File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1- https://github.com/wger-project/docker/commit/ec5893553d81445485e5d32f5a6be637a12fd492
2-
31## 1.0.0
42
53This is a major upgrade and has breaking changes.
@@ -8,6 +6,7 @@ file and update your own.
86
97* upgrade to wger 2.6
108* JWT Signing Key Setting has been removed
9+ * autogenerated JWT keys with a pre-install, pre-update and pre-rollback hook
1110* nginx and persistent storage is now mandatory
1211* nginx get's it's own deployment
1312* clean up unused volume definitions
Original file line number Diff line number Diff line change @@ -131,8 +131,8 @@ Celery requires persistent volumes.
131131| --------------------------------| ------------------------------------------| ---------| -------------------|
132132| ` app.jwt.secret.name ` | Name of the secret | String | ` jwt ` |
133133| ` app.jwt.secret.update ` | Update content of the current secret | Boolean | ` false ` |
134- | ` app.jwt.secret.privateKey ` | Private Key for JWT | String | a default key |
135- | ` app.jwt.secret.publicKey ` | Public Key for JWT | String | a default key |
134+ | ` app.jwt.secret.privateKey ` | Private Key for JWT | String | auto created new key |
135+ | ` app.jwt.secret.publicKey ` | Public Key for JWT | String | auto created new key |
136136| ` app.jwt.accessTokenLifetime ` | Duration of the access token, in minutes | String | ` 10 ` |
137137| ` app.jwt.refreshTokenLifetime ` | Duration of the refresh token, in hours | String | ` 24 ` |
138138
Original file line number Diff line number Diff line change 1+ apiVersion : rbac.authorization.k8s.io/v1
2+ kind : Role
3+ metadata :
4+ name : {{ .Release.Name }}-keygen
5+ rules :
6+ - apiGroups : [""]
7+ resources : ["secrets"]
8+ verbs : ["create", "patch", "update", "get"]
Original file line number Diff line number Diff line change 1+ apiVersion : rbac.authorization.k8s.io/v1
2+ kind : RoleBinding
3+ metadata :
4+ name : {{ .Release.Name }}-keygen
5+ subjects :
6+ - kind : ServiceAccount
7+ name : {{ .Release.Name }}
8+ roleRef :
9+ kind : Role
10+ name : {{ .Release.Name }}-keygen
11+ apiGroup : rbac.authorization.k8s.io
Load diff This file was deleted.
Original file line number Diff line number Diff line change 1+ apiVersion : v1
2+ kind : ServiceAccount
3+ metadata :
4+ name : {{ .Release.Name }}
Original file line number Diff line number Diff line change 7878 secret :
7979 update : false
8080 name : " jwt"
81- # JWT keys, used by the mobile app. This default NEEDS to be changed.
81+ # JWT keys, used by the mobile app.
8282 # Generate fresh keys with: docker compose exec web ./manage.py generate-jwt-keys
83- # @todo autogenerate a new key and save it into the secret when installing
84- # currently there is a hardcoded default key so that the installation works
85- privateKey: "eyJhbGciOiAiUlMyNTYiLCAia3R5IjogIlJTQSIsICJuIjogInFhdVVnb0ZXenRNcjVEYks3bFIxZXUxazJrdllyblJkRGh1NDFyWnFLeWhDWkJya0FTS0d0N25KbVUwVEpKb1d0cFF2eHVvc0ZGeW1BMUhXQnNaY0dtVlcxdlowdDJlazl4THg5bjg2UWRIVWc1MktsRG9ZUzNtRTFaWW5BYzJfRDM3UmxyQkVxRXpuSnBNeDJ3VkpLcVdRZHlWSWh6Q082YzRnOWN3VExGbUhkVXVURXMzdDNBN1MyNENrUkM2TE1KSFFvRTJzay1uWlJyZE9fTHVNNUJJcVp2b1dWUC1Salp4OWk4OGdaaDhvOEcyWW1xZnMwczRzYW1fam85bmFaYlo4aFBFQ0FZdnZUZ29ObzRHMGpXZERZeGdPWHlXTE80bTk1SEdMSFJMZjZ5M29vdkZad2QwN2FFbThEU3dBX3hsY1V4WHNNZ0ZlYVVVZkp2NEV4USIsICJlIjogIkFRQUIiLCAiZCI6ICJQZXVwNjhUakZ1RVhaQmFoRWNDT0RWcEUwNndaZkhWb0hvVjhmQk9maEhlUlh6STNJcmprZkhtWHV0UlhsNlNLaElCcFBVbHA0OVo2R2IwTWhIVncySXRDV1hvaFYydkNWdzg1Y2RHMXc1NmQxWml4b2UzZnZ1LXV6RG9icXp0WXJvR0VZTi1jZHVWMS1HeUFwZU4wYzlWdmR5UUtwNWZQbUVGTFl4amlxR3k5UUhyTldpcGJmZXdPUGY0YUl4X05VRnE3R1BsUk1yalA4VEhvSzNPOVNfXzJpR09LRVpINDFUWkpscVBZX0s5dFNkbFNKd1FPWEtwOFc2ZUdGT3l2MElueVhsUXhHb0ZBWVNrUC12WTlWQy1vTUtzdmhocm1GeGM0VlU2OUZ3VWFJYUdaOU9jaXF4M3B0aE9sU1drRjFhbEtxNWFJZ2VHbEUzM2VyNGthSXciLCAicCI6ICI1WDN0QzN4Z0hwbm91U1JwSlg4c0ZWRm5vamhxMWJoWkF3c3VRaXBxWWgtZmJNRGI4a2NTTy1fT3BEMExNekYzcHp0dVNRb0NZOFc0WjI0TEJ6cFRuUlFid0JrYWt3VDMybmZIU1J0d3RnM1ZjWkkxZFNsdHgtclhEcHlBMDNHa1RvLUxEZkp1UzF0a1FYQXB0OTBkcnJHMndjQ25oRXc4bGx2SzR2cWRucHMiLCAicSI6ICJ2VVM2V2QtY2trTUJMVmJvSkVaVnRtMlFLTFE2dV9oZEFrbTFWa3dGajMxZWZWRTlFRWRSa0F0dGVoOWh2ZzBkM2FXVDZ1bFQ4YlpubWo3WkFjNG55aVdwOTlFd0k5U0hFX01UUE11YVZSeUw5SmFIX2R0Uk5nVGE5UV9hZUs2d1pkY3RwLUZRT1lteVlDWmhzRnVOTG45TFJ3UklJOVJ0YlBXYW55X01jQjgiLCAiZHAiOiAiWjFNNkhmakN3aVJqcnJBaEV6dmQyajlMbkxNd0RzZXdjX2xkdTNhamJVaDFuQjU5S09rczRZV0lFVlJXclpieEczOWJtVkVEWUc2T0p5dFpsY2lDQ3ZBWnluVEREVHlvWjFtVWhXcndaVmQzS1dvOTNXRm94eUVKOE04d0JZTmVDZTBCRzZkeVYwVnZyekxUNWEtTmhMRUk2dFZWMXZBSU8xNWF5N1V3c0U4IiwgImRxIjogIktsclpBUWZEZUEtNmtiVGpHa3NMSDFvQmFycDZjbG93SmpUc2ViVmxnU2pqSGxReHdCVFZzZEI4M1Zsc2ZDVmZTNXlrTDJ1cnQybkVZWVl5OWU1MmhReE1yd0tITFYyQUpQeS1qMXBZM1RjWU10SUUtTkE5cWtNSDVOTjVab3hoT1VrZ0ZIT2RpbUxBSWpnMG9FeThtVzB2SVdOWjZYcS1TaVhrUmo5aUZxMCIsICJxaSI6ICJzSV84RTh0MTBsRDY2NTh3UXRpY19BaUUxOVk1Rms0SDJWbnpGclBhVU04aWFNaVc2eUZxMFZuN3RXa2RTWS1STTB1SFMwdmVmSEcyZTBKSWxEanhBUmZWZUcwNTFyVUNRZjBkSnR4U0ZDQUp2eGxMRTZsYjZOQlUwZVIyMld6bjVob1ZZTVpHZnQ5QnA0SlVOOHJkMF9lMm1kSjhxc09wM1NLQ3NTSTByUkkiLCAia2lkIjogInBvd2Vyc3luYyJ9"
86- publicKey : " eyJhbGciOiAiUlMyNTYiLCAia3R5IjogIlJTQSIsICJuIjogInFhdVVnb0ZXenRNcjVEYks3bFIxZXUxazJrdllyblJkRGh1NDFyWnFLeWhDWkJya0FTS0d0N25KbVUwVEpKb1d0cFF2eHVvc0ZGeW1BMUhXQnNaY0dtVlcxdlowdDJlazl4THg5bjg2UWRIVWc1MktsRG9ZUzNtRTFaWW5BYzJfRDM3UmxyQkVxRXpuSnBNeDJ3VkpLcVdRZHlWSWh6Q082YzRnOWN3VExGbUhkVXVURXMzdDNBN1MyNENrUkM2TE1KSFFvRTJzay1uWlJyZE9fTHVNNUJJcVp2b1dWUC1Salp4OWk4OGdaaDhvOEcyWW1xZnMwczRzYW1fam85bmFaYlo4aFBFQ0FZdnZUZ29ObzRHMGpXZERZeGdPWHlXTE80bTk1SEdMSFJMZjZ5M29vdkZad2QwN2FFbThEU3dBX3hsY1V4WHNNZ0ZlYVVVZkp2NEV4USIsICJlIjogIkFRQUIiLCAia2lkIjogInBvd2Vyc3luYyJ9"
83+ # This chart uses openssl in a pre-install job to autogenerate the jwt keys
84+ # and creates the secret
85+ #
86+ # You can set your keys here and set `update: true` then it will use these keys
87+ privateKey : null
88+ publicKey : null
8789 # The lifetime duration of the access token, in minutes
8890 accessTokenLifetime : 10
8991 # The lifetime duration of the refresh token, in hours
You can’t perform that action at this time.
0 commit comments