diff --git a/charts/theia-cloud/Chart.yaml b/charts/theia-cloud/Chart.yaml index 346bf4f..1ba793c 100644 --- a/charts/theia-cloud/Chart.yaml +++ b/charts/theia-cloud/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.4.0-next.0 +version: 1.4.0-next.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/theia-cloud/README.md b/charts/theia-cloud/README.md index dc544c0..48e4043 100644 --- a/charts/theia-cloud/README.md +++ b/charts/theia-cloud/README.md @@ -100,6 +100,8 @@ A Helm chart for Theia Cloud | preloading.images | list | `[]` | Images to preload. Images must support running /bin/sh. If the list is empty and demoApplication.install == true, demoApplication.name is automatically added. | | service | object | (see details below) | Values of the Theia Cloud REST service | | service.authToken | string | `"asdfghjkl"` | The service authentication token used in the communication between website and REST-API for spam mitigation. This token is public. Please choose a random generated string. | +| service.adminApiTokenSecret.key | string | `"ADMIN_API_TOKEN"` | Secret key containing the admin API token. | +| service.adminApiTokenSecret.name | string | `"service-admin-api-token"` | Name of an existing Kubernetes Secret containing the admin API token. The chart does not create or manage this Secret. | | service.image | string | `"theiacloud/theia-cloud-service:1.2.0-next"` | The image to use | | service.imagePullPolicy | string | `nil` | Optional: Override the imagePullPolicy for the service's docker image. If this is omitted or empty, the root at .Values.imagePullPolicy is used. | | service.imagePullSecret | string | `nil` | Optional: the image pull secret | diff --git a/charts/theia-cloud/templates/service.yaml b/charts/theia-cloud/templates/service.yaml index 4edf711..0db5a7a 100644 --- a/charts/theia-cloud/templates/service.yaml +++ b/charts/theia-cloud/templates/service.yaml @@ -32,6 +32,14 @@ spec: envFrom: - configMapRef: name: service-config + {{- if and .Values.service.adminApiTokenSecret.name .Values.service.adminApiTokenSecret.key }} + env: + - name: ADMIN_API_TOKEN + valueFrom: + secretKeyRef: + name: {{ tpl (.Values.service.adminApiTokenSecret.name | toString) . }} + key: {{ tpl (.Values.service.adminApiTokenSecret.key | toString) . }} + {{- end }} {{- if .Values.service.imagePullSecret }} imagePullSecrets: - name: {{ tpl (.Values.service.imagePullSecret | toString) . }} @@ -52,4 +60,4 @@ spec: - name: http protocol: TCP port: {{ tpl (.Values.service.port | toString) . }} - targetPort: {{ tpl (.Values.service.port | toString) . }} \ No newline at end of file + targetPort: {{ tpl (.Values.service.port | toString) . }} diff --git a/charts/theia-cloud/values.yaml b/charts/theia-cloud/values.yaml index 703a666..04273ee 100644 --- a/charts/theia-cloud/values.yaml +++ b/charts/theia-cloud/values.yaml @@ -360,6 +360,12 @@ service: # for spam mitigation. This token is public. Please choose a random generated string. authToken: asdfghjkl + # -- Reference to an existing Kubernetes Secret containing the bearer token for admin API token protected endpoints. + # The chart does not create or manage this Secret. + adminApiTokenSecret: + name: service-admin-api-token + key: ADMIN_API_TOKEN + # -- The image to use image: theiacloud/theia-cloud-service:1.2.0-next @@ -406,7 +412,7 @@ gateway: # -- Does Theia Cloud expect TLS connections (true) or is TLS terminated outside of Theia Cloud (false) tls: true # -- Name of the HTTPRoute that is updated to publish new Theia application instances - instancesRouteName: "theia-cloud-demo-ws-ingress" + instancesRouteName: "theia-cloud-demo-ws-route" # -- Additional wildcard hostnames and optional dedicated TLS secret names # Only accepts wildcard hostnames that are configured in `hosts.allWildcardInstances`. instancesWildcardSecretNames: {}