Configuration¶
Configuration of all Sandwich Cloud services are managed by environment variables.
Counter - API Server¶
Kubernetes¶
KUBECONFIG
- Path to a Kubernetes client configuration file to communicate with a Kubernetes Cluster. If not given will default to using the in-cluster configuration.
KUBEMASTER
- The address of the Kubernetes API server. This will override any value that is
set in the
KUBECONFIG
Authentication¶
AUTH_FERNET_KEYS
- A url safe 32-bit base64 encoded string used to encrypt user tokens. Multiple keys can be listed to allow rotation (comma separated). The first key in the list is the primary key. To rotate keys simply generate a new key and put it in the front of the list, then after a while remove the old key from the list.
AUTH_DRIVERS
A python module path to a class that implements an auth driver. Multiple auth drivers can be given as a comma separated string. The first driver in the list is considered the default auth driver that clients will default to. If no drivers are given it will default to the Database Driver.
- Driver Paths:
- Github: deli.counter.auth.drivers.github.driver:GithubAuthDriver
- Database: deli.counter.auth.drivers.database.driver:DatabaseAuthDriver
Database Auth¶
These configuration items are only needed when using database authentication.
DATABASE_DRIVER
The database driver to use to connect. Some drivers may require additional python libraries to work.
- Valid Supported Values:
- postgresql
- mysql
- sqlite
DATABASE_DB
- The name of the database. If using sqlite this is usually the path to the sqlite file.
DATABASE_HOST
- The address of the database host
DATABASE_PORT
- The port used to connect to the database host
DATABASE_USERNAME
- The username used to connect to the database
DATABASE_PASSWORD
- The password used to connect to the database
Github Auth¶
These configuration items are only needed when using github authentication.
GITHUB_URL
- The Github API url. Defaults to the public Github API url.
GITHUB_CLIENT_ID
- The client ID used to authenticate to the Github API
GITHUB_CLIENT_SECRET
- The client secret used to authenticate to the Github API
GITHUB_ORG
- The github organization users must be part of. This organization is also used to check user teams.
GITHUB_TEAM_ROLES
A static mapping of sandwich cloud global roles to github teams. These static mappings will override GITHUB_TEAM_ROLES_REFIX if a role is found.
- Examples:
admin:sandwich-admin
- A Github team called
sandwich-admin
will be mapped to the global role calledadmin
.
- A Github team called
role1:sandwich-role1
- A Github team called
sandwich-role1
will be mapped to the global role calledrole1
.
- A Github team called
GITHUB_TEAM_ROLES_PREFIX
Prefix to use when searching for Github teams. If no static mapping for a role is given this prefix will be used.
- Example:
sandwich-
- For a Github team called
sandwich-role1
a global role with the name ofrole1
will be given to the user.
- For a Github team called
Manager - Resource Controller¶
Kubernetes¶
KUBECONFIG
- Path to a Kubernetes client configuration file to communicate with a Kubernetes Cluster. If not given will default to using the in-cluster configuration.
KUBEMASTER
- The address of the Kubernetes API server. This will override any value that is
set in the
KUBECONFIG
VMware VCenter¶
VCENTER_HOST
- The address used to connect to the VMware Vcenter server
VCENTER_PORT
- The port used to connect to the VMware Vcenter server
VCENTER_USERNAME
- The username to authenticate with against the VMware Vcenter server
VCENTER_PASSWORD
- The password to authenticate with against the VMware Vcenter server