feat: Add s3-proxy chart 1.2.0

oxyno-zeta · Jul 5, 2021 · fce5931 · fce5931
1 parent 15e483f
commit fce5931
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 42 deletions.
diff --git a/charts/s3-proxy/Chart.yaml b/charts/s3-proxy/Chart.yaml
@@ -1,11 +1,11 @@
 apiVersion: v1
-appVersion: 1.1.0
-description: A Helm chart for Kubernetes
+appVersion: 2.0.0
+description: A Helm chart for Kubernetes to deploy S3-Proxy
 home: https://github.com/oxyno-zeta/s3-proxy
 maintainers:
 - email: havrileckalexandre@gmail.com
   name: oxyno-zeta
 name: s3-proxy
 sources:
 - https://github.com/oxyno-zeta/s3-proxy
-version: 1.1.1
+version: 1.2.0
diff --git a/charts/s3-proxy/values.yaml b/charts/s3-proxy/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: oxynozeta/s3-proxy
-  tag: 1.1.0
+  tag: 2.0.0
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -70,63 +70,115 @@ config: |-
   #   level: info
   #   # Log format
   #   format: json
-  # If only bucket is in the list, use it as main url and don't mount it on /<BUCKET_NAME>
-  # mainBucketPathSupport: true
   # Template configurations
   # template:
-  #   badRequest: custom-templates/bad-request.tpl
+  #   badRequest: templates/bad-request.tpl
+  #   folderList: templates/folder-list.tpl
+  #   forbidden: templates/forbidden.tpl
+  #   internalServerError: templates/internal-server-error.tpl
+  #   notFound: templates/not-found.tpl
+  #   targetList: templates/target-list.tpl
+  #   unauthorized: templates/unauthorized.tpl
   # Authentication
-  # Note: OIDC is always preferred by default against basic authentication
   # auth:
   #   oidc:
-  #     clientID: client-id
-  #     clientSecret:
-  #       path: client-secret-in-file # client secret file
-  #     state: my-secret-state-key # do not use this in production ! put something random here
-  #     issuerUrl: https://issuer-url/
-  #     redirectUrl: http://localhost:8080/ # /auth/oidc/callback will be added automatically
-  #     scopes: # OIDC Scopes (defaults: oidc, email, profile)
-  #       - oidc
-  #       - email
-  #       - profile
-  #     groupClaim: groups # path in token
-  #     emailVerified: true # check email verified field from token
-  #     authorizationAccesses: # Authorization accesses : groups or email
-  #       - group: devops_users
+  #     provider1:
+  #       clientID: client-id
+  #       clientSecret:
+  #         path: client-secret-in-file # client secret file
+  #       state: my-secret-state-key # do not use this in production ! put something random here
+  #       issuerUrl: https://issuer-url/
+  #       redirectUrl: http://localhost:8080/ # /auth/oidc/callback will be added automatically
+  #       scopes: # OIDC Scopes (defaults: oidc, email, profile)
+  #         - oidc
+  #         - email
+  #         - profile
+  #       groupClaim: groups # path in token
+  #       # cookieSecure: true # Is the cookie generated secure ?
+  #       # cookieName: oidc # Cookie generated name
+  #       emailVerified: true # check email verified field from token
+  #       # loginPath: /auth/provider1 # Override login path dynamically generated from provider key
+  #       # callbackPath: /auth/provider1/callback # Override callback path dynamically generated from provider key
   #   basic:
-  #     realm: My Basic Auth Realm
-  #     credentials:
-  #       - user: user1
-  #         password:
-  #           path: password1-in-file
-  # Resources declaration
-  # resources:
-  #   - path: /
-  #     whiteList: true
-  #   - path: /devops_internal_doc/*
-  #     whiteList: false # Force not white list to use default global authentication system
-  #   - path: /specific_doc
+  #     provider2:
+  #       realm: My Basic Auth Realm
+  # List targets feature
+  # This will generate a webpage with list of targets with links using targetList template
+  # listTargets:
+  #   # To enable the list targets feature
+  #   enabled: false
+  #   ## Mount point
+  #   mount:
+  #     path:
+  #       - /
+  #     # A specific host can be added for filtering. Otherwise, all hosts will be accepted
+  #     # host: localhost:8080
+  #   ## Resource configuration
+  #   resource:
+  #     # A Path must be declared for a resource filtering
+  #     path: /
+  #     # Whitelist
+  #     whitelist: false
+  #     # A authentication provider declared in section before, here is the key name
+  #     provider: provider1
+  #     # OIDC section for access filter
   #     oidc:
+  #       # NOTE: This list can be empty ([]) for authentication only and no group filter
   #       authorizationAccesses: # Authorization accesses : groups or email
-  #         - group: specific_users
+  #         - group: devops_users
+  #     # Basic authentication section
+  #     basic:
+  #       credentials:
+  #         - user: user1
+  #           password:
+  #             path: password1-in-file
   # Targets
   targets:
     - name: first-bucket
+      # ## Mount point
+      # mount:
+      #   path:
+      #     - /
+      #   # A specific host can be added for filtering. Otherwise, all hosts will be accepted
+      #   # host: localhost:8080
+      # ## Resources declaration
+      # resources:
+      #   # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+      #   - path: /
+      #     # Whitelist
+      #     whiteList: true
+      #     # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+      #   - path: /specific_doc/*
+      #     # A authentication provider declared in section before, here is the key name
+      #     provider: provider1
+      #     # OIDC section for access filter
+      #     oidc:
+      #       # NOTE: This list can be empty ([]) for authentication only and no group filter
+      #       authorizationAccesses: # Authorization accesses : groups or email
+      #         - group: specific_users
+      #     # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+      #   - path: /directory1/*
+      #     # A authentication provider declared in section before, here is the key name
+      #     provider: provider1
+      #     # Basic authentication section
+      #     basic:
+      #       credentials:
+      #         - user: user1
+      #           password:
+      #             path: password1-in-file
+      # ## Index document to display if exists in folder
+      # indexDocument: index.html
+      ## Bucket configuration
       bucket:
         name: super-bucket
+        prefix:
         region: eu-west-1
-        # prefix:
-        # s3Endpoint:
+        s3Endpoint:
         # credentials:
         #   accessKey:
         #     env: AWS_ACCESS_KEY_ID
-        #     path:
-        #     value: # Not recommended
         #   secretKey:
-        #     env:
         #     path: secret_key_file
-        #     value: # Not recommended
-      # indexDocument: index.html
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious