Skip to content

Commit e95bea1

Browse files
pantierrapantierra
committed
fix: Removed helm chart auth options."
This reverts commit cfae34b.
1 parent d4fac14 commit e95bea1

File tree

10 files changed

+66
-645
lines changed

10 files changed

+66
-645
lines changed

docs/user-guide/deployment.md

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,4 +61,47 @@ docker pull ghcr.io/developmentseed/stac-auth-proxy:v0.7.1
6161
6262
## Kubernetes
6363
64-
See [Kubernetes deployment](kubernetes.md) for detailed instructions on deploying to Kubernetes using Helm.
64+
The STAC Auth Proxy can be deployed to Kubernetes via the [Helm Chart available on the GitHub Container Registry (GHCR)](https://github.com/developmentseed/stac-auth-proxy/pkgs/container/stac-auth-proxy%2Fcharts%2Fstac-auth-proxy).
65+
66+
### Prerequisites
67+
68+
- Kubernetes 1.19+
69+
- Helm 3.2.0+
70+
71+
### Installation
72+
73+
```bash
74+
# Add the Helm repository
75+
helm registry login ghcr.io
76+
77+
# Install with minimal configuration
78+
helm install stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy \
79+
--set env.UPSTREAM_URL=https://your-stac-api.com/stac \
80+
--set env.OIDC_DISCOVERY_URL=https://your-auth-server/.well-known/openid-configuration \
81+
--set ingress.host=stac-proxy.your-domain.com
82+
```
83+
84+
### Configuration
85+
86+
| Parameter | Description | Required | Default |
87+
| ------------------------ | --------------------------------------------- | -------- | ------- |
88+
| `env.UPSTREAM_URL` | URL of the STAC API to proxy | Yes | - |
89+
| `env.OIDC_DISCOVERY_URL` | OpenID Connect discovery document URL | Yes | - |
90+
| `env` | Environment variables passed to the container | No | `{}` |
91+
| `ingress.enabled` | Enable ingress | No | `true` |
92+
| `ingress.className` | Ingress class name | No | `nginx` |
93+
| `ingress.host` | Hostname for the ingress | No | `""` |
94+
| `ingress.tls.enabled` | Enable TLS for ingress | No | `true` |
95+
| `replicaCount` | Number of replicas | No | `1` |
96+
97+
For a complete list of values, see the [values.yaml](https://github.com/developmentseed/stac-auth-proxy/blob/main/helm/values.yaml) file.
98+
99+
### Management
100+
101+
```bash
102+
# Upgrade
103+
helm upgrade stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy
104+
105+
# Uninstall
106+
helm uninstall stac-auth-proxy
107+
```

docs/user-guide/kubernetes.md

Lines changed: 0 additions & 196 deletions
This file was deleted.

helm/data/custom_filters.py

Lines changed: 0 additions & 27 deletions
This file was deleted.

helm/templates/_helpers.tpl

Lines changed: 0 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -69,76 +69,3 @@ Render env var value based on type
6969
{{- . | toJson | quote -}}
7070
{{- end -}}
7171
{{- end -}}
72-
73-
{{/*
74-
Generate authorization environment variables
75-
*/}}
76-
{{- define "stac-auth-proxy.authorizationEnv" -}}
77-
{{- $routeMode := .Values.authorization.route.mode | default "default" -}}
78-
{{- $recordMode := .Values.authorization.record.mode | default "disabled" -}}
79-
80-
{{- /* Route-level authorization */ -}}
81-
{{- if eq $routeMode "default" -}}
82-
{{- if not (hasKey .Values.env "DEFAULT_PUBLIC") }}
83-
- name: DEFAULT_PUBLIC
84-
value: "true"
85-
{{- end }}
86-
{{- else if eq $routeMode "custom" -}}
87-
{{- if not (hasKey .Values.env "DEFAULT_PUBLIC") }}
88-
- name: DEFAULT_PUBLIC
89-
value: "false"
90-
{{- end }}
91-
{{- if and .Values.authorization.route.publicEndpoints (gt (len .Values.authorization.route.publicEndpoints) 0) (not (hasKey .Values.env "PUBLIC_ENDPOINTS")) }}
92-
- name: PUBLIC_ENDPOINTS
93-
value: {{ .Values.authorization.route.publicEndpoints | toJson | quote }}
94-
{{- end }}
95-
{{- if and .Values.authorization.route.privateEndpoints (gt (len .Values.authorization.route.privateEndpoints) 0) (not (hasKey .Values.env "PRIVATE_ENDPOINTS")) }}
96-
- name: PRIVATE_ENDPOINTS
97-
value: {{ .Values.authorization.route.privateEndpoints | toJson | quote }}
98-
{{- end }}
99-
{{- end }}
100-
101-
{{- /* Record-level authorization */ -}}
102-
{{- if eq $recordMode "custom" -}}
103-
{{- if not (hasKey .Values.env "COLLECTIONS_FILTER_CLS") }}
104-
- name: COLLECTIONS_FILTER_CLS
105-
value: "stac_auth_proxy.custom_filters:CollectionsFilter"
106-
{{- end }}
107-
{{- if not (hasKey .Values.env "ITEMS_FILTER_CLS") }}
108-
- name: ITEMS_FILTER_CLS
109-
value: "stac_auth_proxy.custom_filters:ItemsFilter"
110-
{{- end }}
111-
{{- else if eq $recordMode "opa" -}}
112-
{{- if not (hasKey .Values.env "ITEMS_FILTER_CLS") }}
113-
- name: ITEMS_FILTER_CLS
114-
value: "stac_auth_proxy.filters:opa.Opa"
115-
{{- end }}
116-
{{- if and (not (hasKey .Values.env "ITEMS_FILTER_ARGS")) .Values.authorization.record.opa }}
117-
- name: ITEMS_FILTER_ARGS
118-
value: {{ list .Values.authorization.record.opa.url .Values.authorization.record.opa.policy | toJson | quote }}
119-
{{- end }}
120-
{{- end }}
121-
{{- end -}}
122-
123-
{{/*
124-
Generate authorization volumes
125-
*/}}
126-
{{- define "stac-auth-proxy.authorizationVolumes" -}}
127-
{{- if and (eq (.Values.authorization.record.mode | default "disabled") "custom") .Values.authorization.record.custom.filtersFile }}
128-
- name: custom-filters
129-
configMap:
130-
name: {{ include "stac-auth-proxy.fullname" . }}-filters
131-
{{- end }}
132-
{{- end -}}
133-
134-
{{/*
135-
Generate authorization volume mounts
136-
*/}}
137-
{{- define "stac-auth-proxy.authorizationVolumeMounts" -}}
138-
{{- if and (eq (.Values.authorization.record.mode | default "disabled") "custom") .Values.authorization.record.custom.filtersFile }}
139-
- name: custom-filters
140-
mountPath: /app/src/stac_auth_proxy/custom_filters.py
141-
subPath: custom_filters.py
142-
readOnly: true
143-
{{- end }}
144-
{{- end -}}

helm/templates/configmap.yaml

Lines changed: 0 additions & 11 deletions
This file was deleted.

helm/templates/deployment.yaml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -34,21 +34,19 @@ spec:
3434
resources:
3535
{{- toYaml .Values.resources | nindent 12 }}
3636
env:
37-
{{- include "stac-auth-proxy.authorizationEnv" . | nindent 12 }}
3837
{{- range $key, $value := .Values.env }}
3938
- name: {{ $key }}
4039
value: {{ include "stac-auth-proxy.envValue" $value }}
4140
{{- end }}
41+
{{- with .Values.extraVolumeMounts }}
4242
volumeMounts:
43-
{{- include "stac-auth-proxy.authorizationVolumeMounts" . | nindent 12 }}
44-
{{- with .Values.extraVolumeMounts }}
4543
{{- toYaml . | nindent 12 }}
46-
{{- end }}
44+
{{- end }}
45+
46+
{{- with .Values.extraVolumes }}
4747
volumes:
48-
{{- include "stac-auth-proxy.authorizationVolumes" . | nindent 8 }}
49-
{{- with .Values.extraVolumes }}
5048
{{- toYaml . | nindent 8 }}
51-
{{- end }}
49+
{{- end }}
5250
{{- with .Values.nodeSelector }}
5351
nodeSelector:
5452
{{- toYaml . | nindent 8 }}

0 commit comments

Comments
 (0)