Commit a36ad717 authored by Markus Scheidgen's avatar Markus Scheidgen
Browse files

Added adminPassword config via kube secret. [skip ci]

parent 319be671
Pipeline #53949 skipped
......@@ -6,6 +6,7 @@ proxy:
api:
disableReset: false
adminPasswordSecrete: 'nomad-production-repository-password'
gui:
debug: true
......
......@@ -6,6 +6,7 @@ proxy:
api:
disableReset: true
adminPasswordSecrete: 'nomad-production-repository-password'
worker:
replicas: 1
......
......@@ -6,6 +6,7 @@ proxy:
api:
disableReset: true
adminPasswordSecrete: 'nomad-production-repository-password'
worker:
replicas: 1
......
......@@ -6,6 +6,7 @@ proxy:
api:
disableReset: true
adminPasswordSecrete: 'nomad-production-repository-password'
gui:
debug: true
......
......@@ -119,6 +119,13 @@ spec:
name: {{ .Values.postgres.password_secret }}
key: password
{{ end }}
{{ if .Values.api.adminPasswordSecret }}
- name: NOMAD_SERVICES_ADMIN_PASSWORD
valueFrom
secretKeyRef:
name: {{ .Values.api.adminPasswordSecret }}
key: password
{{ end }}
command: ["python", "-m", "gunicorn.app.wsgiapp", "--timeout", "3600", "--config", "gunicorn.conf", "--log-config", "gunicorn.log.conf", "-w", "{{ .Values.api.worker }}", "-b 0.0.0.0:8000", "nomad.api:app"]
livenessProbe:
httpGet:
......
......@@ -67,6 +67,13 @@ spec:
name: {{ .Values.postgres.password_secret }}
key: password
{{ end }}
{{ if .Values.api.adminPasswordSecret }}
- name: NOMAD_SERVICES_ADMIN_PASSWORD
valueFrom
secretKeyRef:
name: {{ .Values.api.adminPasswordSecret }}
key: password
{{ end }}
command: ["python", "-m", "celery", "worker", "-A", "nomad.processing", "-n", "$(NOMAD_CELERY_NODE_NAME)" {{ if .Values.worker.processes }}, "-c", "{{ .Values.worker.processes }}"{{ end }}]
livenessProbe:
exec:
......
......@@ -37,6 +37,8 @@ api:
secret: "defaultApiSecret"
## The adminstrator password (only way to ever set/change it)
adminPassword: "password"
## A kubernetes secret with administrator password (supersedes adminPassword)
adminPasswordSecret: null
## Disable the dangerous reset (delete all data) function
disableReset: "true"
## Limit of unpublished uploads per user, except admin user
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment