add in scanner & extra apikey support

2025-11-21 05:53:11 -05:00 · 2025-11-03 01:18:50 +00:00 · 2025-11-03 01:18:50 +00:00 · eb31c0d8e6
commit eb31c0d8e6
parent cd65632527
4 changed files with 47 additions and 9 deletions
--- a/chart/README.md
+++ b/chart/README.md
@ -23,6 +23,7 @@ extraObjects:
    stringData:
      postgres_user: kyoo_all
      postgres_password: watchSomething4me
+      scanner_apikey: triquarter4u
  - kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
@ -48,6 +49,8 @@ global:
      host: postgres
    kyoo_transcoder:
      host: postgres
+    kyoo_scanner:
+      host: postgres
 # specify hardware resources
 transcoder:
  kyoo_transcoder:
@ -83,6 +86,7 @@ stringData:
  tvdb_pin: ""
  postgres_user: kyoo_all
  postgres_password: watchSomething4me
+  scanner_apikey: triquarter4u
 ```

 # Additional Notes
--- a/chart/templates/auth/deployment.yaml
+++ b/chart/templates/auth/deployment.yaml
@ -53,15 +53,31 @@ spec:
            {{- end }}
          env:
            - name: EXTRA_CLAIMS
-              value: {{ .Values.kyoo.extraClaims | quote }}
+              value: {{ .Values.kyoo.auth.extraClaims | quote }}
            - name: FIRST_USER_CLAIMS
-              value: {{ .Values.kyoo.firstUserClaims | quote }}
+              value: {{ .Values.kyoo.auth.firstUserClaims | quote }}
            - name: GUEST_CLAIMS
-              value: {{ .Values.kyoo.guestClaims | quote }}
+              value: {{ .Values.kyoo.auth.guestClaims | quote }}
            - name: PROTECTED_CLAIMS
-              value: {{ .Values.kyoo.protectedClaims | quote }}
+              value: {{ .Values.kyoo.auth.protectedClaims | quote }}
            - name: PUBLIC_URL
              value: {{ .Values.kyoo.address | quote }}
+            - name: KEIBI_APIKEY_SCANNER
+              valueFrom:
+                secretKeyRef:
+                  key: {{ .Values.kyoo.auth.apikeys.scanner.apikeyKey }}
+                  name: {{ .Values.kyoo.auth.apikeys.scanner.existingSecret }}
+            - name: KEIBI_APIKEY_SCANNER_CLAIMS
+              value: {{ .Values.kyoo.auth.apikeys.scanner.claims | quote}}
+            {{- range $index, $entry := .Values.kyoo.auth.apikeys.extra }}
+            - name: KEIBI_APIKEY_{{ $entry.name | upper }}
+              valueFrom:
+                secretKeyRef:
+                  key: {{ $entry.apikeyKey }}
+                  name: {{ $entry.existingSecret }}
+            - name: KEIBI_APIKEY_{{ $entry.name | upper }}_CLAIMS
+              value: {{ $entry.claims | quote }}
+            {{- end }}
            - name: PGUSER
              valueFrom:
                secretKeyRef:
--- a/chart/templates/scanner/deployment.yaml
+++ b/chart/templates/scanner/deployment.yaml
@ -62,6 +62,11 @@ spec:
              value: "http://{{ include "kyoo.auth.fullname" . }}:4568/.well-known/jwks.json"
            - name: JWT_ISSUER
              value: {{ .Values.kyoo.address | quote }}
+            - name: KYOO_APIKEY
+              valueFrom:
+                secretKeyRef:
+                  key: {{ .Values.kyoo.auth.apikeys.scanner.apikeyKey }}
+                  name: {{ .Values.kyoo.auth.apikeys.scanner.existingSecret }}
            - name: THEMOVIEDB_API_ACCESS_TOKEN
              valueFrom:
                secretKeyRef:
--- a/chart/values.yaml
+++ b/chart/values.yaml
@ -83,11 +83,24 @@ kyoo:
  # defaults to traefikproxy service unless specified otherwise
  middlewareRootURL: ~

-  # new auth settings
-  extraClaims: '{"permissions": ["core.read"], "verified": false}'
-  firstUserClaims: '{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}'
-  guestClaims: '{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}'
-  protectedClaims: "permissions,verified"
+  # auth settings
+  auth:
+    firstUserClaims: '{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}'
+    guestClaims: '{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}'
+    extraClaims: '{"permissions": ["core.read"], "verified": false}'
+    protectedClaims: "permissions,verified"
+
+    apikeys:
+      scanner:
+        existingSecret: bigsecret
+        apikeyKey: scanner_apikey
+        claims: '{"permissions": ["core.write"]}'
+      # create additional apikeys
+      extra: []
+        # - name: example
+        #   existingSecret: bigsecret
+        #   apikeyKey: example_apikey
+        #   claims: '{"permissions": ["core.read"]}'

  # A pattern (regex) to ignore video files.
  libraryIgnorePattern: ".*/[dD]ownloads?/.*"