khairul169/garage-webui
1
0
Fork 0
mirror of https://github.com/khairul169/garage-webui.git synced 2026-03-05 08:20:06 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Support API Credentials as secret, enable config file

Browse Source
This commit is contained in:
Rojin Ebrahimi 2026-02-13 23:25:56 +03:30
parent a2f59f21d0
commit 451ddf8410
4 changed files with 139 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
deploy/helm/templates/_helpers.tpl
View File

@ -60,3 +60,33 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }} {{- default "default" .Values.serviceAccount.name }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Return the secret name, with validation when enabled.
*/}}
{{- define "garage-webui.secretName" -}}
{{- if and .Values.secretRefs .Values.secretRefs.enabled }}
{{- if not .Values.secretRefs.name }}
{{- fail "secretRefs.name must be set when secretRefs.enabled=true" }}
{{- end }}
{{- end }}
{{- if .Values.secretRefs }}{{ .Values.secretRefs.name | default "" }}{{ end }}
{{- end }}
{{/*
Generate env variables based on secretRefs.keys.
*/}}
{{- define "garage-webui.secretEnv" -}}
{{- if and .Values.secretRefs .Values.secretRefs.enabled .Values.secretRefs.keys }}
{{- $secretName := include "garage-webui.secretName" . }}
{{- range $envName, $keyName := .Values.secretRefs.keys }}
{{- if $keyName }}
- name: {{ $envName }}
valueFrom:
secretKeyRef:
name: {{ $secretName }}
key: {{ $keyName }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

25
deploy/helm/templates/deployment.yaml
View File

@ -42,10 +42,15 @@ spec:
value: {{ .Values.garageConfig.s3Endpoint | quote }} value: {{ .Values.garageConfig.s3Endpoint | quote }}
- name: S3_REGION - name: S3_REGION
value: {{ .Values.garageConfig.region | quote }} value: {{ .Values.garageConfig.region | quote }}
{{- include "garage-webui.secretEnv" . | nindent 12 }}
{{- if not (and .Values.secretRefs (and .Values.secretRefs.enabled (index .Values.secretRefs.keys "AUTH_USER_PASS"))) }}
- name: AUTH_USER_PASS - name: AUTH_USER_PASS
value: {{ .Values.auth.userPassHash | quote }} value: {{ .Values.auth.userPassHash | quote }}
{{- end }}
{{- if not (and .Values.secretRefs (and .Values.secretRefs.enabled (index .Values.secretRefs.keys "API_ADMIN_KEY"))) }}
- name: API_ADMIN_KEY - name: API_ADMIN_KEY
value: {{ .Values.garageConfig.adminApiKey | quote }} value: {{ .Values.garageConfig.adminApiKey | quote }}
{{- end }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /
@ -58,6 +63,16 @@ spec:
port: http port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
volumeMounts:
{{- if .Values.config.enabled }}
- name: config
mountPath: /etc/garage.toml
subPath: garage.toml
readOnly: true
{{- end }}
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@ -72,3 +87,13 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
volumes:
{{- if .Values.config.enabled }}
- name: config
configMap:
name: {{ .Values.config.name }}
{{- end }}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}

47
deploy/helm/templates/httproute.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- if .Values.httproute.enabled -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ include "garage-webui.fullname" . }}
labels:
{{- include "garage-webui.labels" . | nindent 4 }}
{{- with .Values.httproute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- range .Values.httproute.parentRefs }}
- name: {{ .name }}
namespace: {{ .namespace | default $.Release.Namespace }}
{{- if .sectionName }}
sectionName: {{ .sectionName }}
{{- end }}
{{- end }}
{{- if .Values.httproute.hostnames }}
hostnames:
{{- toYaml .Values.httproute.hostnames | nindent 4 }}
{{- end }}
rules:
{{- if .Values.httproute.rules }}
{{- range .Values.httproute.rules }}
- matches:
{{- toYaml .matches | nindent 6 }}
backendRefs:
{{- if .backendRefs }}
{{- toYaml .backendRefs | nindent 8 }}
{{- else }}
- name: {{ include "garage-webui.fullname" $ }}
port: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- else }}
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: {{ include "garage-webui.fullname" . }}
port: {{ .Values.service.port }}
{{- end }}
{{- end }}

43
deploy/helm/values.yaml
View File

@ -55,6 +55,12 @@ service:
port: 80 port: 80
targetPort: 3909 targetPort: 3909
httproute:
enabled: false
annotations: {}
parentRefs: []
hostnames: []
# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress: ingress:
enabled: false enabled: false
@ -107,17 +113,25 @@ autoscaling:
targetCPUUtilizationPercentage: 80 targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition. # Additional volumes on the pod (merged with built-in config volume when config.enabled).
# Each volume here must have a matching mount in volumeMounts.
volumes: [] volumes: []
# - name: foo # - name: certs
# secret: # secret:
# secretName: mysecret # secretName: my-tls-secret
# optional: false # optional: false
# - name: extra-config
# configMap:
# name: my-config
# Additional volumeMounts on the output Deployment definition. # Additional volumeMounts for the main container (merged with config mount when config.enabled).
# Names must match entries in volumes.
volumeMounts: [] volumeMounts: []
# - name: foo # - name: certs
# mountPath: "/etc/foo" # mountPath: /etc/certs
# readOnly: true
# - name: extra-config
# mountPath: /etc/extra
# readOnly: true # readOnly: true
nodeSelector: {} nodeSelector: {}
@ -135,3 +149,20 @@ garageConfig:
auth: auth:
# Generate this using: htpasswd -nbBC 10 "admin" "yourpassword" # Generate this using: htpasswd -nbBC 10 "admin" "yourpassword"
userPassHash: "" userPassHash: ""
# API credentials (admin API key, auth hash) from an existing Secret.
# When enabled, env vars are set via secretKeyRef; otherwise values from garageConfig.adminApiKey and auth.userPassHash are used.
secretRefs:
enabled: false
# Name of the existing Secret (required when enabled)
name: ""
# Map of environment variable names to Secret data keys
keys:
API_ADMIN_KEY: "" # e.g. "admin-api-key"
AUTH_USER_PASS: "" # e.g. "user-pass-hash"
config:
# -- Enable mounting of the config file
enabled: false
# -- Name of the ConfigMap to mount
name: "garage-webui-config"