-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathsecrets.yaml
93 lines (86 loc) · 4.42 KB
/
secrets.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
######################################################################################
# D O N O T C H E C K C R E D E N T I A L S I N T O G I T H U B ! ! !
######################################################################################
#
# Edit this file to add your passwords, then install them in your cluster by one of the
# following methods. Assuming your release name is "my-release": (NOTE THE RELEASE NAME MUST
# MATCH THE ONE YOU USE WITH HELM!)
#
# 1. Define the release name on the command line:
# $ RELEASE_NAME=my-release envsubst < secrets.yaml | kubectl apply -n <mynamespace> -f -
#
# # if this results in "command not found: envsubst", you can install envsubst (e.g. on Mac OS:
# $ brew install gettext && brew link --force gettext
#
# 2. Alternatively, you can simply replace "${RELEASE_NAME}" in the file below (be sure to retain
# the "-secrets" part), and do: $ kubectl apply -n <mynamespace> -f secrets.yaml)
#
apiVersion: v1
kind: Secret
metadata:
name: ${RELEASE_NAME}-metacat-secrets
type: Opaque
## @param stringData
## stringData allows specifying write-only, non-binary secret data (eg metacat credentials) in
## string form. The stringData field is never output when reading from the API.
##
## Also see the mappings in the `application.envSecretKeys` property in `metacat.properties`,
## to determine which metacat property corresponds to each of these environment variables.
##
## # # # NEVER CHECK SECRETS INTO GITHUB! # # #
##
stringData:
## @param POSTGRES_PASSWORD
## the Postgres database password for the (existing) metacat user
##
## NOTE: Once the chart is deployed, it is not possible to change the application's access
## credentials, such as usernames or passwords, using Helm. To change these application
## credentials after deployment, delete any persistent volumes (PVs) used by the chart and
## re-deploy it, or use the application's built-in administrative tools if available.
##
## Warning: Setting a password will be ignored on new installation in case when previous
## Posgresql release was deleted through the helm command. In that case, old PVC will have an old
## password, and setting it through helm won't take effect. Deleting persistent volumes (PVs)
## will solve the issue. Refer to <a href="https://github.com/bitnami/charts/issues/2061">issue
## 2061</a> for more details.
## Extreme cases may necessitate: Rancher Desktop 'Troubleshooting'->'Reset Kubernetes'
##
POSTGRES_PASSWORD: your-value-here
## @param METACAT_GUID_DOI_PASSWORD
## if metacat.guid.doi.enabled is set to `true` in values.yaml, then METACAT_GUID_DOI_PASSWORD
## must be set, in order to enable publishing of Digital Object Identifiers (see doi.org).
## (And, if necessary, override the default metacat.guid.doi.* values, including the username, in
## values.yaml)
##
METACAT_GUID_DOI_PASSWORD: your-value-here # can be ignored if not using DOI
## @param METACAT_REPLICATION_PRIVATE_KEY_PASSWORD
## if CN -> CN replication is enabled, then
## ## (And, if necessary, override the default metacat.replication.* in values.yaml)
##
## can be ignored if not using CN -> CN replication
##
METACAT_REPLICATION_PRIVATE_KEY_PASSWORD: ""
## @param METACAT_DATAONE_CERT_FROM_HTTP_HEADER_PROXY_KEY
## A shared secret between your trusted upstream Ingress (eg nginx), and Metacat. The Ingress
## must send HTTP requests to Metacat with this secret set in the "X-Proxy-Key" HTTP header.
## For an example of adding custom headers, see:
# https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers
##
## can be ignored if not using DataONE replication
##
METACAT_DATAONE_CERT_FROM_HTTP_HEADER_PROXY_KEY: ""
## @param rabbitmq-password
## The password used by the rabbitmq user, to connect to the RabbitMQ service
## (NOTE: since the Bitnami rabbitmq chart defines this key, it can't follow the regular env var
## convention for metacat)
##
rabbitmq-password: your-value-here
## @param SOLR_ADMIN_PASSWORD
## The password used by the solr admin user, to connect to the solr service
## (NOTE: since the dataone_indexer chart defines this key, it doesn't have a METACAT_ prefix)
##
SOLR_ADMIN_PASSWORD: your-value-here
## @param data
## Contains the secret data. The serialized form of the secret data is a base64 encoded string,
## representing the arbitrary (typically non-string) data value below.
data: {}