huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor(helm chart): template to produce identical environment variables for both server & objects pods (#2304)

Browse Source 
* fix(helm chart): objects pod should also have automate feature flag env vars

* refactor(helm chart): share environment variables between server & objects pods
- use a template to configure the same set of environment variables for both server & objects pods
This commit is contained in:
Iain Sproat
2024-05-30 16:59:56 +01:00
committed by GitHub
parent 7a2989afaa
commit 19cf4d52fc
3 changed files with 418 additions and 743 deletions
Download Patch File Download Diff File Expand all files Collapse all files
utils/helm/speckle-server/templates/_helpers.tpl
+414
View File
@@ -527,3 +527,417 @@ Retrieve the s3 parameters from ConfigMap if enabled, or default to retrieving t
{{- $result | toJson }}
{{- end }}
{{- end }}
{{/*
Generate the environment variables for Speckle server and Speckle objects deployments
*/}}
{{- define "server.env" -}}
- name: CANONICAL_URL
{{- if .Values.ssl_canonical_url }}
value: https://{{ .Values.domain }}
{{- else }}
value: http://{{ .Values.domain }}
{{- end }}
- name: PORT
value: {{ include "server.port" $ | quote }}
- name: LOG_LEVEL
value: {{ .Values.server.logLevel }}
- name: USE_FRONTEND_2
value: {{ .Values.frontend_2.enabled | quote }}
- name: FRONTEND_ORIGIN
{{- if .Values.ssl_canonical_url }}
value: https://{{ .Values.domain }}
{{- else }}
value: http://{{ .Values.domain }}
{{- end }}
- name: ENABLE_FE2_MESSAGING
value: {{ .Values.server.enableFe2Messaging | quote }}
- name: FF_AUTOMATE_MODULE_ENABLED
value: {{ .Values.featureFlags.automateModuleEnabled | quote }}
{{- if .Values.featureFlags.automateModuleEnabled }}
- name: SPECKLE_AUTOMATE_URL
value: {{ .Values.server.speckleAutomateUrl }}
- name: AUTOMATE_ENCRYPTION_KEYS_PATH
value: {{ .Values.server.encryptionKeys.path }}
{{- end }}
- name: ONBOARDING_STREAM_URL
value: {{ .Values.server.onboarding.stream_url }}
- name: ONBOARDING_STREAM_CACHE_BUST_NUMBER
value: {{ .Values.server.onboarding.stream_cache_bust_number | quote }}
- name: SESSION_SECRET
valueFrom:
secretKeyRef:
name: "{{ default .Values.secretName .Values.server.sessionSecret.secretName }}"
key: {{ default "session_secret" .Values.server.sessionSecret.secretKey }}
- name: FILE_SIZE_LIMIT_MB
value: {{ .Values.file_size_limit_mb | quote }}
- name: MAX_PROJECT_MODELS_PER_PAGE
value: {{ .Values.server.max_project_models_per_page | quote }}
- name: MAX_OBJECT_SIZE_MB
value: {{ .Values.server.max_object_size_mb | quote }}
{{- if .Values.server.migration.movedFrom }}
- name: MIGRATION_SERVER_MOVED_FROM
value: {{ .Values.server.migration.movedFrom }}
{{- end }}
{{- if .Values.server.migration.movedTo }}
- name: MIGRATION_SERVER_MOVED_TO
value: {{ .Values.server.migration.movedTo }}
{{- end }}
# *** Gendo render module ***
- name: FF_GENDOAI_MODULE_ENABLED
value: {{ .Values.featureFlags.gendoAIModuleEnabled | quote }}
{{- if .Values.featureFlags.gendoAIModuleEnabled }}
- name: GENDOAI_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.gendoAI.key.secretName }}
key: {{ .Values.server.gendoAI.key.secretKey }}
- name: GENDOAI_KEY_RESPONSE
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.gendoAI.keyResponse.secretName }}
key: {{ .Values.server.gendoAI.keyResponse.secretKey }}
- name: GENDOAI_API_ENDPOINT
value: {{ .Values.server.gendoAI.apiUrl | quote }}
- name: RATELIMIT_GENDO_AI_RENDER_REQUEST
value: {{ .Values.server.gendoai.ratelimiting.renderRequest | quote }}
- name: RATELIMIT_GENDO_AI_RENDER_REQUEST_PERIOD_SECONDS
value: {{ .Values.server.gendoai.ratelimiting.renderRequestPeriodSeconds | quote }}
- name: RATELIMIT_BURST_GENDO_AI_RENDER_REQUEST
value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequest | quote }}
- name: RATELIMIT_GENDO_AI_RENDER_REQUEST_BURST_PERIOD_SECONDS
value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequestPeriodSeconds | quote }}
{{- end }}
# *** Redis ***
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.redis.connectionString.secretName }}
key: {{ default "redis_url" .Values.redis.connectionString.secretKey }}
# *** PostgreSQL Database ***
- name: POSTGRES_URL
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.db.connectionString.secretName }}
key: {{ default "postgres_url" .Values.db.connectionString.secretKey }}
- name: POSTGRES_MAX_CONNECTIONS_SERVER
value: {{ .Values.db.maxConnectionsServer | quote }}
- name: PGSSLMODE
value: "{{ .Values.db.PGSSLMODE }}"
{{- if .Values.db.useCertificate }}
- name: NODE_EXTRA_CA_CERTS
value: "/postgres-certificate/ca-certificate.crt"
{{- end }}
{{- if .Values.server.fileUploads.enabled }}
{{ else }}
- name: DISABLE_FILE_UPLOADS
value: "true"
{{ end }}
{{- if .Values.server.adminOverrideEnabled }}
- name: ADMIN_OVERRIDE_ENABLED
value: "true"
{{- end }}
{{- if .Values.server.weeklyDigestEnabled }}
- name: WEEKLY_DIGEST_ENABLED
value: "true"
{{- end }}
{{- if (quote .Values.server.monitoring.mp.enabled) }}
- name: ENABLE_MP
value: {{ .Values.server.monitoring.mp.enabled | quote }}
{{- end }}
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: {{ .Values.tlsRejectUnauthorized | quote }}
# *** S3 Object Storage ***
{{- if (or .Values.s3.configMap.enabled .Values.s3.endpoint) }}
{{- $s3values := ((include "server.s3Values" .) | fromJson ) }}
- name: S3_ENDPOINT
value: {{ $s3values.endpoint }}
- name: S3_ACCESS_KEY
value: {{ $s3values.access_key }}
- name: S3_BUCKET
value: {{ $s3values.bucket }}
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.s3.secret_key.secretName }}
key: {{ default "s3_secret_key" .Values.s3.secret_key.secretKey }}
- name: S3_CREATE_BUCKET
value: "{{ .Values.s3.create_bucket }}"
- name: S3_REGION
value: "{{ .Values.s3.region }}"
{{- end }}
# *** Authentication ***
# Local Auth
- name: STRATEGY_LOCAL
value: "{{ .Values.server.auth.local.enabled }}"
# Google Auth
{{- if .Values.server.auth.google.enabled }}
- name: STRATEGY_GOOGLE
value: "true"
- name: GOOGLE_CLIENT_ID
value: {{ .Values.server.auth.google.client_id }}
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.google.clientSecret.secretName }}
key: {{ default "google_client_secret" .Values.server.auth.google.clientSecret.secretKey }}
{{- end }}
# Github Auth
{{- if .Values.server.auth.github.enabled }}
- name: STRATEGY_GITHUB
value: "true"
- name: GITHUB_CLIENT_ID
value: {{ .Values.server.auth.github.client_id }}
- name: GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.github.clientSecret.secretName }}
key: {{ default "github_client_secret" .Values.server.auth.github.clientSecret.secretKey }}
{{- end }}
# AzureAD Auth
{{- if .Values.server.auth.azure_ad.enabled }}
- name: STRATEGY_AZURE_AD
value: "true"
- name: AZURE_AD_ORG_NAME
value: {{ .Values.server.auth.azure_ad.org_name }}
- name: AZURE_AD_IDENTITY_METADATA
value: {{ .Values.server.auth.azure_ad.identity_metadata }}
- name: AZURE_AD_ISSUER
value: {{ .Values.server.auth.azure_ad.issuer }}
- name: AZURE_AD_CLIENT_ID
value: {{ .Values.server.auth.azure_ad.client_id }}
- name: AZURE_AD_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.azure_ad.clientSecret.secretName }}
key: {{ default "azure_ad_client_secret" .Values.server.auth.azure_ad.clientSecret.secretKey }}
{{- end }}
# OpenID Connect Auth
{{- if .Values.server.auth.oidc.enabled }}
- name: STRATEGY_OIDC
value: "true"
- name: OIDC_NAME
value: {{ .Values.server.auth.oidc.name }}
- name: OIDC_DISCOVERY_URL
value: {{ .Values.server.auth.oidc.discovery_url }}
- name: OIDC_CLIENT_ID
value: {{ .Values.server.auth.oidc.client_id }}
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.oidc.clientSecret.secretName }}
key: {{ default "oidc_client_secret" .Values.server.auth.oidc.clientSecret.secretKey }}
{{- end }}
# *** Email ***
{{- if .Values.server.email.enabled }}
- name: EMAIL
value: "true"
- name: EMAIL_HOST
value: "{{ .Values.server.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.server.email.port }}"
- name: EMAIL_USERNAME
value: "{{ .Values.server.email.username }}"
- name: EMAIL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.email.password.secretName }}
key: {{ default "email_password" .Values.server.email.password.secretKey }}
- name: EMAIL_FROM
value: "{{ .Values.server.email.from }}"
{{- end }}
# *** Newsletter ***
{{- if .Values.server.mailchimp.enabled }}
- name: MAILCHIMP_ENABLED
value: "true"
- name: MAILCHIMP_API_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.mailchimp.apikey.secretName }}
key: {{ .Values.server.mailchimp.apikey.secretKey }}
- name: MAILCHIMP_SERVER_PREFIX
value: "{{ .Values.server.mailchimp.serverPrefix}}"
- name: MAILCHIMP_NEWSLETTER_LIST_ID
value: "{{ .Values.server.mailchimp.newsletterListId}}"
- name: MAILCHIMP_ONBOARDING_LIST_ID
value: "{{ .Values.server.mailchimp.onboardingListId}}"
- name: MAILCHIMP_ONBOARDING_JOURNEY_ID
value: "{{ .Values.server.mailchimp.onboardingJourneyId}}"
- name: MAILCHIMP_ONBOARDING_STEP_ID
value: "{{ .Values.server.mailchimp.onboardingStepId}}"
{{- end }}
# *** Tracking / Tracing ***
- name: SENTRY_DSN
value: {{ .Values.server.sentry_dns }}
{{- if .Values.server.disable_tracing }}
- name: DISABLE_TRACING
value: "true"
{{- end }}
{{- if .Values.server.disable_tracking }}
- name: DISABLE_TRACKING
value: "true"
{{- end }}
# Monitoring - Apollo
{{- if .Values.server.monitoring.apollo.enabled }}
- name: APOLLO_GRAPH_ID
value: {{ .Values.server.monitoring.apollo.graph_id }}
- name: APOLLO_SCHEMA_REPORTING
value: "true"
- name: APOLLO_GRAPH_VARIANT
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: APOLLO_SERVER_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: APOLLO_SERVER_PLATFORM
value: "kubernetes/deployment"
- name: APOLLO_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.monitoring.apollo.key.secretName }}
key: {{ default "apollo_key" .Values.server.monitoring.apollo.key.secretKey }}
{{- end }}
# Rate Limiting
{{- if .Values.server.ratelimiting.all_requests }}
- name: RATELIMIT_ALL_REQUESTS
value: "{{ .Values.server.ratelimiting.all_requests }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_all_requests }}
- name: RATELIMIT_BURST_ALL_REQUESTS
value: "{{ .Values.server.ratelimiting.burst_all_requests }}"
{{- end }}
{{- if .Values.server.ratelimiting.user_create }}
- name: RATELIMIT_USER_CREATE
value: "{{ .Values.server.ratelimiting.user_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_user_create }}
- name: RATELIMIT_BURST_USER_CREATE
value: "{{ .Values.server.ratelimiting.burst_user_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.stream_create }}
- name: RATELIMIT_STREAM_CREATE
value: "{{ .Values.server.ratelimiting.stream_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_stream_create }}
- name: RATELIMIT_BURST_STREAM_CREATE
value: "{{ .Values.server.ratelimiting.burst_stream_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.commit_create }}
- name: RATELIMIT_COMMIT_CREATE
value: "{{ .Values.server.ratelimiting.commit_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_commit_create }}
- name: RATELIMIT_BURST_COMMIT_CREATE
value: "{{ .Values.server.ratelimiting.burst_commit_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_getobjects_streamid }}
- name: RATELIMIT_POST_GETOBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.post_getobjects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_getobjects_streamid }}
- name: RATELIMIT_BURST_POST_GETOBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_getobjects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_diff_streamid }}
- name: RATELIMIT_POST_DIFF_STREAMID
value: "{{ .Values.server.ratelimiting.post_diff_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_diff_streamid }}
- name: RATELIMIT_BURST_POST_DIFF_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_diff_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_objects_streamid }}
- name: RATELIMIT_POST_OBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.post_objects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_objects_streamid }}
- name: RATELIMIT_BURST_POST_OBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_objects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_objects_streamid_objectid }}
- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID
value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}
- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID
value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_objects_streamid_objectid_single }}
- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID_SINGLE
value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid_single }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }}
- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID_SINGLE
value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_graphql }}
- name: RATELIMIT_POST_GRAPHQL
value: "{{ .Values.server.ratelimiting.post_graphql }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_graphql }}
- name: RATELIMIT_BURST_POST_GRAPHQL
value: "{{ .Values.server.ratelimiting.burst_post_graphql }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_auth }}
- name: RATELIMIT_GET_AUTH
value: "{{ .Values.server.ratelimiting.get_auth }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_auth }}
- name: RATELIMIT_BURST_GET_AUTH
value: "{{ .Values.server.ratelimiting.burst_get_auth }}"
{{- end }}
{{- end }}
utils/helm/speckle-server/templates/objects/deployment.yml
+2 -336
View File
@@ -86,342 +86,8 @@ spec:
- "try { require('node:http').request({headers: {'Content-Type': 'application/json'}, port:3000, hostname:'127.0.0.1', path:'/graphql?query={serverInfo{version}}', method: 'GET', timeout: 2000 }, (res) => { body = ''; res.on('data', (chunk) => {body += chunk;}); res.on('end', () => {process.exit(res.statusCode != 200 || body.toLowerCase().includes('error'));}); }).end(); } catch { process.exit(1); }"
env:
- name: CANONICAL_URL
{{- if .Values.ssl_canonical_url }}
value: https://{{ .Values.domain }}
{{- else }}
value: http://{{ .Values.domain }}
{{- end }}
- name: PORT
value: {{ include "objects.port" $ | quote }}
- name: LOG_LEVEL
value: {{ .Values.objects.logLevel }}
- name: USE_FRONTEND_2
value: {{ .Values.frontend_2.enabled | quote }}
- name: FRONTEND_ORIGIN
{{- if .Values.ssl_canonical_url }}
value: https://{{ .Values.domain }}
{{- else }}
value: http://{{ .Values.domain }}
{{- end }}
- name: ONBOARDING_STREAM_URL
value: {{ .Values.server.onboarding.stream_url }}
- name: ONBOARDING_STREAM_CACHE_BUST_NUMBER
value: {{ .Values.server.onboarding.stream_cache_bust_number | quote }}
- name: SESSION_SECRET
valueFrom:
secretKeyRef:
name: "{{ default .Values.secretName .Values.server.sessionSecret.secretName }}"
key: {{ default "session_secret" .Values.server.sessionSecret.secretKey }}
- name: FILE_SIZE_LIMIT_MB
value: {{ .Values.file_size_limit_mb | quote }}
- name: MAX_PROJECT_MODELS_PER_PAGE
value: {{ .Values.server.max_project_models_per_page | quote }}
- name: MAX_OBJECT_SIZE_MB
value: {{ .Values.objects.max_object_size_mb | quote }}
# *** Redis ***
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.redis.connectionString.secretName }}
key: {{ default "redis_url" .Values.redis.connectionString.secretKey }}
# *** PostgreSQL Database ***
- name: POSTGRES_URL
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.db.connectionString.secretName }}
key: {{ default "postgres_url" .Values.db.connectionString.secretKey }}
- name: POSTGRES_MAX_CONNECTIONS_SERVER
value: {{ .Values.db.maxConnectionsServer | quote }}
- name: PGSSLMODE
value: "{{ .Values.db.PGSSLMODE }}"
{{- if .Values.db.useCertificate }}
- name: NODE_EXTRA_CA_CERTS
value: "/postgres-certificate/ca-certificate.crt"
{{- end }}
{{- if .Values.server.fileUploads.enabled }}
{{ else }}
- name: DISABLE_FILE_UPLOADS
value: "true"
{{ end }}
{{- if .Values.server.adminOverrideEnabled }}
- name: ADMIN_OVERRIDE_ENABLED
value: "true"
{{- end }}
{{- if (quote .Values.server.monitoring.mp.enabled) }}
- name: ENABLE_MP
value: {{ .Values.server.monitoring.mp.enabled | quote }}
{{- end }}
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: {{ .Values.tlsRejectUnauthorized | quote }}
# *** S3 Object Storage ***
{{- if (or .Values.s3.configMap.enabled .Values.s3.endpoint) }}
{{- $s3values := ((include "server.s3Values" .) | fromJson ) }}
- name: S3_ENDPOINT
value: {{ $s3values.endpoint }}
- name: S3_ACCESS_KEY
value: {{ $s3values.access_key }}
- name: S3_BUCKET
value: {{ $s3values.bucket }}
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.s3.secret_key.secretName }}
key: {{ default "s3_secret_key" .Values.s3.secret_key.secretKey }}
- name: S3_CREATE_BUCKET
value: "{{ .Values.s3.create_bucket }}"
- name: S3_REGION
value: "{{ .Values.s3.region }}"
{{- end }}
# *** Authentication ***
# Local Auth
- name: STRATEGY_LOCAL
value: "{{ .Values.server.auth.local.enabled }}"
# Google Auth
{{- if .Values.server.auth.google.enabled }}
- name: STRATEGY_GOOGLE
value: "true"
- name: GOOGLE_CLIENT_ID
value: {{ .Values.server.auth.google.client_id }}
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.google.clientSecret.secretName }}
key: {{ default "google_client_secret" .Values.server.auth.google.clientSecret.secretKey }}
{{- end }}
# Github Auth
{{- if .Values.server.auth.github.enabled }}
- name: STRATEGY_GITHUB
value: "true"
- name: GITHUB_CLIENT_ID
value: {{ .Values.server.auth.github.client_id }}
- name: GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.github.clientSecret.secretName }}
key: {{ default "github_client_secret" .Values.server.auth.github.clientSecret.secretKey }}
{{- end }}
# AzureAD Auth
{{- if .Values.server.auth.azure_ad.enabled }}
- name: STRATEGY_AZURE_AD
value: "true"
- name: AZURE_AD_ORG_NAME
value: {{ .Values.server.auth.azure_ad.org_name }}
- name: AZURE_AD_IDENTITY_METADATA
value: {{ .Values.server.auth.azure_ad.identity_metadata }}
- name: AZURE_AD_ISSUER
value: {{ .Values.server.auth.azure_ad.issuer }}
- name: AZURE_AD_CLIENT_ID
value: {{ .Values.server.auth.azure_ad.client_id }}
- name: AZURE_AD_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.azure_ad.clientSecret.secretName }}
key: {{ default "azure_ad_client_secret" .Values.server.auth.azure_ad.clientSecret.secretKey }}
{{- end }}
# OpenID Connect Auth
{{- if .Values.server.auth.oidc.enabled }}
- name: STRATEGY_OIDC
value: "true"
- name: OIDC_NAME
value: {{ .Values.server.auth.oidc.name }}
- name: OIDC_DISCOVERY_URL
value: {{ .Values.server.auth.oidc.discovery_url }}
- name: OIDC_CLIENT_ID
value: {{ .Values.server.auth.oidc.client_id }}
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.oidc.clientSecret.secretName }}
key: {{ default "oidc_client_secret" .Values.server.auth.oidc.clientSecret.secretKey }}
{{- end }}
# *** Email ***
{{- if .Values.server.email.enabled }}
- name: EMAIL
value: "true"
- name: EMAIL_HOST
value: "{{ .Values.server.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.server.email.port }}"
- name: EMAIL_USERNAME
value: "{{ .Values.server.email.username }}"
- name: EMAIL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.email.password.secretName }}
key: {{ default "email_password" .Values.server.email.password.secretKey }}
- name: EMAIL_FROM
value: "{{ .Values.server.email.from }}"
{{- end }}
# *** Newsletter will not be generated by objects pods ***
- name: MAILCHIMP_ENABLED
value: "false"
# *** Tracking / Tracing ***
- name: SENTRY_DSN
value: {{ .Values.server.sentry_dns }}
{{- if .Values.server.disable_tracing }}
- name: DISABLE_TRACING
value: "true"
{{- end }}
{{- if .Values.server.disable_tracking }}
- name: DISABLE_TRACKING
value: "true"
{{- end }}
# Monitoring - Apollo
{{- if .Values.server.monitoring.apollo.enabled }}
- name: APOLLO_GRAPH_ID
value: {{ .Values.server.monitoring.apollo.graph_id }}
- name: APOLLO_SCHEMA_REPORTING
value: "true"
- name: APOLLO_GRAPH_VARIANT
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: APOLLO_SERVER_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: APOLLO_SERVER_PLATFORM
value: "kubernetes/deployment"
- name: APOLLO_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.monitoring.apollo.key.secretName }}
key: {{ default "apollo_key" .Values.server.monitoring.apollo.key.secretKey }}
{{- end }}
# Automate
- name: FF_AUTOMATE_MODULE_ENABLED
value: {{ .Values.featureFlags.automateModuleEnabled | quote }}
{{- if .Values.featureFlags.automateModuleEnabled }}
- name: SPECKLE_AUTOMATE_URL
value: {{ .Values.server.speckleAutomateUrl }}
- name: AUTOMATE_ENCRYPTION_KEYS_PATH
value: {{ .Values.server.encryptionKeys.path }}
{{- end }}
# Rate Limiting
{{- if .Values.server.ratelimiting.all_requests }}
- name: RATELIMIT_ALL_REQUESTS
value: "{{ .Values.server.ratelimiting.all_requests }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_all_requests }}
- name: RATELIMIT_BURST_ALL_REQUESTS
value: "{{ .Values.server.ratelimiting.burst_all_requests }}"
{{- end }}
{{- if .Values.server.ratelimiting.user_create }}
- name: RATELIMIT_USER_CREATE
value: "{{ .Values.server.ratelimiting.user_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_user_create }}
- name: RATELIMIT_BURST_USER_CREATE
value: "{{ .Values.server.ratelimiting.burst_user_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.stream_create }}
- name: RATELIMIT_STREAM_CREATE
value: "{{ .Values.server.ratelimiting.stream_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_stream_create }}
- name: RATELIMIT_BURST_STREAM_CREATE
value: "{{ .Values.server.ratelimiting.burst_stream_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.commit_create }}
- name: RATELIMIT_COMMIT_CREATE
value: "{{ .Values.server.ratelimiting.commit_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_commit_create }}
- name: RATELIMIT_BURST_COMMIT_CREATE
value: "{{ .Values.server.ratelimiting.burst_commit_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_getobjects_streamid }}
- name: RATELIMIT_POST_GETOBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.post_getobjects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_getobjects_streamid }}
- name: RATELIMIT_BURST_POST_GETOBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_getobjects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_diff_streamid }}
- name: RATELIMIT_POST_DIFF_STREAMID
value: "{{ .Values.server.ratelimiting.post_diff_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_diff_streamid }}
- name: RATELIMIT_BURST_POST_DIFF_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_diff_streamid }}"
{{- end }}
{{- if .Values.objects.ratelimiting.post_objects_streamid }}
- name: RATELIMIT_POST_OBJECTS_STREAMID
value: "{{ .Values.objects.ratelimiting.post_objects_streamid }}"
{{- end }}
{{- if .Values.objects.ratelimiting.burst_post_objects_streamid }}
- name: RATELIMIT_BURST_POST_OBJECTS_STREAMID
value: "{{ .Values.objects.ratelimiting.burst_post_objects_streamid }}"
{{- end }}
{{- if .Values.objects.ratelimiting.get_objects_streamid_objectid }}
- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID
value: "{{ .Values.objects.ratelimiting.get_objects_streamid_objectid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}
- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID
value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}"
{{- end }}
{{- if .Values.objects.ratelimiting.get_objects_streamid_objectid_single }}
- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID_SINGLE
value: "{{ .Values.objects.ratelimiting.get_objects_streamid_objectid_single }}"
{{- end }}
{{- if .Values.objects.ratelimiting.burst_get_objects_streamid_objectid_single }}
- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID_SINGLE
value: "{{ .Values.objects.ratelimiting.burst_get_objects_streamid_objectid_single }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_graphql }}
- name: RATELIMIT_POST_GRAPHQL
value: "{{ .Values.server.ratelimiting.post_graphql }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_graphql }}
- name: RATELIMIT_BURST_POST_GRAPHQL
value: "{{ .Values.server.ratelimiting.burst_post_graphql }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_auth }}
- name: RATELIMIT_GET_AUTH
value: "{{ .Values.server.ratelimiting.get_auth }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_auth }}
- name: RATELIMIT_BURST_GET_AUTH
value: "{{ .Values.server.ratelimiting.burst_get_auth }}"
{{- end }}
{{ include "server.env" $ | indent 10 }}
{{/* NOTE: Environment variables are configured in utils/helm/speckle-server/templates/_helpers.tpl */}}
{{- if .Values.objects.affinity }}
affinity: {{- include "speckle.renderTpl" (dict "value" .Values.objects.affinity "context" $) | nindent 8 }}
{{- end }}
utils/helm/speckle-server/templates/server/deployment.yml
+2 -407
View File
@@ -91,413 +91,8 @@ spec:
- "try { require('node:http').request({headers: {'Content-Type': 'application/json'}, port:3000, hostname:'127.0.0.1', path:'/graphql?query={serverInfo{version}}', method: 'GET', timeout: 2000 }, (res) => { body = ''; res.on('data', (chunk) => {body += chunk;}); res.on('end', () => {process.exit(res.statusCode != 200 || body.toLowerCase().includes('error'));}); }).end(); } catch { process.exit(1); }"
env:
- name: CANONICAL_URL
{{- if .Values.ssl_canonical_url }}
value: https://{{ .Values.domain }}
{{- else }}
value: http://{{ .Values.domain }}
{{- end }}
- name: PORT
value: {{ include "server.port" $ | quote }}
- name: LOG_LEVEL
value: {{ .Values.server.logLevel }}
- name: USE_FRONTEND_2
value: {{ .Values.frontend_2.enabled | quote }}
- name: FRONTEND_ORIGIN
{{- if .Values.ssl_canonical_url }}
value: https://{{ .Values.domain }}
{{- else }}
value: http://{{ .Values.domain }}
{{- end }}
- name: ENABLE_FE2_MESSAGING
value: {{ .Values.server.enableFe2Messaging | quote }}
- name: FF_AUTOMATE_MODULE_ENABLED
value: {{ .Values.featureFlags.automateModuleEnabled | quote }}
{{- if .Values.featureFlags.automateModuleEnabled }}
- name: SPECKLE_AUTOMATE_URL
value: {{ .Values.server.speckleAutomateUrl }}
- name: AUTOMATE_ENCRYPTION_KEYS_PATH
value: {{ .Values.server.encryptionKeys.path }}
{{- end }}
- name: ONBOARDING_STREAM_URL
value: {{ .Values.server.onboarding.stream_url }}
- name: ONBOARDING_STREAM_CACHE_BUST_NUMBER
value: {{ .Values.server.onboarding.stream_cache_bust_number | quote }}
- name: SESSION_SECRET
valueFrom:
secretKeyRef:
name: "{{ default .Values.secretName .Values.server.sessionSecret.secretName }}"
key: {{ default "session_secret" .Values.server.sessionSecret.secretKey }}
- name: FILE_SIZE_LIMIT_MB
value: {{ .Values.file_size_limit_mb | quote }}
- name: MAX_PROJECT_MODELS_PER_PAGE
value: {{ .Values.server.max_project_models_per_page | quote }}
- name: MAX_OBJECT_SIZE_MB
value: {{ .Values.server.max_object_size_mb | quote }}
{{- if .Values.server.migration.movedFrom }}
- name: MIGRATION_SERVER_MOVED_FROM
value: {{ .Values.server.migration.movedFrom }}
{{- end }}
{{- if .Values.server.migration.movedTo }}
- name: MIGRATION_SERVER_MOVED_TO
value: {{ .Values.server.migration.movedTo }}
{{- end }}
# *** Gendo render module ***
- name: FF_GENDOAI_MODULE_ENABLED
value: {{ .Values.featureFlags.gendoAIModuleEnabled | quote }}
{{- if .Values.featureFlags.gendoAIModuleEnabled }}
- name: GENDOAI_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.gendoAI.key.secretName }}
key: {{ .Values.server.gendoAI.key.secretKey }}
- name: GENDOAI_KEY_RESPONSE
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.gendoAI.keyResponse.secretName }}
key: {{ .Values.server.gendoAI.keyResponse.secretKey }}
- name: GENDOAI_API_ENDPOINT
value: {{ .Values.server.gendoAI.apiUrl | quote }}
- name: RATELIMIT_GENDO_AI_RENDER_REQUEST
value: {{ .Values.server.gendoai.ratelimiting.renderRequest | quote }}
- name: RATELIMIT_GENDO_AI_RENDER_REQUEST_PERIOD_SECONDS
value: {{ .Values.server.gendoai.ratelimiting.renderRequestPeriodSeconds | quote }}
- name: RATELIMIT_BURST_GENDO_AI_RENDER_REQUEST
value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequest | quote }}
- name: RATELIMIT_GENDO_AI_RENDER_REQUEST_BURST_PERIOD_SECONDS
value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequestPeriodSeconds | quote }}
{{- end }}
# *** Redis ***
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.redis.connectionString.secretName }}
key: {{ default "redis_url" .Values.redis.connectionString.secretKey }}
# *** PostgreSQL Database ***
- name: POSTGRES_URL
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.db.connectionString.secretName }}
key: {{ default "postgres_url" .Values.db.connectionString.secretKey }}
- name: POSTGRES_MAX_CONNECTIONS_SERVER
value: {{ .Values.db.maxConnectionsServer | quote }}
- name: PGSSLMODE
value: "{{ .Values.db.PGSSLMODE }}"
{{- if .Values.db.useCertificate }}
- name: NODE_EXTRA_CA_CERTS
value: "/postgres-certificate/ca-certificate.crt"
{{- end }}
{{- if .Values.server.fileUploads.enabled }}
{{ else }}
- name: DISABLE_FILE_UPLOADS
value: "true"
{{ end }}
{{- if .Values.server.adminOverrideEnabled }}
- name: ADMIN_OVERRIDE_ENABLED
value: "true"
{{- end }}
{{- if .Values.server.weeklyDigestEnabled }}
- name: WEEKLY_DIGEST_ENABLED
value: "true"
{{- end }}
{{- if (quote .Values.server.monitoring.mp.enabled) }}
- name: ENABLE_MP
value: {{ .Values.server.monitoring.mp.enabled | quote }}
{{- end }}
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: {{ .Values.tlsRejectUnauthorized | quote }}
# *** S3 Object Storage ***
{{- if (or .Values.s3.configMap.enabled .Values.s3.endpoint) }}
{{- $s3values := ((include "server.s3Values" .) | fromJson ) }}
- name: S3_ENDPOINT
value: {{ $s3values.endpoint }}
- name: S3_ACCESS_KEY
value: {{ $s3values.access_key }}
- name: S3_BUCKET
value: {{ $s3values.bucket }}
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.s3.secret_key.secretName }}
key: {{ default "s3_secret_key" .Values.s3.secret_key.secretKey }}
- name: S3_CREATE_BUCKET
value: "{{ .Values.s3.create_bucket }}"
- name: S3_REGION
value: "{{ .Values.s3.region }}"
{{- end }}
# *** Authentication ***
# Local Auth
- name: STRATEGY_LOCAL
value: "{{ .Values.server.auth.local.enabled }}"
# Google Auth
{{- if .Values.server.auth.google.enabled }}
- name: STRATEGY_GOOGLE
value: "true"
- name: GOOGLE_CLIENT_ID
value: {{ .Values.server.auth.google.client_id }}
- name: GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.google.clientSecret.secretName }}
key: {{ default "google_client_secret" .Values.server.auth.google.clientSecret.secretKey }}
{{- end }}
# Github Auth
{{- if .Values.server.auth.github.enabled }}
- name: STRATEGY_GITHUB
value: "true"
- name: GITHUB_CLIENT_ID
value: {{ .Values.server.auth.github.client_id }}
- name: GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.github.clientSecret.secretName }}
key: {{ default "github_client_secret" .Values.server.auth.github.clientSecret.secretKey }}
{{- end }}
# AzureAD Auth
{{- if .Values.server.auth.azure_ad.enabled }}
- name: STRATEGY_AZURE_AD
value: "true"
- name: AZURE_AD_ORG_NAME
value: {{ .Values.server.auth.azure_ad.org_name }}
- name: AZURE_AD_IDENTITY_METADATA
value: {{ .Values.server.auth.azure_ad.identity_metadata }}
- name: AZURE_AD_ISSUER
value: {{ .Values.server.auth.azure_ad.issuer }}
- name: AZURE_AD_CLIENT_ID
value: {{ .Values.server.auth.azure_ad.client_id }}
- name: AZURE_AD_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.azure_ad.clientSecret.secretName }}
key: {{ default "azure_ad_client_secret" .Values.server.auth.azure_ad.clientSecret.secretKey }}
{{- end }}
# OpenID Connect Auth
{{- if .Values.server.auth.oidc.enabled }}
- name: STRATEGY_OIDC
value: "true"
- name: OIDC_NAME
value: {{ .Values.server.auth.oidc.name }}
- name: OIDC_DISCOVERY_URL
value: {{ .Values.server.auth.oidc.discovery_url }}
- name: OIDC_CLIENT_ID
value: {{ .Values.server.auth.oidc.client_id }}
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.auth.oidc.clientSecret.secretName }}
key: {{ default "oidc_client_secret" .Values.server.auth.oidc.clientSecret.secretKey }}
{{- end }}
# *** Email ***
{{- if .Values.server.email.enabled }}
- name: EMAIL
value: "true"
- name: EMAIL_HOST
value: "{{ .Values.server.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.server.email.port }}"
- name: EMAIL_USERNAME
value: "{{ .Values.server.email.username }}"
- name: EMAIL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.email.password.secretName }}
key: {{ default "email_password" .Values.server.email.password.secretKey }}
- name: EMAIL_FROM
value: "{{ .Values.server.email.from }}"
{{- end }}
# *** Newsletter ***
{{- if .Values.server.mailchimp.enabled }}
- name: MAILCHIMP_ENABLED
value: "true"
- name: MAILCHIMP_API_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.mailchimp.apikey.secretName }}
key: {{ .Values.server.mailchimp.apikey.secretKey }}
- name: MAILCHIMP_SERVER_PREFIX
value: "{{ .Values.server.mailchimp.serverPrefix}}"
- name: MAILCHIMP_NEWSLETTER_LIST_ID
value: "{{ .Values.server.mailchimp.newsletterListId}}"
- name: MAILCHIMP_ONBOARDING_LIST_ID
value: "{{ .Values.server.mailchimp.onboardingListId}}"
- name: MAILCHIMP_ONBOARDING_JOURNEY_ID
value: "{{ .Values.server.mailchimp.onboardingJourneyId}}"
- name: MAILCHIMP_ONBOARDING_STEP_ID
value: "{{ .Values.server.mailchimp.onboardingStepId}}"
{{- end }}
# *** Tracking / Tracing ***
- name: SENTRY_DSN
value: {{ .Values.server.sentry_dns }}
{{- if .Values.server.disable_tracing }}
- name: DISABLE_TRACING
value: "true"
{{- end }}
{{- if .Values.server.disable_tracking }}
- name: DISABLE_TRACKING
value: "true"
{{- end }}
# Monitoring - Apollo
{{- if .Values.server.monitoring.apollo.enabled }}
- name: APOLLO_GRAPH_ID
value: {{ .Values.server.monitoring.apollo.graph_id }}
- name: APOLLO_SCHEMA_REPORTING
value: "true"
- name: APOLLO_GRAPH_VARIANT
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: APOLLO_SERVER_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: APOLLO_SERVER_PLATFORM
value: "kubernetes/deployment"
- name: APOLLO_KEY
valueFrom:
secretKeyRef:
name: {{ default .Values.secretName .Values.server.monitoring.apollo.key.secretName }}
key: {{ default "apollo_key" .Values.server.monitoring.apollo.key.secretKey }}
{{- end }}
# Rate Limiting
{{- if .Values.server.ratelimiting.all_requests }}
- name: RATELIMIT_ALL_REQUESTS
value: "{{ .Values.server.ratelimiting.all_requests }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_all_requests }}
- name: RATELIMIT_BURST_ALL_REQUESTS
value: "{{ .Values.server.ratelimiting.burst_all_requests }}"
{{- end }}
{{- if .Values.server.ratelimiting.user_create }}
- name: RATELIMIT_USER_CREATE
value: "{{ .Values.server.ratelimiting.user_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_user_create }}
- name: RATELIMIT_BURST_USER_CREATE
value: "{{ .Values.server.ratelimiting.burst_user_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.stream_create }}
- name: RATELIMIT_STREAM_CREATE
value: "{{ .Values.server.ratelimiting.stream_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_stream_create }}
- name: RATELIMIT_BURST_STREAM_CREATE
value: "{{ .Values.server.ratelimiting.burst_stream_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.commit_create }}
- name: RATELIMIT_COMMIT_CREATE
value: "{{ .Values.server.ratelimiting.commit_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_commit_create }}
- name: RATELIMIT_BURST_COMMIT_CREATE
value: "{{ .Values.server.ratelimiting.burst_commit_create }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_getobjects_streamid }}
- name: RATELIMIT_POST_GETOBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.post_getobjects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_getobjects_streamid }}
- name: RATELIMIT_BURST_POST_GETOBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_getobjects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_diff_streamid }}
- name: RATELIMIT_POST_DIFF_STREAMID
value: "{{ .Values.server.ratelimiting.post_diff_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_diff_streamid }}
- name: RATELIMIT_BURST_POST_DIFF_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_diff_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_objects_streamid }}
- name: RATELIMIT_POST_OBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.post_objects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_objects_streamid }}
- name: RATELIMIT_BURST_POST_OBJECTS_STREAMID
value: "{{ .Values.server.ratelimiting.burst_post_objects_streamid }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_objects_streamid_objectid }}
- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID
value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}
- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID
value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_objects_streamid_objectid_single }}
- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID_SINGLE
value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid_single }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }}
- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID_SINGLE
value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }}"
{{- end }}
{{- if .Values.server.ratelimiting.post_graphql }}
- name: RATELIMIT_POST_GRAPHQL
value: "{{ .Values.server.ratelimiting.post_graphql }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_post_graphql }}
- name: RATELIMIT_BURST_POST_GRAPHQL
value: "{{ .Values.server.ratelimiting.burst_post_graphql }}"
{{- end }}
{{- if .Values.server.ratelimiting.get_auth }}
- name: RATELIMIT_GET_AUTH
value: "{{ .Values.server.ratelimiting.get_auth }}"
{{- end }}
{{- if .Values.server.ratelimiting.burst_get_auth }}
- name: RATELIMIT_BURST_GET_AUTH
value: "{{ .Values.server.ratelimiting.burst_get_auth }}"
{{- end }}
{{ include "server.env" $ | indent 10 }}
{{/* NOTE: Environment variables are configured in utils/helm/speckle-server/templates/_helpers.tpl */}}
{{- if .Values.server.affinity }}
affinity: {{- include "speckle.renderTpl" (dict "value" .Values.server.affinity "context" $) | nindent 8 }}
{{- end }}