nsdf-fabric · marshallmcdonnell · Apr 15, 2025 · Apr 15, 2025 · Apr 15, 2025 · Apr 15, 2025
diff --git a/deployment/README.md b/deployment/README.md
@@ -12,3 +12,14 @@ These are stored as Github secrets.
 
 - `LINODE_B64_KUBECONFIG` - base64-encoded Kubeconfig for the Kubernetes cluster
 - `LINODE_B64_SECRET_VALUES` - base64-encoded secret values we apply additionally to the deployment
+
+
+### Secrets values yaml file
+
+To update `LINODE_B64_SECRET_VALUES`, use `examples.secrets-values.yaml` as a template for new yaml (say `new-secrets.yaml`) and...
+  1. Update the passwords secrets where `CHANGEME` occurs
+    - To create random, you can use: `python -c "import secrets; print(secrets.token_urlsafe())"`
+  2. Base64 encode the yaml file: `base64 new-secret.yaml`
+  3. Update the GitHub Actions `LINODE_B64_SECRET_VALUES` with this encoded string from step (2):
+    - link: https://github.com/nsdf-fabric/NSDF-INTERSECT/settings/secrets/actions
+  4. Save changes!
diff --git a/deployment/chart/Chart.yaml b/deployment/chart/Chart.yaml
@@ -7,4 +7,4 @@ dependencies:
   # core INTERSECT
   - name: intersect
     repository: https://intersect-sdk.github.io/helm-charts/
-    version: "0.0.3"
+    version: "0.0.4"
diff --git a/deployment/chart/values.yaml b/deployment/chart/values.yaml
@@ -3,12 +3,24 @@
 ######################
 # anchors are just a useful feature so you don't repeat yourself in the config file
 
+
 .anchors:
+  # proxy
+  proxy:
+    systemName: &proxy-systemName "nsdf.cloud.diffraction."
+    log_level: &proxy-loglevel "info"  # set to "debug" if you want extremely verbose output, including of the messages themselves
+
+    server:
+      serverUsername: &proxy-serverUsername "proxy_username"
+      serverContainerPort: &proxy-serverPort 9071 # you do not have to set this value, it will be 8080 if you don't. This is mostly to avoid conflicts with other applications.
+      nodePort: &proxy-serverNodePort 30030
+
   # message plane
   messageBroker:
     username: &messageBroker-username "controller"
     # based off of templates/rabbitmq-secret.yaml, this is a hardcoded secret name we can reference across numerous applications
     brokerSecretName: &messageBroker-password "nsdf-intersect-broker-secret"
+    brokerSecretKey: &messageBroker-passwordKey "rabbitmq-password"
     amqpNodePort: &messageBroker-amqpNodePort 30010
     mqttNodePort: &messageBroker-mqttNodePort 30011
     #stompNodePort: &messageBroker-stompNodePort 30012
@@ -24,6 +36,25 @@ commonAnnotations: {}
 brokerPassword: ""
 
 intersect:
+  proxy-http-server:
+    enabled: true
+    service:
+      type: NodePort
+      port: *proxy-serverPort
+      nodePort: *proxy-serverNodePort
+    # you do not have to set this value, it will be 8080 if you don't.
+    containerPort: *proxy-serverPort
+    app:
+      username: *proxy-serverUsername
+      topic_prefix: *proxy-systemName
+      log_level: *proxy-loglevel
+      broker:
+        username: *messageBroker-username
+        password:
+          isSecret: true
+          secretName: *messageBroker-password
+          secretKey: *messageBroker-passwordKey
+
   intersect-message-broker-1:
     image: 
       debug: true

diff --git a/deployment/examples.secrets-values.yaml b/deployment/examples.secrets-values.yaml
@@ -0,0 +1,5 @@
+brokerPassword: "CHANGEME"
+intersect:
+  proxy-http-server:
+    app:
+      password: "CHANGEME"