From 19cf4d52fc4fbc8516f186fe1ea65f425f0fc93f Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Thu, 30 May 2024 16:59:56 +0100 Subject: [PATCH] refactor(helm chart): template to produce identical environment variables for both server & objects pods (#2304) * fix(helm chart): objects pod should also have automate feature flag env vars * refactor(helm chart): share environment variables between server & objects pods - use a template to configure the same set of environment variables for both server & objects pods --- .../speckle-server/templates/_helpers.tpl | 414 ++++++++++++++++++ .../templates/objects/deployment.yml | 338 +------------- .../templates/server/deployment.yml | 409 +---------------- 3 files changed, 418 insertions(+), 743 deletions(-) diff --git a/utils/helm/speckle-server/templates/_helpers.tpl b/utils/helm/speckle-server/templates/_helpers.tpl index c16927ce7..77a629c28 100644 --- a/utils/helm/speckle-server/templates/_helpers.tpl +++ b/utils/helm/speckle-server/templates/_helpers.tpl @@ -527,3 +527,417 @@ Retrieve the s3 parameters from ConfigMap if enabled, or default to retrieving t {{- $result | toJson }} {{- end }} {{- end }} + + +{{/* +Generate the environment variables for Speckle server and Speckle objects deployments +*/}} +{{- define "server.env" -}} +- name: CANONICAL_URL + {{- if .Values.ssl_canonical_url }} + value: https://{{ .Values.domain }} + {{- else }} + value: http://{{ .Values.domain }} + {{- end }} + +- name: PORT + value: {{ include "server.port" $ | quote }} +- name: LOG_LEVEL + value: {{ .Values.server.logLevel }} + +- name: USE_FRONTEND_2 + value: {{ .Values.frontend_2.enabled | quote }} + +- name: FRONTEND_ORIGIN + {{- if .Values.ssl_canonical_url }} + value: https://{{ .Values.domain }} + {{- else }} + value: http://{{ .Values.domain }} + {{- end }} + +- name: ENABLE_FE2_MESSAGING + value: {{ .Values.server.enableFe2Messaging | quote }} + +- name: FF_AUTOMATE_MODULE_ENABLED + value: {{ .Values.featureFlags.automateModuleEnabled | quote }} + +{{- if .Values.featureFlags.automateModuleEnabled }} +- name: SPECKLE_AUTOMATE_URL + value: {{ .Values.server.speckleAutomateUrl }} + +- name: AUTOMATE_ENCRYPTION_KEYS_PATH + value: {{ .Values.server.encryptionKeys.path }} +{{- end }} + +- name: ONBOARDING_STREAM_URL + value: {{ .Values.server.onboarding.stream_url }} +- name: ONBOARDING_STREAM_CACHE_BUST_NUMBER + value: {{ .Values.server.onboarding.stream_cache_bust_number | quote }} + +- name: SESSION_SECRET + valueFrom: + secretKeyRef: + name: "{{ default .Values.secretName .Values.server.sessionSecret.secretName }}" + key: {{ default "session_secret" .Values.server.sessionSecret.secretKey }} + +- name: FILE_SIZE_LIMIT_MB + value: {{ .Values.file_size_limit_mb | quote }} + +- name: MAX_PROJECT_MODELS_PER_PAGE + value: {{ .Values.server.max_project_models_per_page | quote }} + +- name: MAX_OBJECT_SIZE_MB + value: {{ .Values.server.max_object_size_mb | quote }} + + {{- if .Values.server.migration.movedFrom }} +- name: MIGRATION_SERVER_MOVED_FROM + value: {{ .Values.server.migration.movedFrom }} + {{- end }} + + {{- if .Values.server.migration.movedTo }} +- name: MIGRATION_SERVER_MOVED_TO + value: {{ .Values.server.migration.movedTo }} + {{- end }} + +# *** Gendo render module *** +- name: FF_GENDOAI_MODULE_ENABLED + value: {{ .Values.featureFlags.gendoAIModuleEnabled | quote }} + +{{- if .Values.featureFlags.gendoAIModuleEnabled }} +- name: GENDOAI_KEY + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.gendoAI.key.secretName }} + key: {{ .Values.server.gendoAI.key.secretKey }} + +- name: GENDOAI_KEY_RESPONSE + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.gendoAI.keyResponse.secretName }} + key: {{ .Values.server.gendoAI.keyResponse.secretKey }} + +- name: GENDOAI_API_ENDPOINT + value: {{ .Values.server.gendoAI.apiUrl | quote }} + +- name: RATELIMIT_GENDO_AI_RENDER_REQUEST + value: {{ .Values.server.gendoai.ratelimiting.renderRequest | quote }} + +- name: RATELIMIT_GENDO_AI_RENDER_REQUEST_PERIOD_SECONDS + value: {{ .Values.server.gendoai.ratelimiting.renderRequestPeriodSeconds | quote }} + +- name: RATELIMIT_BURST_GENDO_AI_RENDER_REQUEST + value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequest | quote }} + +- name: RATELIMIT_GENDO_AI_RENDER_REQUEST_BURST_PERIOD_SECONDS + value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequestPeriodSeconds | quote }} +{{- end }} + +# *** Redis *** +- name: REDIS_URL + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.redis.connectionString.secretName }} + key: {{ default "redis_url" .Values.redis.connectionString.secretKey }} + +# *** PostgreSQL Database *** +- name: POSTGRES_URL + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.db.connectionString.secretName }} + key: {{ default "postgres_url" .Values.db.connectionString.secretKey }} +- name: POSTGRES_MAX_CONNECTIONS_SERVER + value: {{ .Values.db.maxConnectionsServer | quote }} + +- name: PGSSLMODE + value: "{{ .Values.db.PGSSLMODE }}" + +{{- if .Values.db.useCertificate }} +- name: NODE_EXTRA_CA_CERTS + value: "/postgres-certificate/ca-certificate.crt" +{{- end }} + +{{- if .Values.server.fileUploads.enabled }} +{{ else }} +- name: DISABLE_FILE_UPLOADS + value: "true" +{{ end }} + +{{- if .Values.server.adminOverrideEnabled }} +- name: ADMIN_OVERRIDE_ENABLED + value: "true" +{{- end }} + +{{- if .Values.server.weeklyDigestEnabled }} +- name: WEEKLY_DIGEST_ENABLED + value: "true" +{{- end }} + +{{- if (quote .Values.server.monitoring.mp.enabled) }} +- name: ENABLE_MP + value: {{ .Values.server.monitoring.mp.enabled | quote }} +{{- end }} + +- name: NODE_TLS_REJECT_UNAUTHORIZED + value: {{ .Values.tlsRejectUnauthorized | quote }} + +# *** S3 Object Storage *** +{{- if (or .Values.s3.configMap.enabled .Values.s3.endpoint) }} +{{- $s3values := ((include "server.s3Values" .) | fromJson ) }} +- name: S3_ENDPOINT + value: {{ $s3values.endpoint }} +- name: S3_ACCESS_KEY + value: {{ $s3values.access_key }} +- name: S3_BUCKET + value: {{ $s3values.bucket }} +- name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.s3.secret_key.secretName }} + key: {{ default "s3_secret_key" .Values.s3.secret_key.secretKey }} +- name: S3_CREATE_BUCKET + value: "{{ .Values.s3.create_bucket }}" +- name: S3_REGION + value: "{{ .Values.s3.region }}" + +{{- end }} + +# *** Authentication *** + +# Local Auth +- name: STRATEGY_LOCAL + value: "{{ .Values.server.auth.local.enabled }}" + +# Google Auth +{{- if .Values.server.auth.google.enabled }} +- name: STRATEGY_GOOGLE + value: "true" +- name: GOOGLE_CLIENT_ID + value: {{ .Values.server.auth.google.client_id }} +- name: GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.auth.google.clientSecret.secretName }} + key: {{ default "google_client_secret" .Values.server.auth.google.clientSecret.secretKey }} +{{- end }} + +# Github Auth +{{- if .Values.server.auth.github.enabled }} +- name: STRATEGY_GITHUB + value: "true" +- name: GITHUB_CLIENT_ID + value: {{ .Values.server.auth.github.client_id }} +- name: GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.auth.github.clientSecret.secretName }} + key: {{ default "github_client_secret" .Values.server.auth.github.clientSecret.secretKey }} +{{- end }} + +# AzureAD Auth +{{- if .Values.server.auth.azure_ad.enabled }} +- name: STRATEGY_AZURE_AD + value: "true" +- name: AZURE_AD_ORG_NAME + value: {{ .Values.server.auth.azure_ad.org_name }} +- name: AZURE_AD_IDENTITY_METADATA + value: {{ .Values.server.auth.azure_ad.identity_metadata }} +- name: AZURE_AD_ISSUER + value: {{ .Values.server.auth.azure_ad.issuer }} +- name: AZURE_AD_CLIENT_ID + value: {{ .Values.server.auth.azure_ad.client_id }} +- name: AZURE_AD_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.auth.azure_ad.clientSecret.secretName }} + key: {{ default "azure_ad_client_secret" .Values.server.auth.azure_ad.clientSecret.secretKey }} +{{- end }} + + +# OpenID Connect Auth +{{- if .Values.server.auth.oidc.enabled }} +- name: STRATEGY_OIDC + value: "true" +- name: OIDC_NAME + value: {{ .Values.server.auth.oidc.name }} +- name: OIDC_DISCOVERY_URL + value: {{ .Values.server.auth.oidc.discovery_url }} +- name: OIDC_CLIENT_ID + value: {{ .Values.server.auth.oidc.client_id }} +- name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.auth.oidc.clientSecret.secretName }} + key: {{ default "oidc_client_secret" .Values.server.auth.oidc.clientSecret.secretKey }} +{{- end }} + + +# *** Email *** + +{{- if .Values.server.email.enabled }} +- name: EMAIL + value: "true" +- name: EMAIL_HOST + value: "{{ .Values.server.email.host }}" +- name: EMAIL_PORT + value: "{{ .Values.server.email.port }}" +- name: EMAIL_USERNAME + value: "{{ .Values.server.email.username }}" +- name: EMAIL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.email.password.secretName }} + key: {{ default "email_password" .Values.server.email.password.secretKey }} +- name: EMAIL_FROM + value: "{{ .Values.server.email.from }}" +{{- end }} + +# *** Newsletter *** +{{- if .Values.server.mailchimp.enabled }} +- name: MAILCHIMP_ENABLED + value: "true" +- name: MAILCHIMP_API_KEY + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.mailchimp.apikey.secretName }} + key: {{ .Values.server.mailchimp.apikey.secretKey }} +- name: MAILCHIMP_SERVER_PREFIX + value: "{{ .Values.server.mailchimp.serverPrefix}}" + +- name: MAILCHIMP_NEWSLETTER_LIST_ID + value: "{{ .Values.server.mailchimp.newsletterListId}}" + +- name: MAILCHIMP_ONBOARDING_LIST_ID + value: "{{ .Values.server.mailchimp.onboardingListId}}" + +- name: MAILCHIMP_ONBOARDING_JOURNEY_ID + value: "{{ .Values.server.mailchimp.onboardingJourneyId}}" + +- name: MAILCHIMP_ONBOARDING_STEP_ID + value: "{{ .Values.server.mailchimp.onboardingStepId}}" +{{- end }} + +# *** Tracking / Tracing *** +- name: SENTRY_DSN + value: {{ .Values.server.sentry_dns }} +{{- if .Values.server.disable_tracing }} +- name: DISABLE_TRACING + value: "true" +{{- end }} +{{- if .Values.server.disable_tracking }} +- name: DISABLE_TRACKING + value: "true" +{{- end }} + +# Monitoring - Apollo +{{- if .Values.server.monitoring.apollo.enabled }} +- name: APOLLO_GRAPH_ID + value: {{ .Values.server.monitoring.apollo.graph_id }} +- name: APOLLO_SCHEMA_REPORTING + value: "true" +- name: APOLLO_GRAPH_VARIANT + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: APOLLO_SERVER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: APOLLO_SERVER_PLATFORM + value: "kubernetes/deployment" +- name: APOLLO_KEY + valueFrom: + secretKeyRef: + name: {{ default .Values.secretName .Values.server.monitoring.apollo.key.secretName }} + key: {{ default "apollo_key" .Values.server.monitoring.apollo.key.secretKey }} +{{- end }} + +# Rate Limiting +{{- if .Values.server.ratelimiting.all_requests }} +- name: RATELIMIT_ALL_REQUESTS + value: "{{ .Values.server.ratelimiting.all_requests }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_all_requests }} +- name: RATELIMIT_BURST_ALL_REQUESTS + value: "{{ .Values.server.ratelimiting.burst_all_requests }}" +{{- end }} +{{- if .Values.server.ratelimiting.user_create }} +- name: RATELIMIT_USER_CREATE + value: "{{ .Values.server.ratelimiting.user_create }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_user_create }} +- name: RATELIMIT_BURST_USER_CREATE + value: "{{ .Values.server.ratelimiting.burst_user_create }}" +{{- end }} +{{- if .Values.server.ratelimiting.stream_create }} +- name: RATELIMIT_STREAM_CREATE + value: "{{ .Values.server.ratelimiting.stream_create }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_stream_create }} +- name: RATELIMIT_BURST_STREAM_CREATE + value: "{{ .Values.server.ratelimiting.burst_stream_create }}" +{{- end }} +{{- if .Values.server.ratelimiting.commit_create }} +- name: RATELIMIT_COMMIT_CREATE + value: "{{ .Values.server.ratelimiting.commit_create }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_commit_create }} +- name: RATELIMIT_BURST_COMMIT_CREATE + value: "{{ .Values.server.ratelimiting.burst_commit_create }}" +{{- end }} +{{- if .Values.server.ratelimiting.post_getobjects_streamid }} +- name: RATELIMIT_POST_GETOBJECTS_STREAMID + value: "{{ .Values.server.ratelimiting.post_getobjects_streamid }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_post_getobjects_streamid }} +- name: RATELIMIT_BURST_POST_GETOBJECTS_STREAMID + value: "{{ .Values.server.ratelimiting.burst_post_getobjects_streamid }}" +{{- end }} +{{- if .Values.server.ratelimiting.post_diff_streamid }} +- name: RATELIMIT_POST_DIFF_STREAMID + value: "{{ .Values.server.ratelimiting.post_diff_streamid }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_post_diff_streamid }} +- name: RATELIMIT_BURST_POST_DIFF_STREAMID + value: "{{ .Values.server.ratelimiting.burst_post_diff_streamid }}" +{{- end }} +{{- if .Values.server.ratelimiting.post_objects_streamid }} +- name: RATELIMIT_POST_OBJECTS_STREAMID + value: "{{ .Values.server.ratelimiting.post_objects_streamid }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_post_objects_streamid }} +- name: RATELIMIT_BURST_POST_OBJECTS_STREAMID + value: "{{ .Values.server.ratelimiting.burst_post_objects_streamid }}" +{{- end }} +{{- if .Values.server.ratelimiting.get_objects_streamid_objectid }} +- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID + value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid }} +- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID + value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}" +{{- end }} +{{- if .Values.server.ratelimiting.get_objects_streamid_objectid_single }} +- name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID_SINGLE + value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid_single }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }} +- name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID_SINGLE + value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }}" +{{- end }} +{{- if .Values.server.ratelimiting.post_graphql }} +- name: RATELIMIT_POST_GRAPHQL + value: "{{ .Values.server.ratelimiting.post_graphql }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_post_graphql }} +- name: RATELIMIT_BURST_POST_GRAPHQL + value: "{{ .Values.server.ratelimiting.burst_post_graphql }}" +{{- end }} +{{- if .Values.server.ratelimiting.get_auth }} +- name: RATELIMIT_GET_AUTH + value: "{{ .Values.server.ratelimiting.get_auth }}" +{{- end }} +{{- if .Values.server.ratelimiting.burst_get_auth }} +- name: RATELIMIT_BURST_GET_AUTH + value: "{{ .Values.server.ratelimiting.burst_get_auth }}" +{{- end }} +{{- end }} diff --git a/utils/helm/speckle-server/templates/objects/deployment.yml b/utils/helm/speckle-server/templates/objects/deployment.yml index 8bf879a62..79ac00c1e 100644 --- a/utils/helm/speckle-server/templates/objects/deployment.yml +++ b/utils/helm/speckle-server/templates/objects/deployment.yml @@ -86,342 +86,8 @@ spec: - "try { require('node:http').request({headers: {'Content-Type': 'application/json'}, port:3000, hostname:'127.0.0.1', path:'/graphql?query={serverInfo{version}}', method: 'GET', timeout: 2000 }, (res) => { body = ''; res.on('data', (chunk) => {body += chunk;}); res.on('end', () => {process.exit(res.statusCode != 200 || body.toLowerCase().includes('error'));}); }).end(); } catch { process.exit(1); }" env: - - name: CANONICAL_URL - {{- if .Values.ssl_canonical_url }} - value: https://{{ .Values.domain }} - {{- else }} - value: http://{{ .Values.domain }} - {{- end }} - - - name: PORT - value: {{ include "objects.port" $ | quote }} - - name: LOG_LEVEL - value: {{ .Values.objects.logLevel }} - - - name: USE_FRONTEND_2 - value: {{ .Values.frontend_2.enabled | quote }} - - - name: FRONTEND_ORIGIN - {{- if .Values.ssl_canonical_url }} - value: https://{{ .Values.domain }} - {{- else }} - value: http://{{ .Values.domain }} - {{- end }} - - - name: ONBOARDING_STREAM_URL - value: {{ .Values.server.onboarding.stream_url }} - - name: ONBOARDING_STREAM_CACHE_BUST_NUMBER - value: {{ .Values.server.onboarding.stream_cache_bust_number | quote }} - - - name: SESSION_SECRET - valueFrom: - secretKeyRef: - name: "{{ default .Values.secretName .Values.server.sessionSecret.secretName }}" - key: {{ default "session_secret" .Values.server.sessionSecret.secretKey }} - - - name: FILE_SIZE_LIMIT_MB - value: {{ .Values.file_size_limit_mb | quote }} - - - name: MAX_PROJECT_MODELS_PER_PAGE - value: {{ .Values.server.max_project_models_per_page | quote }} - - - name: MAX_OBJECT_SIZE_MB - value: {{ .Values.objects.max_object_size_mb | quote }} - - # *** Redis *** - - name: REDIS_URL - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.redis.connectionString.secretName }} - key: {{ default "redis_url" .Values.redis.connectionString.secretKey }} - - # *** PostgreSQL Database *** - - name: POSTGRES_URL - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.db.connectionString.secretName }} - key: {{ default "postgres_url" .Values.db.connectionString.secretKey }} - - name: POSTGRES_MAX_CONNECTIONS_SERVER - value: {{ .Values.db.maxConnectionsServer | quote }} - - - name: PGSSLMODE - value: "{{ .Values.db.PGSSLMODE }}" - - {{- if .Values.db.useCertificate }} - - name: NODE_EXTRA_CA_CERTS - value: "/postgres-certificate/ca-certificate.crt" - {{- end }} - - {{- if .Values.server.fileUploads.enabled }} - {{ else }} - - name: DISABLE_FILE_UPLOADS - value: "true" - {{ end }} - - {{- if .Values.server.adminOverrideEnabled }} - - name: ADMIN_OVERRIDE_ENABLED - value: "true" - {{- end }} - - {{- if (quote .Values.server.monitoring.mp.enabled) }} - - name: ENABLE_MP - value: {{ .Values.server.monitoring.mp.enabled | quote }} - {{- end }} - - - name: NODE_TLS_REJECT_UNAUTHORIZED - value: {{ .Values.tlsRejectUnauthorized | quote }} - - # *** S3 Object Storage *** - {{- if (or .Values.s3.configMap.enabled .Values.s3.endpoint) }} - {{- $s3values := ((include "server.s3Values" .) | fromJson ) }} - - name: S3_ENDPOINT - value: {{ $s3values.endpoint }} - - name: S3_ACCESS_KEY - value: {{ $s3values.access_key }} - - name: S3_BUCKET - value: {{ $s3values.bucket }} - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.s3.secret_key.secretName }} - key: {{ default "s3_secret_key" .Values.s3.secret_key.secretKey }} - - name: S3_CREATE_BUCKET - value: "{{ .Values.s3.create_bucket }}" - - name: S3_REGION - value: "{{ .Values.s3.region }}" - - {{- end }} - - # *** Authentication *** - - # Local Auth - - name: STRATEGY_LOCAL - value: "{{ .Values.server.auth.local.enabled }}" - - # Google Auth - {{- if .Values.server.auth.google.enabled }} - - name: STRATEGY_GOOGLE - value: "true" - - name: GOOGLE_CLIENT_ID - value: {{ .Values.server.auth.google.client_id }} - - name: GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.google.clientSecret.secretName }} - key: {{ default "google_client_secret" .Values.server.auth.google.clientSecret.secretKey }} - {{- end }} - - # Github Auth - {{- if .Values.server.auth.github.enabled }} - - name: STRATEGY_GITHUB - value: "true" - - name: GITHUB_CLIENT_ID - value: {{ .Values.server.auth.github.client_id }} - - name: GITHUB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.github.clientSecret.secretName }} - key: {{ default "github_client_secret" .Values.server.auth.github.clientSecret.secretKey }} - {{- end }} - - # AzureAD Auth - {{- if .Values.server.auth.azure_ad.enabled }} - - name: STRATEGY_AZURE_AD - value: "true" - - name: AZURE_AD_ORG_NAME - value: {{ .Values.server.auth.azure_ad.org_name }} - - name: AZURE_AD_IDENTITY_METADATA - value: {{ .Values.server.auth.azure_ad.identity_metadata }} - - name: AZURE_AD_ISSUER - value: {{ .Values.server.auth.azure_ad.issuer }} - - name: AZURE_AD_CLIENT_ID - value: {{ .Values.server.auth.azure_ad.client_id }} - - name: AZURE_AD_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.azure_ad.clientSecret.secretName }} - key: {{ default "azure_ad_client_secret" .Values.server.auth.azure_ad.clientSecret.secretKey }} - {{- end }} - - - # OpenID Connect Auth - {{- if .Values.server.auth.oidc.enabled }} - - name: STRATEGY_OIDC - value: "true" - - name: OIDC_NAME - value: {{ .Values.server.auth.oidc.name }} - - name: OIDC_DISCOVERY_URL - value: {{ .Values.server.auth.oidc.discovery_url }} - - name: OIDC_CLIENT_ID - value: {{ .Values.server.auth.oidc.client_id }} - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.oidc.clientSecret.secretName }} - key: {{ default "oidc_client_secret" .Values.server.auth.oidc.clientSecret.secretKey }} - {{- end }} - - - # *** Email *** - - {{- if .Values.server.email.enabled }} - - name: EMAIL - value: "true" - - name: EMAIL_HOST - value: "{{ .Values.server.email.host }}" - - name: EMAIL_PORT - value: "{{ .Values.server.email.port }}" - - name: EMAIL_USERNAME - value: "{{ .Values.server.email.username }}" - - name: EMAIL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.email.password.secretName }} - key: {{ default "email_password" .Values.server.email.password.secretKey }} - - name: EMAIL_FROM - value: "{{ .Values.server.email.from }}" - {{- end }} - - # *** Newsletter will not be generated by objects pods *** - - name: MAILCHIMP_ENABLED - value: "false" - - # *** Tracking / Tracing *** - - name: SENTRY_DSN - value: {{ .Values.server.sentry_dns }} - {{- if .Values.server.disable_tracing }} - - name: DISABLE_TRACING - value: "true" - {{- end }} - {{- if .Values.server.disable_tracking }} - - name: DISABLE_TRACKING - value: "true" - {{- end }} - - # Monitoring - Apollo - {{- if .Values.server.monitoring.apollo.enabled }} - - name: APOLLO_GRAPH_ID - value: {{ .Values.server.monitoring.apollo.graph_id }} - - name: APOLLO_SCHEMA_REPORTING - value: "true" - - name: APOLLO_GRAPH_VARIANT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: APOLLO_SERVER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: APOLLO_SERVER_PLATFORM - value: "kubernetes/deployment" - - name: APOLLO_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.monitoring.apollo.key.secretName }} - key: {{ default "apollo_key" .Values.server.monitoring.apollo.key.secretKey }} - {{- end }} - - # Automate - - name: FF_AUTOMATE_MODULE_ENABLED - value: {{ .Values.featureFlags.automateModuleEnabled | quote }} - - {{- if .Values.featureFlags.automateModuleEnabled }} - - name: SPECKLE_AUTOMATE_URL - value: {{ .Values.server.speckleAutomateUrl }} - - - name: AUTOMATE_ENCRYPTION_KEYS_PATH - value: {{ .Values.server.encryptionKeys.path }} - {{- end }} - - # Rate Limiting - {{- if .Values.server.ratelimiting.all_requests }} - - name: RATELIMIT_ALL_REQUESTS - value: "{{ .Values.server.ratelimiting.all_requests }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_all_requests }} - - name: RATELIMIT_BURST_ALL_REQUESTS - value: "{{ .Values.server.ratelimiting.burst_all_requests }}" - {{- end }} - {{- if .Values.server.ratelimiting.user_create }} - - name: RATELIMIT_USER_CREATE - value: "{{ .Values.server.ratelimiting.user_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_user_create }} - - name: RATELIMIT_BURST_USER_CREATE - value: "{{ .Values.server.ratelimiting.burst_user_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.stream_create }} - - name: RATELIMIT_STREAM_CREATE - value: "{{ .Values.server.ratelimiting.stream_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_stream_create }} - - name: RATELIMIT_BURST_STREAM_CREATE - value: "{{ .Values.server.ratelimiting.burst_stream_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.commit_create }} - - name: RATELIMIT_COMMIT_CREATE - value: "{{ .Values.server.ratelimiting.commit_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_commit_create }} - - name: RATELIMIT_BURST_COMMIT_CREATE - value: "{{ .Values.server.ratelimiting.burst_commit_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_getobjects_streamid }} - - name: RATELIMIT_POST_GETOBJECTS_STREAMID - value: "{{ .Values.server.ratelimiting.post_getobjects_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_getobjects_streamid }} - - name: RATELIMIT_BURST_POST_GETOBJECTS_STREAMID - value: "{{ .Values.server.ratelimiting.burst_post_getobjects_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_diff_streamid }} - - name: RATELIMIT_POST_DIFF_STREAMID - value: "{{ .Values.server.ratelimiting.post_diff_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_diff_streamid }} - - name: RATELIMIT_BURST_POST_DIFF_STREAMID - value: "{{ .Values.server.ratelimiting.burst_post_diff_streamid }}" - {{- end }} - {{- if .Values.objects.ratelimiting.post_objects_streamid }} - - name: RATELIMIT_POST_OBJECTS_STREAMID - value: "{{ .Values.objects.ratelimiting.post_objects_streamid }}" - {{- end }} - {{- if .Values.objects.ratelimiting.burst_post_objects_streamid }} - - name: RATELIMIT_BURST_POST_OBJECTS_STREAMID - value: "{{ .Values.objects.ratelimiting.burst_post_objects_streamid }}" - {{- end }} - {{- if .Values.objects.ratelimiting.get_objects_streamid_objectid }} - - name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID - value: "{{ .Values.objects.ratelimiting.get_objects_streamid_objectid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid }} - - name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID - value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}" - {{- end }} - {{- if .Values.objects.ratelimiting.get_objects_streamid_objectid_single }} - - name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID_SINGLE - value: "{{ .Values.objects.ratelimiting.get_objects_streamid_objectid_single }}" - {{- end }} - {{- if .Values.objects.ratelimiting.burst_get_objects_streamid_objectid_single }} - - name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID_SINGLE - value: "{{ .Values.objects.ratelimiting.burst_get_objects_streamid_objectid_single }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_graphql }} - - name: RATELIMIT_POST_GRAPHQL - value: "{{ .Values.server.ratelimiting.post_graphql }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_graphql }} - - name: RATELIMIT_BURST_POST_GRAPHQL - value: "{{ .Values.server.ratelimiting.burst_post_graphql }}" - {{- end }} - {{- if .Values.server.ratelimiting.get_auth }} - - name: RATELIMIT_GET_AUTH - value: "{{ .Values.server.ratelimiting.get_auth }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_get_auth }} - - name: RATELIMIT_BURST_GET_AUTH - value: "{{ .Values.server.ratelimiting.burst_get_auth }}" - {{- end }} +{{ include "server.env" $ | indent 10 }} +{{/* NOTE: Environment variables are configured in utils/helm/speckle-server/templates/_helpers.tpl */}} {{- if .Values.objects.affinity }} affinity: {{- include "speckle.renderTpl" (dict "value" .Values.objects.affinity "context" $) | nindent 8 }} {{- end }} diff --git a/utils/helm/speckle-server/templates/server/deployment.yml b/utils/helm/speckle-server/templates/server/deployment.yml index fc6c67324..94becc733 100644 --- a/utils/helm/speckle-server/templates/server/deployment.yml +++ b/utils/helm/speckle-server/templates/server/deployment.yml @@ -91,413 +91,8 @@ spec: - "try { require('node:http').request({headers: {'Content-Type': 'application/json'}, port:3000, hostname:'127.0.0.1', path:'/graphql?query={serverInfo{version}}', method: 'GET', timeout: 2000 }, (res) => { body = ''; res.on('data', (chunk) => {body += chunk;}); res.on('end', () => {process.exit(res.statusCode != 200 || body.toLowerCase().includes('error'));}); }).end(); } catch { process.exit(1); }" env: - - name: CANONICAL_URL - {{- if .Values.ssl_canonical_url }} - value: https://{{ .Values.domain }} - {{- else }} - value: http://{{ .Values.domain }} - {{- end }} - - - name: PORT - value: {{ include "server.port" $ | quote }} - - name: LOG_LEVEL - value: {{ .Values.server.logLevel }} - - - name: USE_FRONTEND_2 - value: {{ .Values.frontend_2.enabled | quote }} - - - name: FRONTEND_ORIGIN - {{- if .Values.ssl_canonical_url }} - value: https://{{ .Values.domain }} - {{- else }} - value: http://{{ .Values.domain }} - {{- end }} - - - name: ENABLE_FE2_MESSAGING - value: {{ .Values.server.enableFe2Messaging | quote }} - - - name: FF_AUTOMATE_MODULE_ENABLED - value: {{ .Values.featureFlags.automateModuleEnabled | quote }} - - {{- if .Values.featureFlags.automateModuleEnabled }} - - name: SPECKLE_AUTOMATE_URL - value: {{ .Values.server.speckleAutomateUrl }} - - - name: AUTOMATE_ENCRYPTION_KEYS_PATH - value: {{ .Values.server.encryptionKeys.path }} - {{- end }} - - - name: ONBOARDING_STREAM_URL - value: {{ .Values.server.onboarding.stream_url }} - - name: ONBOARDING_STREAM_CACHE_BUST_NUMBER - value: {{ .Values.server.onboarding.stream_cache_bust_number | quote }} - - - name: SESSION_SECRET - valueFrom: - secretKeyRef: - name: "{{ default .Values.secretName .Values.server.sessionSecret.secretName }}" - key: {{ default "session_secret" .Values.server.sessionSecret.secretKey }} - - - name: FILE_SIZE_LIMIT_MB - value: {{ .Values.file_size_limit_mb | quote }} - - - name: MAX_PROJECT_MODELS_PER_PAGE - value: {{ .Values.server.max_project_models_per_page | quote }} - - - name: MAX_OBJECT_SIZE_MB - value: {{ .Values.server.max_object_size_mb | quote }} - - {{- if .Values.server.migration.movedFrom }} - - name: MIGRATION_SERVER_MOVED_FROM - value: {{ .Values.server.migration.movedFrom }} - {{- end }} - - {{- if .Values.server.migration.movedTo }} - - name: MIGRATION_SERVER_MOVED_TO - value: {{ .Values.server.migration.movedTo }} - {{- end }} - - # *** Gendo render module *** - - name: FF_GENDOAI_MODULE_ENABLED - value: {{ .Values.featureFlags.gendoAIModuleEnabled | quote }} - - {{- if .Values.featureFlags.gendoAIModuleEnabled }} - - name: GENDOAI_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.gendoAI.key.secretName }} - key: {{ .Values.server.gendoAI.key.secretKey }} - - - name: GENDOAI_KEY_RESPONSE - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.gendoAI.keyResponse.secretName }} - key: {{ .Values.server.gendoAI.keyResponse.secretKey }} - - - name: GENDOAI_API_ENDPOINT - value: {{ .Values.server.gendoAI.apiUrl | quote }} - - - name: RATELIMIT_GENDO_AI_RENDER_REQUEST - value: {{ .Values.server.gendoai.ratelimiting.renderRequest | quote }} - - - name: RATELIMIT_GENDO_AI_RENDER_REQUEST_PERIOD_SECONDS - value: {{ .Values.server.gendoai.ratelimiting.renderRequestPeriodSeconds | quote }} - - - name: RATELIMIT_BURST_GENDO_AI_RENDER_REQUEST - value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequest | quote }} - - - name: RATELIMIT_GENDO_AI_RENDER_REQUEST_BURST_PERIOD_SECONDS - value: {{ .Values.server.gendoai.ratelimiting.burstRenderRequestPeriodSeconds | quote }} - {{- end }} - - # *** Redis *** - - name: REDIS_URL - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.redis.connectionString.secretName }} - key: {{ default "redis_url" .Values.redis.connectionString.secretKey }} - - # *** PostgreSQL Database *** - - name: POSTGRES_URL - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.db.connectionString.secretName }} - key: {{ default "postgres_url" .Values.db.connectionString.secretKey }} - - name: POSTGRES_MAX_CONNECTIONS_SERVER - value: {{ .Values.db.maxConnectionsServer | quote }} - - - name: PGSSLMODE - value: "{{ .Values.db.PGSSLMODE }}" - - {{- if .Values.db.useCertificate }} - - name: NODE_EXTRA_CA_CERTS - value: "/postgres-certificate/ca-certificate.crt" - {{- end }} - - {{- if .Values.server.fileUploads.enabled }} - {{ else }} - - name: DISABLE_FILE_UPLOADS - value: "true" - {{ end }} - - {{- if .Values.server.adminOverrideEnabled }} - - name: ADMIN_OVERRIDE_ENABLED - value: "true" - {{- end }} - - {{- if .Values.server.weeklyDigestEnabled }} - - name: WEEKLY_DIGEST_ENABLED - value: "true" - {{- end }} - - {{- if (quote .Values.server.monitoring.mp.enabled) }} - - name: ENABLE_MP - value: {{ .Values.server.monitoring.mp.enabled | quote }} - {{- end }} - - - name: NODE_TLS_REJECT_UNAUTHORIZED - value: {{ .Values.tlsRejectUnauthorized | quote }} - - # *** S3 Object Storage *** - {{- if (or .Values.s3.configMap.enabled .Values.s3.endpoint) }} - {{- $s3values := ((include "server.s3Values" .) | fromJson ) }} - - name: S3_ENDPOINT - value: {{ $s3values.endpoint }} - - name: S3_ACCESS_KEY - value: {{ $s3values.access_key }} - - name: S3_BUCKET - value: {{ $s3values.bucket }} - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.s3.secret_key.secretName }} - key: {{ default "s3_secret_key" .Values.s3.secret_key.secretKey }} - - name: S3_CREATE_BUCKET - value: "{{ .Values.s3.create_bucket }}" - - name: S3_REGION - value: "{{ .Values.s3.region }}" - - {{- end }} - - # *** Authentication *** - - # Local Auth - - name: STRATEGY_LOCAL - value: "{{ .Values.server.auth.local.enabled }}" - - # Google Auth - {{- if .Values.server.auth.google.enabled }} - - name: STRATEGY_GOOGLE - value: "true" - - name: GOOGLE_CLIENT_ID - value: {{ .Values.server.auth.google.client_id }} - - name: GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.google.clientSecret.secretName }} - key: {{ default "google_client_secret" .Values.server.auth.google.clientSecret.secretKey }} - {{- end }} - - # Github Auth - {{- if .Values.server.auth.github.enabled }} - - name: STRATEGY_GITHUB - value: "true" - - name: GITHUB_CLIENT_ID - value: {{ .Values.server.auth.github.client_id }} - - name: GITHUB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.github.clientSecret.secretName }} - key: {{ default "github_client_secret" .Values.server.auth.github.clientSecret.secretKey }} - {{- end }} - - # AzureAD Auth - {{- if .Values.server.auth.azure_ad.enabled }} - - name: STRATEGY_AZURE_AD - value: "true" - - name: AZURE_AD_ORG_NAME - value: {{ .Values.server.auth.azure_ad.org_name }} - - name: AZURE_AD_IDENTITY_METADATA - value: {{ .Values.server.auth.azure_ad.identity_metadata }} - - name: AZURE_AD_ISSUER - value: {{ .Values.server.auth.azure_ad.issuer }} - - name: AZURE_AD_CLIENT_ID - value: {{ .Values.server.auth.azure_ad.client_id }} - - name: AZURE_AD_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.azure_ad.clientSecret.secretName }} - key: {{ default "azure_ad_client_secret" .Values.server.auth.azure_ad.clientSecret.secretKey }} - {{- end }} - - - # OpenID Connect Auth - {{- if .Values.server.auth.oidc.enabled }} - - name: STRATEGY_OIDC - value: "true" - - name: OIDC_NAME - value: {{ .Values.server.auth.oidc.name }} - - name: OIDC_DISCOVERY_URL - value: {{ .Values.server.auth.oidc.discovery_url }} - - name: OIDC_CLIENT_ID - value: {{ .Values.server.auth.oidc.client_id }} - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.auth.oidc.clientSecret.secretName }} - key: {{ default "oidc_client_secret" .Values.server.auth.oidc.clientSecret.secretKey }} - {{- end }} - - - # *** Email *** - - {{- if .Values.server.email.enabled }} - - name: EMAIL - value: "true" - - name: EMAIL_HOST - value: "{{ .Values.server.email.host }}" - - name: EMAIL_PORT - value: "{{ .Values.server.email.port }}" - - name: EMAIL_USERNAME - value: "{{ .Values.server.email.username }}" - - name: EMAIL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.email.password.secretName }} - key: {{ default "email_password" .Values.server.email.password.secretKey }} - - name: EMAIL_FROM - value: "{{ .Values.server.email.from }}" - {{- end }} - - # *** Newsletter *** - {{- if .Values.server.mailchimp.enabled }} - - name: MAILCHIMP_ENABLED - value: "true" - - name: MAILCHIMP_API_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.mailchimp.apikey.secretName }} - key: {{ .Values.server.mailchimp.apikey.secretKey }} - - name: MAILCHIMP_SERVER_PREFIX - value: "{{ .Values.server.mailchimp.serverPrefix}}" - - - name: MAILCHIMP_NEWSLETTER_LIST_ID - value: "{{ .Values.server.mailchimp.newsletterListId}}" - - - name: MAILCHIMP_ONBOARDING_LIST_ID - value: "{{ .Values.server.mailchimp.onboardingListId}}" - - - name: MAILCHIMP_ONBOARDING_JOURNEY_ID - value: "{{ .Values.server.mailchimp.onboardingJourneyId}}" - - - name: MAILCHIMP_ONBOARDING_STEP_ID - value: "{{ .Values.server.mailchimp.onboardingStepId}}" - {{- end }} - - # *** Tracking / Tracing *** - - name: SENTRY_DSN - value: {{ .Values.server.sentry_dns }} - {{- if .Values.server.disable_tracing }} - - name: DISABLE_TRACING - value: "true" - {{- end }} - {{- if .Values.server.disable_tracking }} - - name: DISABLE_TRACKING - value: "true" - {{- end }} - - # Monitoring - Apollo - {{- if .Values.server.monitoring.apollo.enabled }} - - name: APOLLO_GRAPH_ID - value: {{ .Values.server.monitoring.apollo.graph_id }} - - name: APOLLO_SCHEMA_REPORTING - value: "true" - - name: APOLLO_GRAPH_VARIANT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: APOLLO_SERVER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: APOLLO_SERVER_PLATFORM - value: "kubernetes/deployment" - - name: APOLLO_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.secretName .Values.server.monitoring.apollo.key.secretName }} - key: {{ default "apollo_key" .Values.server.monitoring.apollo.key.secretKey }} - {{- end }} - - # Rate Limiting - {{- if .Values.server.ratelimiting.all_requests }} - - name: RATELIMIT_ALL_REQUESTS - value: "{{ .Values.server.ratelimiting.all_requests }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_all_requests }} - - name: RATELIMIT_BURST_ALL_REQUESTS - value: "{{ .Values.server.ratelimiting.burst_all_requests }}" - {{- end }} - {{- if .Values.server.ratelimiting.user_create }} - - name: RATELIMIT_USER_CREATE - value: "{{ .Values.server.ratelimiting.user_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_user_create }} - - name: RATELIMIT_BURST_USER_CREATE - value: "{{ .Values.server.ratelimiting.burst_user_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.stream_create }} - - name: RATELIMIT_STREAM_CREATE - value: "{{ .Values.server.ratelimiting.stream_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_stream_create }} - - name: RATELIMIT_BURST_STREAM_CREATE - value: "{{ .Values.server.ratelimiting.burst_stream_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.commit_create }} - - name: RATELIMIT_COMMIT_CREATE - value: "{{ .Values.server.ratelimiting.commit_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_commit_create }} - - name: RATELIMIT_BURST_COMMIT_CREATE - value: "{{ .Values.server.ratelimiting.burst_commit_create }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_getobjects_streamid }} - - name: RATELIMIT_POST_GETOBJECTS_STREAMID - value: "{{ .Values.server.ratelimiting.post_getobjects_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_getobjects_streamid }} - - name: RATELIMIT_BURST_POST_GETOBJECTS_STREAMID - value: "{{ .Values.server.ratelimiting.burst_post_getobjects_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_diff_streamid }} - - name: RATELIMIT_POST_DIFF_STREAMID - value: "{{ .Values.server.ratelimiting.post_diff_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_diff_streamid }} - - name: RATELIMIT_BURST_POST_DIFF_STREAMID - value: "{{ .Values.server.ratelimiting.burst_post_diff_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_objects_streamid }} - - name: RATELIMIT_POST_OBJECTS_STREAMID - value: "{{ .Values.server.ratelimiting.post_objects_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_objects_streamid }} - - name: RATELIMIT_BURST_POST_OBJECTS_STREAMID - value: "{{ .Values.server.ratelimiting.burst_post_objects_streamid }}" - {{- end }} - {{- if .Values.server.ratelimiting.get_objects_streamid_objectid }} - - name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID - value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid }} - - name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID - value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid }}" - {{- end }} - {{- if .Values.server.ratelimiting.get_objects_streamid_objectid_single }} - - name: RATELIMIT_GET_OBJECTS_STREAMID_OBJECTID_SINGLE - value: "{{ .Values.server.ratelimiting.get_objects_streamid_objectid_single }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }} - - name: RATELIMIT_BURST_GET_OBJECTS_STREAMID_OBJECTID_SINGLE - value: "{{ .Values.server.ratelimiting.burst_get_objects_streamid_objectid_single }}" - {{- end }} - {{- if .Values.server.ratelimiting.post_graphql }} - - name: RATELIMIT_POST_GRAPHQL - value: "{{ .Values.server.ratelimiting.post_graphql }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_post_graphql }} - - name: RATELIMIT_BURST_POST_GRAPHQL - value: "{{ .Values.server.ratelimiting.burst_post_graphql }}" - {{- end }} - {{- if .Values.server.ratelimiting.get_auth }} - - name: RATELIMIT_GET_AUTH - value: "{{ .Values.server.ratelimiting.get_auth }}" - {{- end }} - {{- if .Values.server.ratelimiting.burst_get_auth }} - - name: RATELIMIT_BURST_GET_AUTH - value: "{{ .Values.server.ratelimiting.burst_get_auth }}" - {{- end }} +{{ include "server.env" $ | indent 10 }} +{{/* NOTE: Environment variables are configured in utils/helm/speckle-server/templates/_helpers.tpl */}} {{- if .Values.server.affinity }} affinity: {{- include "speckle.renderTpl" (dict "value" .Values.server.affinity "context" $) | nindent 8 }} {{- end }}