add configurable env vars for deployment

Author: batpad

helm/templates/deployment.yaml

@@ -28,6 +28,55 @@ spec:
               protocol: TCP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            - name: UPSTREAM_URL
+              value: {{ required "A valid upstream URL is required" .Values.config.upstreamUrl | quote }}
+            - name: OIDC_DISCOVERY_URL
+              value: {{ required "An OIDC discovery URL is required" .Values.config.oidc.discoveryUrl | quote }}
+            
+            # Optional OIDC internal URL
+            {{- if .Values.config.oidc.discoveryInternalUrl }}
+            - name: OIDC_DISCOVERY_INTERNAL_URL
+              value: {{ .Values.config.oidc.discoveryInternalUrl | quote }}
+            {{- end }}
+            
+            # Core configuration
+            - name: WAIT_FOR_UPSTREAM
+              value: {{ .Values.config.waitForUpstream | quote }}
+            - name: HEALTHZ_PREFIX
+              value: {{ .Values.config.healthzPrefix | quote }}
+            
+            # Access control configuration
+            - name: DEFAULT_PUBLIC
+              value: {{ .Values.config.defaultPublic | quote }}
+            {{- if .Values.config.privateEndpoints }}
+            - name: PRIVATE_ENDPOINTS
+              value: {{ .Values.config.privateEndpoints | toJson | quote }}
+            {{- end }}
+            {{- if .Values.config.publicEndpoints }}
+            - name: PUBLIC_ENDPOINTS
+              value: {{ .Values.config.publicEndpoints | toJson | quote }}
+            {{- end }}
+            
+            # OpenAPI configuration
+            {{- if .Values.config.openapiSpecEndpoint }}
+            - name: OPENAPI_SPEC_ENDPOINT
+              value: {{ .Values.config.openapiSpecEndpoint | quote }}
+            {{- end }}
+            
+            # Filtering configuration
+            {{- if .Values.config.itemsFilter.class }}
+            - name: ITEMS_FILTER_CLS
+              value: {{ .Values.config.itemsFilter.class | quote }}
+            - name: ITEMS_FILTER_ARGS
+              value: {{ .Values.config.itemsFilter.args | toJson | quote }}
+            - name: ITEMS_FILTER_KWARGS
+              value: {{ .Values.config.itemsFilter.kwargs | toJson | quote }}
+            {{- end }}
+            
+            {{- with .Values.config.extraEnv }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

helm/values.schema.yaml

@@ -148,5 +148,88 @@ properties:
     additionalProperties: true
     description: "Pod affinity rules"
 
+  config:
+    type: object
+    required: ["upstreamUrl", "oidc"]
+    properties:
+      upstreamUrl:
+        type: string
+        format: uri
+        description: "STAC API URL"
+      waitForUpstream:
+        type: boolean
+        description: "Wait for upstream API to become available"
+        default: true
+      healthzPrefix:
+        type: string
+        description: "Path prefix for health check endpoints"
+        default: "/healthz"
+      
+      oidc:
+        type: object
+        required: ["discoveryUrl"]
+        properties:
+          discoveryUrl:
+            type: string
+            format: uri
+            description: "OpenID Connect discovery document URL"
+          discoveryInternalUrl:
+            type: string
+            format: uri
+            description: "Internal network OpenID Connect discovery document URL"
+      
+      defaultPublic:
+        type: boolean
+        description: "Default access policy for endpoints"
+        default: false
+      
+      privateEndpoints:
+        type: object
+        additionalProperties:
+          type: array
+          items:
+            type: string
+        description: "Endpoints requiring authentication"
+      
+      publicEndpoints:
+        type: object
+        additionalProperties:
+          type: array
+          items:
+            type: string
+        description: "Public endpoints when defaultPublic is false"
+      
+      openapiSpecEndpoint:
+        type: ["string", "null"]
+        description: "Path of OpenAPI specification"
+      
+      itemsFilter:
+        type: object
+        properties:
+          class:
+            type: ["string", "null"]
+            description: "CQL2 expression generator class"
+          args:
+            type: array
+            description: "Positional arguments for filter class"
+            items:
+              type: string
+          kwargs:
+            type: object
+            description: "Keyword arguments for filter class"
+            additionalProperties: true
+      
+      extraEnv:
+        type: array
+        description: "Additional environment variables"
+        items:
+          type: object
+          required: ["name", "value"]
+          properties:
+            name:
+              type: string
+            value:
+              type: string
+
 required:
   - service 

helm/values.yaml

@@ -44,4 +44,44 @@ containerSecurityContext:
 
 nodeSelector: {}
 tolerations: []
-affinity: {} 
+affinity: {}
+
+# Application configuration
+config:
+  # Core Configuration
+  upstreamUrl: ""  # Required: STAC API URL
+  waitForUpstream: true  # Optional: wait for upstream API
+  healthzPrefix: "/healthz"  # Optional: health check prefix
+  
+  # Authentication Configuration
+  oidc:
+    discoveryUrl: ""  # Required: OpenID Connect discovery URL
+    discoveryInternalUrl: ""  # Optional: internal network OIDC URL
+  
+  # Access Control
+  defaultPublic: false  # Optional: default access policy
+  privateEndpoints: # Optional: endpoints requiring auth
+    "^/collections$": ["POST"]
+    "^/collections/([^/]+)$": ["PUT", "PATCH", "DELETE"]
+    "^/collections/([^/]+)/items$": ["POST"]
+    "^/collections/([^/]+)/items/([^/]+)$": ["PUT", "PATCH", "DELETE"]
+    "^/collections/([^/]+)/bulk_items$": ["POST"]
+  publicEndpoints: # Optional: public endpoints
+    "^/api.html$": ["GET"]
+    "^/api$": ["GET"]
+    "^/docs/oauth2-redirect": ["GET"]
+    "^/healthz": ["GET"]
+  
+  # OpenAPI Configuration
+  openapiSpecEndpoint: null  # Optional: OpenAPI spec path
+  
+  # Filtering Configuration
+  itemsFilter:
+    class: null  # Optional: CQL2 expression generator class
+    args: []     # Optional: positional arguments
+    kwargs: {}   # Optional: keyword arguments
+
+  # Additional environment variables
+  extraEnv: []
+  # - name: CUSTOM_VAR
+  #   value: "custom-value"