diff --git a/charts/yeti/Chart.yaml b/charts/yeti/Chart.yaml index 01587844..4ea1ac83 100644 --- a/charts/yeti/Chart.yaml +++ b/charts/yeti/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: yeti -version: 1.0.4 +version: 1.0.5 description: A Helm chart for Yeti Kubernetes deployments. keywords: - yeti diff --git a/charts/yeti/README.md b/charts/yeti/README.md index 0dd48cfb..2be98355 100644 --- a/charts/yeti/README.md +++ b/charts/yeti/README.md @@ -137,13 +137,20 @@ kubectl delete pvc -l release=my-release ### Common Parameters +| Name | Description | Value | +| ---------------------------- | ----------------------------------------------------- | ----------- | +| `serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | +| `serviceAccount.name` | The name of the service account to use | `yeti` | +| `service.type` | Yeti service type | `ClusterIP` | +| `service.port` | Yeti service port | `9000` | + +### Yeti Configuration Parameters + | Name | Description | Value | | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use | `yeti` | -| `service.type` | Yeti service type | `ClusterIP` | -| `service.port` | Yeti service port | `9000` | +| `config.oidc.enabled` | Enables Yeti OIDC authentication (currently only supports Google OIDC) | `false` | +| `config.oidc.existingSecret` | Existing secret with the client ID, secret and cookie secret | `""` | | `metrics.enabled` | Enables metrics scraping | `true` | | `metrics.port` | Port to scrape metrics from | `9200` | | `persistence.name` | Yeti persistent volume name | `yetivolume` | diff --git a/charts/yeti/templates/_env.tpl b/charts/yeti/templates/_env.tpl index f6730c3b..d380dfbf 100644 --- a/charts/yeti/templates/_env.tpl +++ b/charts/yeti/templates/_env.tpl @@ -23,9 +23,29 @@ Worker pod upon startup. - name: YETI_AUTH_ALGORITHM value: HS256 - name: YETI_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES - value: "30" + value: "10000" - name: YETI_AUTH_ENABLED value: "True" +{{- if and .Values.config.oidc.enabled .Values.config.oidc.existingSecret }} +- name: YETI_AUTH_MODULE + value: "oidc" +- name: YETI_AUTH_OIDC_DISCOVERY_URL + value: "https://accounts.google.com/.well-known/openid-configuration" +- name: YETI_AUTH_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.oidc.existingSecret | quote }} + key: "client-id" +- name: YETI_AUTH_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.oidc.existingSecret | quote }} + key: "client-secret" +{{- if .Values.ingress.host }} +- name: YETI_SYSTEM_WEBROOT + value: {{ printf "https://%s" .Values.ingress.host | quote }} +{{- end }} +{{- end }} - name: YETI_SYSTEM_PLUGINS_PATH value: "./plugins" - name: YETI_USER_PASSWORD diff --git a/charts/yeti/values.yaml b/charts/yeti/values.yaml index ff972aa5..219dfd67 100644 --- a/charts/yeti/values.yaml +++ b/charts/yeti/values.yaml @@ -280,6 +280,19 @@ service: ## @param service.port Yeti service port ## port: 9000 +## @section Yeti Configuration Parameters +## ref: https://github.com/yeti-platform/yeti/blob/main/yeti.conf.sample +## +config: + ## Yeti OIDC configuration + ## + oidc: + ## @param config.oidc.enabled Enables Yeti OIDC authentication (currently only supports Google OIDC) + ## + enabled: false + ## @param config.oidc.existingSecret Existing secret with the client ID, secret and cookie secret + ## + existingSecret: "" ## Metrics Parameters ## IMPORTANT: Yeti utilizes Prometheus to scrape metrics through annotations ## Please ensure the Prometheus server is also installed to the cluster for metrics to scrape properly