Jean-Gabriel Gill-Couture
78bb5d77d8
All checks were successful
Run Check Script / check (pull_request) Successful in 2m19s
The auth code (Reda's, proven locally) read 7 FLEET_AUTH_* env vars at the pod. Replace that with one typed Config value each, loaded the Harmony way. - harmony_zitadel_auth: ZitadelAuthConfig is now a `Config` (Serialize/ Deserialize/JsonSchema). Add OperatorCookieKey (secret Config) with a base64→Key decode. Drop config_from_env/cookie_key_from_env + the FLEET_AUTH_* consts. - operator: serve_dashboard loads ZitadelAuthConfig + OperatorCookieKey via ConfigClient::for_namespace (EnvSource → OpenBao). No env soup. - deploy: resolves the values (hosts derived from base_domain, client_id + audiences from FleetDeployConfig, cookie key from FleetDeploySecrets) and bakes them into the operator Secret as HARMONY_CONFIG_<KEY> JSON. The published chart wires the env→Secret refs at publish time (optional, pod-light); the deploy fills the Secret at deploy time — same pattern as the NATS credentials. A test locks the baked env names to the structs' Config keys. - fleet_staging_install seeds a generated cookie key; dev.sh exports the two HARMONY_CONFIG_* JSON values instead of 7 vars. Dashboard serves once the Zitadel app allows the staging redirect URIs (fleet-stg.<base>/auth/callback) — the one remaining non-code step.
52 lines
1.8 KiB
TOML
52 lines
1.8 KiB
TOML
[package]
|
|
name = "harmony-fleet-deploy"
|
|
edition = "2024"
|
|
version.workspace = true
|
|
readme.workspace = true
|
|
license.workspace = true
|
|
description = "Deploy-side Scores for the fleet stack: operator, agent, NATS, callout. Imports harmony for the Score-Topology-Interpret machinery; consumed by the production CLI, the e2e harness, and future control-plane tooling."
|
|
|
|
[lib]
|
|
path = "src/lib.rs"
|
|
|
|
# CLI entry point: deploy the published operator chart (harmony apply).
|
|
# Built on harmony_cli like the rest of the workspace's *-deploy crates.
|
|
[[bin]]
|
|
name = "harmony-fleet-deploy"
|
|
path = "src/main.rs"
|
|
|
|
# `harmony-fleet-publish --from-tag <tag>` builds + publishes the
|
|
# operator's image + chart for a release.
|
|
[[bin]]
|
|
name = "harmony-fleet-publish"
|
|
path = "src/bin/harmony-fleet-publish.rs"
|
|
|
|
[dependencies]
|
|
harmony = { path = "../../harmony", features = ["podman"] }
|
|
harmony_cli = { path = "../../harmony_cli" }
|
|
harmony_config = { path = "../../harmony_config" }
|
|
harmony_types = { path = "../../harmony_types" }
|
|
harmony_macros = { path = "../../harmony_macros" }
|
|
harmony-fleet-auth = { path = "../harmony-fleet-auth" }
|
|
harmony-reconciler-contracts = { path = "../../harmony-reconciler-contracts" }
|
|
harmony_zitadel_auth = { path = "../../harmony_zitadel_auth" }
|
|
|
|
anyhow = { workspace = true }
|
|
async-trait = { workspace = true }
|
|
clap = { workspace = true }
|
|
fqdn = "0.5.2"
|
|
k8s-openapi = { workspace = true }
|
|
kube = { workspace = true, features = ["runtime", "derive"] }
|
|
log = { workspace = true }
|
|
env_logger = { workspace = true }
|
|
non-blank-string-rs = "1"
|
|
schemars = "0.8"
|
|
serde = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
serde_yaml = { workspace = true }
|
|
tempfile = "3"
|
|
thiserror = { workspace = true }
|
|
tokio = { workspace = true, features = ["full"] }
|
|
toml = { workspace = true }
|
|
tracing = { workspace = true }
|