -48,7 +48,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.global.securityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.transcoder.securityContext) }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} @@ -81,15 +81,23 @@ spec: - name: GOCODER_SAFE_PATH value: {{ .Values.media.baseMountPath | quote }} - name: PGUSER + {{- if .Values.global.postgres.shared.userOverride }} + value: {{ .Values.global.postgres.shared.userOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.userKey .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.userKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }} + {{- end }} - name: PGPASSWORD + {{- if .Values.global.postgres.shared.passwordOverride }} + value: {{ .Values.global.postgres.shared.passwordOverride | quote }} + {{- else }} valueFrom: secretKeyRef: key: {{ default .Values.global.postgres.shared.passwordKey .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.passwordKey }} name: {{ default .Values.global.postgres.shared.existingSecret .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }} + {{- end }} - name: PGDATABASE value: {{ default .Values.global.postgres.kyoo_transcoder.database .Values.global.postgres.shared.databaseOverride | quote }} - name: PGHOST @@ -97,7 +105,7 @@ spec: - name: PGPORT value: {{ default .Values.global.postgres.shared.port .Values.global.postgres.kyoo_transcoder.port | quote }} - name: PGSSLMODE - value: {{ .Values.global.postgres.kyoo_transcoder.sslmode | quote }} + value: {{ default .Values.global.postgres.kyoo_transcoder.sslmode .Values.global.postgres.shared.sslmodeOverride | quote }} {{- with (concat .Values.global.extraEnv .Values.transcoder.kyoo_transcoder.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} @@ -117,11 +125,14 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.transcoder.kyoo_transcoder.containerSecurityContext }} + {{- with (mergeOverwrite (deepCopy .Values.global.containerSecurityContext) .Values.transcoder.kyoo_transcoder.containerSecurityContext) }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: + {{- with .Values.global.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.media.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -143,6 +154,9 @@ spec: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} volumes: + {{- with .Values.global.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.media.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index a06c04d9..90da66de 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -13,7 +13,11 @@ global: persistentVolumeClaimAnnotations: {} podAnnotations: {} podLabels: {} + securityContext: {} + containerSecurityContext: {} extraEnv: [] + extraVolumes: [] + extraVolumeMounts: [] # kyoo connectivity & subchart settings for postgres # subchart configuration can be found at .postgresql @@ -33,6 +37,9 @@ global: port: 5432 # setting the database here will override the other database settings databaseOverride: ~ + userOverride: ~ + passwordOverride: ~ + sslmodeOverride: ~ # base setting for specifying existingSecret for all kyoo workloads existingSecret: bigsecret # base setting for specifying userKey for all kyoo workloads @@ -203,6 +210,7 @@ api: # default to recreate for better user experience with ReadWriteOnce volumes updateStrategy: type: Recreate + securityContext: {} podLabels: {} deploymentAnnotations: {} podAnnotations: {} @@ -253,6 +261,7 @@ auth: tag: ~ replicaCount: 1 updateStrategy: ~ + securityContext: {} podLabels: {} deploymentAnnotations: {} podAnnotations: {} @@ -287,6 +296,7 @@ front: tag: ~ replicaCount: 1 updateStrategy: ~ + securityContext: {} podLabels: {} deploymentAnnotations: {} podAnnotations: {} @@ -328,6 +338,7 @@ scanner: # scanner does not support multiple replicas replicaCount: 1 updateStrategy: ~ + securityContext: {} podLabels: {} deploymentAnnotations: {} podAnnotations: {} @@ -388,6 +399,7 @@ transcoder: # default to recreate for better user experience with ReadWriteOnce volumes & hardware resources updateStrategy: type: Recreate + securityContext: {} podLabels: {} deploymentAnnotations: {} podAnnotations: {} @@ -437,20 +449,21 @@ traefikproxy: containerSecurityContext: {} extraVolumeMounts: [] extraArgs: - - '--entryPoints.web.address=:80/tcp' - - '--entryPoints.websecure.address=:443/tcp' - - '--entryPoints.web.forwardedHeaders.insecure=true' - - '--entryPoints.websecure.forwardedHeaders.insecure=true' - - '--api.dashboard=true' - - '--api.insecure=true' - - '--log.level=INFO' - - '--providers.file.filename=/dynamic_config/dynamic_config.yaml' + - "--entryPoints.web.address=:80/tcp" + - "--entryPoints.websecure.address=:443/tcp" + - "--entryPoints.web.forwardedHeaders.insecure=true" + - "--entryPoints.websecure.forwardedHeaders.insecure=true" + - "--api.dashboard=true" + - "--api.insecure=true" + - "--log.level=INFO" + - "--providers.file.filename=/dynamic_config/dynamic_config.yaml" extraEnv: [] image: repository: docker.io/traefik tag: v3.6.10 replicaCount: 1 updateStrategy: ~ + securityContext: {} podLabels: {} configmapAnnotations: {} deploymentAnnotations: {} diff --git a/front/src/ui/details/header.tsx b/front/src/ui/details/header.tsx index 5c2947f0..781304f9 100644 --- a/front/src/ui/details/header.tsx +++ b/front/src/ui/details/header.tsx @@ -312,25 +312,28 @@ const ExternalIdChip = ({ size="small" outline className="m-1" - onPress={() => - setPopup( - - {withLinks - .sort((a, b) => - (a.label ?? a.link!).localeCompare(b.label ?? b.link!), + onPress={ + withLinks.length > 1 + ? () => + setPopup( + + {withLinks + .sort((a, b) => + (a.label ?? a.link!).localeCompare(b.label ?? b.link!), + ) + .map((x) => ( + + {x.label ?? x.link} + + ))} + , ) - .map((x) => ( - - {x.label ?? x.link} - - ))} - , - ) + : undefined } /> ); diff --git a/transcoder/otel.go b/transcoder/otel.go index 019d2e20..abd6f5a5 100644 --- a/transcoder/otel.go +++ b/transcoder/otel.go @@ -37,7 +37,6 @@ func setupOtel(ctx context.Context) (func(context.Context) error, error) { resource.WithAttributes(semconv.ServiceNameKey.String("kyoo.transcoder")), resource.WithFromEnv(), resource.WithTelemetrySDK(), - resource.WithProcess(), resource.WithOS(), resource.WithContainer(), resource.WithHost(), diff --git a/transcoder/src/metadata.go b/transcoder/src/metadata.go index e2885698..6170736c 100644 --- a/transcoder/src/metadata.go +++ b/transcoder/src/metadata.go @@ -6,8 +6,6 @@ import ( "errors" "fmt" "os" - "os/user" - "strings" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/s3" @@ -78,7 +76,7 @@ func (s *MetadataService) setupDb() (*pgxpool.Pool, error) { connectionString := os.Getenv("POSTGRES_URL") config, err := pgxpool.ParseConfig(connectionString) if err != nil { - return nil, errors.New("failed to create postgres config from environment variables") + return nil, fmt.Errorf("failed to create postgres config from environment variables: %v", err) } // Set default values @@ -88,19 +86,6 @@ func (s *MetadataService) setupDb() (*pgxpool.Pool, error) { if config.ConnConfig.Database == "" { config.ConnConfig.Database = "kyoo" } - // The pgx library will set the username to the name of the current user if not provided via - // environment variable or connection string. Make a best-effort attempt to see if the user - // was explicitly specified, without implementing full connection string parsing. If not, set - // the username to the default value of "kyoo". - if os.Getenv("PGUSER") == "" { - currentUserName, _ := user.Current() - // If the username matches the current user and it's not in the connection string, then it was set - // by the pgx library. This doesn't cover the case where the system username happens to be in some other part - // of the connection string, but this cannot be checked without full connection string parsing. - if currentUserName.Username == config.ConnConfig.User && !strings.Contains(connectionString, currentUserName.Username) { - config.ConnConfig.User = "kyoo" - } - } if _, ok := config.ConnConfig.RuntimeParams["application_name"]; !ok { config.ConnConfig.RuntimeParams["application_name"] = "gocoder" }