Skip to content

Commit

Permalink
feat: Add htpasswd generator using helm. (#69)
Browse files Browse the repository at this point in the history 
* Add support for AWS LoadBalancer Controller

* Bump chart version

* Remove empty line changes

* feat: Add htpasswd secret generator

* Fix typo.

* fix: typo, htpasswd-secret mounth path, htpasswd-secrets labels

* fix: htpasswd mount path

* fix: checksum/htpasswd-secret for deployment

* fix: checksum/htpasswd-secret on deployment.yaml

* doc: Add example in readme.md

Co-authored-by: Sanoob Pattanath <[email protected]>
  • Loading branch information
@pshanoop
pshanoop and Sanoob Pattanath authored Jul 8, 2021
1 parent def07bd commit aaa72b1
Show file tree
Hide file tree
Showing 5 changed files with 106 additions and 41 deletions.
105 changes: 65 additions & 40 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,46 +81,48 @@ deletes the release.
The following table lists the configurable parameters of the Verdaccio chart
and their default values.

| Parameter | Description | Default |
| ---------------------------------- | --------------------------------------------------------------- | ------------------------------ |
| `affinity` | Affinity for pod assignment | `{}` |
| `existingConfigMap` | Name of custom ConfigMap to use | `false` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `[]` |
| `image.repository` | Verdaccio container image repository | `verdaccio/verdaccio` |
| `image.tag` | Verdaccio container image tag | `5.1.0` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `persistence.accessMode` | PVC Access Mode for Verdaccio volume | `ReadWriteOnce` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | Use existing PVC | `nil` |
| `persistence.mounts` | Additional mounts | `nil` |
| `persistence.size` | PVC Storage Request for Verdaccio volume | `8Gi` |
| `persistence.storageClass` | PVC Storage Class for Verdaccio volume | `nil` |
| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) |
| `persistence.volumes` | Additional volumes | `nil` |
| `podLabels` | Additional pod labels | `{}` (evaluated as a template) |
| `podAnnotations` | Annotations to add to each pod | `{}` |
| `priorityClass.enabled` | Enable specifying pod priorityClassName | `false` |
| `priorityClass.name` | PriorityClassName to be specified in pod spec | `""` |
| `replicaCount` | Desired number of pods | `1` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `service.annotations` | Annotations to add to service | none |
| `service.clusterIP` | IP address to assign to service | `""` |
| `service.externalIPs` | Service external IP addresses | `[]` |
| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` |
| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` |
| `service.port` | Service port to expose | `4873` |
| `service.nodePort` | Service port to expose | none |
| `service.type` | Type of service to create | `ClusterIP` |
| `serviceAccount.create` | Create service account | `false` |
| `serviceAccount.name` | Service account Name | none |
| `extraEnvVars` | Define environment variables to be passed to the container | `{}` |
| `extraInitContainers` | Define additional initContainers to be added to the deployment | `[]` |
| `securityContext` | Define Container Security Context | `{runAsUser=10001}` |
| `podSecurityContext` | Define Pod Security Context | `{fsGroup=101}` |
| `nameOverride` | Set resource name override | `""` |
| `fullnameOverride` | Set resource fullname override | `""` |
| Parameter | Description | Default |
| ---------------------------------- | ---------------------------------------------------------------------------------- | ------------------------------ |
| `affinity` | Affinity for pod assignment | `{}` |
| `existingConfigMap` | Name of custom ConfigMap to use | `false` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `[]` |
| `image.repository` | Verdaccio container image repository | `verdaccio/verdaccio` |
| `image.tag` | Verdaccio container image tag | `5.1.0` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `persistence.accessMode` | PVC Access Mode for Verdaccio volume | `ReadWriteOnce` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | Use existing PVC | `nil` |
| `persistence.mounts` | Additional mounts | `nil` |
| `persistence.size` | PVC Storage Request for Verdaccio volume | `8Gi` |
| `persistence.storageClass` | PVC Storage Class for Verdaccio volume | `nil` |
| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) |
| `persistence.volumes` | Additional volumes | `nil` |
| `podLabels` | Additional pod labels | `{}` (evaluated as a template) |
| `podAnnotations` | Annotations to add to each pod | `{}` |
| `priorityClass.enabled` | Enable specifying pod priorityClassName | `false` |
| `priorityClass.name` | PriorityClassName to be specified in pod spec | `""` |
| `replicaCount` | Desired number of pods | `1` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `service.annotations` | Annotations to add to service | none |
| `service.clusterIP` | IP address to assign to service | `""` |
| `service.externalIPs` | Service external IP addresses | `[]` |
| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` |
| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` |
| `service.port` | Service port to expose | `4873` |
| `service.nodePort` | Service port to expose | none |
| `service.type` | Type of service to create | `ClusterIP` |
| `serviceAccount.create` | Create service account | `false` |
| `serviceAccount.name` | Service account Name | none |
| `extraEnvVars` | Define environment variables to be passed to the container | `{}` |
| `extraInitContainers` | Define additional initContainers to be added to the deployment | `[]` |
| `securityContext` | Define Container Security Context | `{runAsUser=10001}` |
| `podSecurityContext` | Define Pod Security Context | `{fsGroup=101}` |
| `nameOverride` | Set resource name override | `""` |
| `fullnameOverride` | Set resource fullname override | `""` |
| `useSecretHtpasswd` | Use htpasswd from `.Values.secrets.htpasswd`. This require helm v3.2.0 or above. | `false` |
| `secrets.htpasswd` | user and password list to generate htpasswd. | `[]` |

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

Expand All @@ -143,6 +145,29 @@ $ helm install npm -f values.yaml verdaccio/verdaccio

> **Tip**: You can use the default [values.yaml](charts/verdaccio/values.yaml)
### Generate htpasswd using helm

This requires helm v3.2.0 or above. You can list all username and password in
`.Values.secrets.htpasswd`. Helm will generate secret with htpaswd format. This
file is mounted on pod in this path `/verdaccio/auth/htpasswd`. The Default
config uses this.

> **Tip**: These values are in plaintext. So don't forget to put aditional
> encryption.
#### Example
```yaml
useSecretHtpasswd: true
secrets:
# list of users and password for htpasswd plugin
# This this is mounted as /verdaccio/auth/htpasswd on pods
htpasswd:
- username: "verdaccio"
password: "verdaccio"
```
This config will create a htpasswd file with user "verdaccio", If in config
'htpasswd' auth is used. You can login using this credentials.
### Custom ConfigMap
When creating a new chart with this chart as a dependency, CustomConfigMap can
Expand Down
2 changes: 1 addition & 1 deletion charts/verdaccio/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
description: A lightweight private node.js proxy registry
name: verdaccio
version: 4.1.1
version: 4.2.0
appVersion: 5.1.1
home: https://verdaccio.org
icon: https://cdn.verdaccio.dev/logos/default.png
Expand Down
12 changes: 12 additions & 0 deletions charts/verdaccio/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ spec:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/htpasswd-secret: {{ toJson .Values.secrets.htpasswd | sha256sum }}
{{- include "verdaccio.podAnnotations" . | nindent 8 }}
labels:
{{- include "verdaccio.podLabels" . | nindent 8 }}
Expand Down Expand Up @@ -66,6 +67,12 @@ spec:
- mountPath: /verdaccio/storage
name: storage
readOnly: false
{{- if .Values.useSecretHtpasswd }}
- mountPath: /verdaccio/storage/htpasswd
name: htpasswd
subPath: htpasswd
readOnly: true
{{- end }}
- mountPath: /verdaccio/conf
name: config
readOnly: true
Expand All @@ -77,6 +84,11 @@ spec:
- name: config
configMap:
name: {{ .Values.existingConfigMap | default (include "verdaccio.fullname" .) }}
{{- if .Values.useSecretHtpasswd }}
- name: htpasswd
secret:
secretName: {{ include "verdaccio.fullname" . }}-htpasswd
{{- end }}
{{- with .Values.persistence.volumes }}
{{- include "tplvalues.render" (dict "value" . "context" $) | nindent 6 }}
{{- end }}
Expand Down
14 changes: 14 additions & 0 deletions charts/verdaccio/templates/htpasswd-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{- if .Values.useSecretHtpasswd }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ template "verdaccio.fullname" . }}-htpasswd
labels:
{{- include "verdaccio.labels" . | nindent 4 }}
stringData:
htpasswd: |
{{- range $user := .Values.secrets.htpasswd }}
{{ htpasswd $user.username $user.password | toString }}
{{- end }}
{{- end }}
14 changes: 14 additions & 0 deletions charts/verdaccio/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ configMap: |
auth:
htpasswd:
# Do not change this path if secrets htpasswd is used.
file: /verdaccio/storage/htpasswd
# Maximum amount of users allowed to register, defaults to "+infinity".
# You can set this to -1 to disable registration.
Expand Down Expand Up @@ -206,3 +207,16 @@ priorityClass:
# name: ""

existingConfigMap: false

# use htpasswd secrets
useSecretHtpasswd: false

# Secrets
secrets:
# list of users and password for htpasswd plugin
# This this is mounted as /verdaccio/auth/htpasswd on pods
htpasswd: []
# - username: "test"
# password: "test"
# - username: "blah"
# password: "blah"

0 comments on commit aaa72b1

Please sign in to comment.