
To begin, start with a directory structure such as charts Multitenancy is supported with the -depth flag. Before doing any work, please check for any currently open pull requests. If interested in making changes, please submit a PR to kubernetes/charts. -depth= - levels of nested repos for multitenancy.-context-path= - base context path (new root for application routes).-index-limit= - limit the number of parallel indexers.
-prov-post-form-field-name= - form field which will be queried for the provenance file content. -chart-post-form-field-name= - form field which will be queried for the chart file content. -storage-openstack-cacert= - path to a custom ca certificates bundle for openstack. -storage-amazon-sse= - s3 server side encryption algorithm. -storage-amazon-endpoint= - alternative s3 endpoint. -disable-force-overwrite - do not allow chart versions to be re-uploaded, even with ?force querystring. -allow-overwrite - allow chart versions to be re-uploaded without ?force querystring. -disable-statefiles - disable use of index-cache.yaml. -disable-api - disable all routes prefixed with /api. -log-json - output structured logs as json. -tls-cert= - path to tls certificate chain file. If both of the following options are provided, the server will listen and serve HTTPS: The type is always “artifact-repository”, the name is the namespace/tenant (just use the string “repo” if using single-tenant server), and actions is an array of actions the user can perform (“pull” and/or “push).įor more information about how this works, please see chartmuseum/auth-server-example. This section indicates which resources the user is able to access. In order to gain access to a specific resource, the JWT token must contain an access section in the claims. You can use the chartmuseum/auth Go library to generate valid JWT tokens. Using options above, ChartMuseum is configured with a public key, and will accept RS256 JWT tokens signed by the associated private key, passed in the Authorization header. -auth-cert-path= - path to authorization server public pem file. -auth-service= - authorization server service name. -auth-realm= - authorization server url. If all of the following options are provided, bearer auth will protect all routes: -auth-anonymous-get - allow anonymous GET operations. So to avoid basic auth on GET operations use You may want basic auth to only be applied to operations that can change Charts, i.e. HELM INSTALL REDIS PASSWORD
-basic-auth-pass= - password for basic http authentication.
-basic-auth-user= - username for basic http authentication. If both of the following options are provided, basic http authentication will protect all routes: storage-local-rootdir = "./chartstorage" Basic Auth Make sure your environment is properly setup to access my-s3-bucket Common configurations can be seen below.Īll command-line options can be specified as environment variables, which are defined by the command-line option, capitalized, with all -’s replaced with _’s.įor example, the env var STORAGE_AMAZON_BUCKET can be used in place of -storage-amazon-bucket. Show all CLI options with chartmuseum -help. v0.10.0).ĭetermine your version with chartmuseum -version. Replace latest with $(curl -s ) to automatically determine the latest stable release (e.g. Consequently, you can use Azure Managed Redis Cache only for state persistence.Using latest in URLs above will get the latest binary (built from master branch). NOTE: Dapr pub/sub uses Redis Streams that was introduced by Redis 5.0, which isn’t currently available on Azure Managed Redis Cache. Note: In a production-grade application, follow secret management instructions to securely manage your secrets. Set the redisHost key to :6379 and the redisPassword key to the key you copied in step 4. If you’re creating a project from the ground up, you’ll create a redis.yaml file as specified in Configuration. If you’re running a sample, you’ll add the host and key to the provided redis.yaml. Finally, we need to add our key and our host to a redis.yaml file that Dapr can apply to our cluster. for your access key navigate to “Access Keys” under “Settings” and copy your key. for the Host name navigate to the resources “Overview” and copy “Host name”. Once your instance is created, you’ll need to grab the Host name (FQDN) and your access key. Click “Create” to kickoff deployment of your Redis instance. Fill out necessary information and check the “Unblock port 6379” box, which will allow us to persist state without SSL. Open this link to start the Azure Cache for Redis creation flow. Note: this approach requires having an Azure Subscription.