Add optional manual password and token for auth (#25)

* Add optional manual password and token for auth Two fields have been added to the values.yaml of the chromadb-chart. The 'password' field for basic authentication and the 'value' field for token. When these fields are not null, their corresponding authentication methods will use the provided string instead of generating a random string as a credential. They are null by default. This change allows users to manually set their credentials and improve the system's flexibility. * Update statefulset.yaml to auto-reload on config changes * Allow to set custom podAnnotations --------- Co-authored-by: Rainer 'rei' Schuth <[email protected]>
amikos-tech · Oct 11, 2023 · 2e70a12 · 2e70a12
1 parent dfce825
commit 2e70a12
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/charts/chromadb-chart/templates/config.yaml b/charts/chromadb-chart/templates/config.yaml
@@ -15,7 +15,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
-  token: {{ randAlphaNum 32 | b64enc | quote }}
+  token: {{ .Values.chromadb.auth.token.value | default ( randAlphaNum 32 ) | b64enc | quote }}
   {{- if eq .Values.chromadb.auth.token.headerType "AUTHORIZATION" }}
   header: {{ "Authorization" | b64enc | quote}}
   {{- end }}
@@ -33,6 +33,6 @@ metadata:
 type: Opaque
 data:
   username: {{ .Values.chromadb.auth.basic.username | b64enc | quote}}
-  password: {{ randAlphaNum 16 | b64enc | quote }}
+  password: {{ .Values.chromadb.auth.basic.password | default ( randAlphaNum 16 ) | b64enc | quote }}
 {{- end }}
----
+---
diff --git a/charts/chromadb-chart/templates/statefulset.yaml b/charts/chromadb-chart/templates/statefulset.yaml
@@ -16,6 +16,11 @@ spec:
     metadata:
       labels:
         {{- include "chart.labels" . | nindent 8 }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} # Automatically Roll Deployments
+      {{- with .Values.podSpec.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       securityContext: {{ toYaml .Values.podSpec.securityContext | nindent 8 }}
       terminationGracePeriodSeconds: {{ .Values.podSpec.terminationGracePeriodSeconds }}

diff --git a/charts/chromadb-chart/values.yaml b/charts/chromadb-chart/values.yaml
@@ -70,6 +70,7 @@ affinity: { }
 podSpec:
   terminationGracePeriodSeconds: 5
   securityContext: { }
+  podAnnotations: { }
   # capabilities:
   #   drop:
   #   - ALL
@@ -112,6 +113,7 @@ chromadb:
     type: "token" # possible values: basic, token
     basic:
       username: "chroma"
+      password: null  # The string used as the auth.basic password. Only used if value not null, otherwise a random string will be generated and used.
       config:
         env:
           - name: CHROMA_SERVER_AUTH_CREDENTIALS_PROVIDER
@@ -122,6 +124,7 @@ chromadb:
             value: "/chroma/auth/server.htpasswd"
     token:
       headerType: "AUTHORIZATION" #possible values AUTHORIZATION, X_CHROMA_TOKEN
+      value: null # The string used as the token (value). Only used if value not null, otherwise a random string will be generated and used.
       config:
         env:
           - name: CHROMA_SERVER_AUTH_CREDENTIALS