Closed dcaputo-harmoni closed 3 months ago
Thank you for your contribution :)
Please don't mix concerns in the same PR, split out: 1. database credentials 2. internal-frontend support
For the auth config side, I'm not sure about proxying all of the values this way. Web can be configured via additionalEnv and for server auth I think maybe just have a auth: { enabled: true, config: { ... } }
that gets copied as well.
What was changed
This PR includes two primary functionality enhancements to the helm chart:
Why?
I'll address each area separately:
Auth - production environments need some form of authentication. To use authentication, it was required to be enabled in both the server and web components. Additionally, an
internal-frontend
service was added (per the v1.20.0 release) to allow the workflow service to function. This also addresses an open issue (#304).Database Creds - many dynamic database creds generation systems (such as hashicorp vault) generate both the username and password dynamically, which is more secure than just rotating the password. The functionality has been updated to allow either or both of these to be optionally set via a secret with any or both of
username
andpassword
keys.Checklist
Closes #304
How was this tested:
Tested a number of times using various alternatives of the configurations.
Any docs updates needed?
Included documentation via commented out items in values.yaml