diff --git a/deployment/README.md b/deployment/README.md index 1d68298..d1c94c9 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -12,3 +12,14 @@ These are stored as Github secrets. - `LINODE_B64_KUBECONFIG` - base64-encoded Kubeconfig for the Kubernetes cluster - `LINODE_B64_SECRET_VALUES` - base64-encoded secret values we apply additionally to the deployment + + +### Secrets values yaml file + +To update `LINODE_B64_SECRET_VALUES`, use `examples.secrets-values.yaml` as a template for new yaml (say `new-secrets.yaml`) and... + 1. Update the passwords secrets where `CHANGEME` occurs + - To create random, you can use: `python -c "import secrets; print(secrets.token_urlsafe())"` + 2. Base64 encode the yaml file: `base64 new-secret.yaml` + 3. Update the GitHub Actions `LINODE_B64_SECRET_VALUES` with this encoded string from step (2): + - link: https://github.com/nsdf-fabric/NSDF-INTERSECT/settings/secrets/actions + 4. Save changes! diff --git a/deployment/chart/Chart.yaml b/deployment/chart/Chart.yaml index 3e47b5b..a23b5be 100644 --- a/deployment/chart/Chart.yaml +++ b/deployment/chart/Chart.yaml @@ -7,4 +7,4 @@ dependencies: # core INTERSECT - name: intersect repository: https://intersect-sdk.github.io/helm-charts/ - version: "0.0.3" + version: "0.0.4" diff --git a/deployment/chart/values.yaml b/deployment/chart/values.yaml index 70a0258..476fabc 100644 --- a/deployment/chart/values.yaml +++ b/deployment/chart/values.yaml @@ -3,12 +3,24 @@ ###################### # anchors are just a useful feature so you don't repeat yourself in the config file + .anchors: + # proxy + proxy: + systemName: &proxy-systemName "nsdf.cloud.diffraction." + log_level: &proxy-loglevel "info" # set to "debug" if you want extremely verbose output, including of the messages themselves + + server: + serverUsername: &proxy-serverUsername "proxy_username" + serverContainerPort: &proxy-serverPort 9071 # you do not have to set this value, it will be 8080 if you don't. This is mostly to avoid conflicts with other applications. + nodePort: &proxy-serverNodePort 30030 + # message plane messageBroker: username: &messageBroker-username "controller" # based off of templates/rabbitmq-secret.yaml, this is a hardcoded secret name we can reference across numerous applications brokerSecretName: &messageBroker-password "nsdf-intersect-broker-secret" + brokerSecretKey: &messageBroker-passwordKey "rabbitmq-password" amqpNodePort: &messageBroker-amqpNodePort 30010 mqttNodePort: &messageBroker-mqttNodePort 30011 #stompNodePort: &messageBroker-stompNodePort 30012 @@ -24,6 +36,25 @@ commonAnnotations: {} brokerPassword: "" intersect: + proxy-http-server: + enabled: true + service: + type: NodePort + port: *proxy-serverPort + nodePort: *proxy-serverNodePort + # you do not have to set this value, it will be 8080 if you don't. + containerPort: *proxy-serverPort + app: + username: *proxy-serverUsername + topic_prefix: *proxy-systemName + log_level: *proxy-loglevel + broker: + username: *messageBroker-username + password: + isSecret: true + secretName: *messageBroker-password + secretKey: *messageBroker-passwordKey + intersect-message-broker-1: image: debug: true diff --git a/deployment/examples.secrets-values.yaml b/deployment/examples.secrets-values.yaml new file mode 100644 index 0000000..80901f4 --- /dev/null +++ b/deployment/examples.secrets-values.yaml @@ -0,0 +1,5 @@ +brokerPassword: "CHANGEME" +intersect: + proxy-http-server: + app: + password: "CHANGEME"