Spaces:
Running
on
CPU Upgrade
Running
on
CPU Upgrade
feat(chart): use infisical (#1276)
Browse files- chart/env/prod.yaml +2 -13
- chart/templates/deployment.yaml +2 -2
- chart/templates/infisical.yaml +24 -0
- chart/templates/secrets.yaml +0 -21
- chart/values.yaml +10 -5
- docs/source/installation/helm.md +1 -1
chart/env/prod.yaml
CHANGED
|
@@ -347,20 +347,9 @@ envVars:
|
|
| 347 |
WEBSEARCH_BLOCKLIST: '["youtube.com", "twitter.com"]'
|
| 348 |
XFF_DEPTH: '2'
|
| 349 |
|
| 350 |
-
|
| 351 |
enabled: true
|
| 352 |
-
|
| 353 |
-
secretName: "chat-ui-prod-secrets"
|
| 354 |
-
parameters:
|
| 355 |
-
MONGODB_URL: "hub-prod-chat-ui-mongodb-url"
|
| 356 |
-
OPENID_CONFIG: "hub-prod-chat-ui-openid-config"
|
| 357 |
-
SERPER_API_KEY: "hub-prod-chat-ui-serper-api-key"
|
| 358 |
-
HF_TOKEN: "hub-prod-chat-ui-hf-token"
|
| 359 |
-
WEBHOOK_URL_REPORT_ASSISTANT: "hub-prod-chat-ui-webhook-report-assistant"
|
| 360 |
-
ADMIN_API_SECRET: "hub-prod-chat-ui-admin-api-secret"
|
| 361 |
-
USAGE_LIMITS: "hub-prod-chat-ui-usage-limits"
|
| 362 |
-
MESSAGES_BEFORE_LOGIN: "hub-prod-chat-ui-messages-before-login"
|
| 363 |
-
IP_TOKEN_SECRET: "hub-prod-chat-ui-ip-token-secret"
|
| 364 |
|
| 365 |
autoscaling:
|
| 366 |
enabled: true
|
|
|
|
| 347 |
WEBSEARCH_BLOCKLIST: '["youtube.com", "twitter.com"]'
|
| 348 |
XFF_DEPTH: '2'
|
| 349 |
|
| 350 |
+
infisical:
|
| 351 |
enabled: true
|
| 352 |
+
env: "prod-us-east-1"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 353 |
|
| 354 |
autoscaling:
|
| 355 |
enabled: true
|
chart/templates/deployment.yaml
CHANGED
|
@@ -61,9 +61,9 @@ spec:
|
|
| 61 |
envFrom:
|
| 62 |
- configMapRef:
|
| 63 |
name: {{ include "name" . }}
|
| 64 |
-
{{- if $.Values.
|
| 65 |
- secretRef:
|
| 66 |
-
name: {{
|
| 67 |
{{- end }}
|
| 68 |
{{- with $.Values.extraEnvFrom }}
|
| 69 |
{{- toYaml . | nindent 14 }}
|
|
|
|
| 61 |
envFrom:
|
| 62 |
- configMapRef:
|
| 63 |
name: {{ include "name" . }}
|
| 64 |
+
{{- if $.Values.infisical.enabled }}
|
| 65 |
- secretRef:
|
| 66 |
+
name: {{ include "name" $ }}-infisical-secret
|
| 67 |
{{- end }}
|
| 68 |
{{- with $.Values.extraEnvFrom }}
|
| 69 |
{{- toYaml . | nindent 14 }}
|
chart/templates/infisical.yaml
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
{{- if .Values.infisical.enabled }}
|
| 2 |
+
apiVersion: secrets.infisical.com/v1alpha1
|
| 3 |
+
kind: InfisicalSecret
|
| 4 |
+
metadata:
|
| 5 |
+
name: {{ include "name" $ }}-infisical-secret
|
| 6 |
+
namespace: {{ $.Release.Namespace }}
|
| 7 |
+
spec:
|
| 8 |
+
authentication:
|
| 9 |
+
universalAuth:
|
| 10 |
+
credentialsRef:
|
| 11 |
+
secretName: {{ .Values.infisical.operatorSecretName | quote }}
|
| 12 |
+
secretNamespace: {{ .Values.infisical.operatorSecretNamespace | quote }}
|
| 13 |
+
secretsScope:
|
| 14 |
+
envSlug: {{ .Values.infisical.env | quote }}
|
| 15 |
+
projectSlug: {{ .Values.infisical.project | quote }}
|
| 16 |
+
secretsPath: /
|
| 17 |
+
hostAPI: {{ .Values.infisical.url | quote }}
|
| 18 |
+
managedSecretReference:
|
| 19 |
+
creationPolicy: Owner
|
| 20 |
+
secretName: {{ include "name" $ }}-secs
|
| 21 |
+
secretNamespace: {{ .Release.Namespace | quote }}
|
| 22 |
+
secretType: Opaque
|
| 23 |
+
resyncInterval: {{ .Values.infisical.resyncInterval }}
|
| 24 |
+
{{- end }}
|
chart/templates/secrets.yaml
DELETED
|
@@ -1,21 +0,0 @@
|
|
| 1 |
-
{{- if .Values.externalSecrets.enabled }}
|
| 2 |
-
apiVersion: "external-secrets.io/v1beta1"
|
| 3 |
-
kind: ExternalSecret
|
| 4 |
-
metadata:
|
| 5 |
-
labels: {{ include "labels.standard" . | nindent 4 }}
|
| 6 |
-
name: {{ include "name" $ }}-external-secret
|
| 7 |
-
namespace: {{ $.Release.Namespace }}
|
| 8 |
-
spec:
|
| 9 |
-
refreshInterval: 1h
|
| 10 |
-
secretStoreRef:
|
| 11 |
-
name: {{ .Values.externalSecrets.secretStoreName }}
|
| 12 |
-
kind: SecretStore
|
| 13 |
-
target:
|
| 14 |
-
name: {{ .Values.externalSecrets.secretName }}
|
| 15 |
-
data:
|
| 16 |
-
{{- range $key, $value := .Values.externalSecrets.parameters }}
|
| 17 |
-
- secretKey: {{ $key | quote }}
|
| 18 |
-
remoteRef:
|
| 19 |
-
key: {{ $value | quote }}
|
| 20 |
-
{{- end }}
|
| 21 |
-
{{- end }}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
chart/values.yaml
CHANGED
|
@@ -38,12 +38,17 @@ nodeSelector: {}
|
|
| 38 |
tolerations: []
|
| 39 |
|
| 40 |
envVars: { }
|
| 41 |
-
|
|
|
|
| 42 |
enabled: false
|
| 43 |
-
|
| 44 |
-
|
| 45 |
-
|
| 46 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47 |
extraEnvFrom: []
|
| 48 |
extraEnv: []
|
| 49 |
|
|
|
|
| 38 |
tolerations: []
|
| 39 |
|
| 40 |
envVars: { }
|
| 41 |
+
|
| 42 |
+
infisical:
|
| 43 |
enabled: false
|
| 44 |
+
env: ""
|
| 45 |
+
project: "huggingchat-v2-a1"
|
| 46 |
+
url: ""
|
| 47 |
+
resyncInterval: 60
|
| 48 |
+
operatorSecretName: "huggingchat-operator-secrets"
|
| 49 |
+
operatorSecretNamespace: "hub-utils"
|
| 50 |
+
|
| 51 |
+
# Allow to environment injections on top or instead of infisical
|
| 52 |
extraEnvFrom: []
|
| 53 |
extraEnv: []
|
| 54 |
|
docs/source/installation/helm.md
CHANGED
|
@@ -29,7 +29,7 @@ resources:
|
|
| 29 |
|
| 30 |
envVars:
|
| 31 |
MONGODB_URL: mongodb://chat-ui-mongo:27017
|
| 32 |
-
# Ensure that your values.yaml will not leak anywhere
|
| 33 |
# PRs welcome for a chart rework with envFrom support!
|
| 34 |
HF_TOKEN: secret_token
|
| 35 |
```
|
|
|
|
| 29 |
|
| 30 |
envVars:
|
| 31 |
MONGODB_URL: mongodb://chat-ui-mongo:27017
|
| 32 |
+
# Ensure that your values.yaml will not leak anywhere
|
| 33 |
# PRs welcome for a chart rework with envFrom support!
|
| 34 |
HF_TOKEN: secret_token
|
| 35 |
```
|