dominik/seaweedfs-csi-driver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
09385434ef
seaweedfs-csi-driver/deploy/helm/seaweedfs-csi-driver/templates/configmap-security.yaml
Ustuzhanin Anton 7fa73a5d2c
feat: fix helm chert
2021-02-02 15:04:18 +05:00

62 lines
2.0 KiB
YAML
Raw Blame History

{{- if .Values.tlsSecret }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "seaweedfs-csi-driver.name" . }}
labels:
app: {{ template "seaweedfs-csi-driver.name" . }}
data:
security.toml: |-
# this file is read by master, volume server, and filer
# the jwt signing key is read by master and volume server
# a jwt expires in 10 seconds
#[jwt.signing]
# key = "{{ .Values.jwtSigningKey }}"
#expires_after_seconds = 10 # seconds
#[jwt.signing.read]
#key = ""
#expires_after_seconds = 10 # seconds
# all grpc tls authentications are mutual
# the values for the following ca, cert, and key are paths to the PERM files.
[grpc]
ca = "/usr/local/share/ca-certificates/ca.crt"
[grpc.volume]
cert = "/usr/local/share/ca-certificates/tls.crt"
key = "/usr/local/share/ca-certificates/tls.key"
ca = "/usr/local/share/ca-certificates/ca.crt"
[grpc.master]
cert = "/usr/local/share/ca-certificates/tls.crt"
key = "/usr/local/share/ca-certificates/tls.key"
ca = "/usr/local/share/ca-certificates/ca.crt"
[grpc.filer]
cert = "/usr/local/share/ca-certificates/tls.crt"
key = "/usr/local/share/ca-certificates/tls.key"
ca = "/usr/local/share/ca-certificates/ca.crt"
[grpc.msg_broker]
cert = "/usr/local/share/ca-certificates/tls.crt"
key = "/usr/local/share/ca-certificates/tls.key"
ca = "/usr/local/share/ca-certificates/ca.crt"
# use this for any place needs a grpc client
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
[grpc.client]
cert = "/usr/local/share/ca-certificates/tls.crt"
key = "/usr/local/share/ca-certificates/tls.key"
ca = "/usr/local/share/ca-certificates/ca.crt"
# volume server https options
# Note: work in progress!
# this does not work with other clients, e.g., "weed filer|mount" etc, yet.
#[https.client]
#enabled = false
#[https.volume]
#cert = ""
#key = ""
{{- end }}
Reference in New Issue View Git Blame Copy Permalink