diff --git a/README.md b/README.md index 9548c3b..4a154d3 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,6 @@ helm repo add anycable https://helm.anycable.io/ # With Helm 3 helm upgrade -i anycable-go anycable/anycable-go - -# With Helm 2 -helm upgrade -i --name anycable-go anycable/anycable-go ``` ## Introduction @@ -35,9 +32,6 @@ helm repo add anycable https://helm.anycable.io/ # With Helm 3 helm upgrade -i anycable-go anycable/anycable-go - -# With Helm 2 -helm upgrade -i --name anycable-go anycable/anycable-go ``` The command deploys anycable-go on the Kubernetes cluster in the default configuration. The [configuration section](#configuration) lists various ways to override default configuration during deployment. @@ -82,7 +76,12 @@ These are the values used to configure anycable-go itself: |**env.anycableHost**|Listen IP address or host|`0.0.0.0`| |**env.anycablePort**|Listen port number|`8080`| |**env.anycablePath**|WebSocket endpoint path (you can specify multiple paths using a comma as separator)|`/cable`| +|**env.anycableSecret**|The application secret used to secure AnyCable features: signed streams, JWT authentication, etc.|``| +|**env.anycableStreamsSecret**|A dedicated secret key used to sign streams. If none specified, the application secret is used.|``| +|**env.anycableJwtSecret**|The secret key used to sign JWT tokens. Optional (the application secret is used if no JWT secret specified)|``| +|**env.anycableJwtTtl**|The time-to-live (TTL) for tokens in seconds.|`3600`| |**env.anycableBroadcastAdapter**|Broadcasting adapter to use: redis, http, redisx or nats (multiple are allowed via a comma-separated list)|`redis`| +|**env.anycableBroadcastKey**|A secret key used to authorize broadcast requests. Currently, only used by the HTTP adapter. If not set, the value is inferred from the application secret.|``| |**env.anycableHttpBroadcastPath**|HTTP pub/sub endpoint path|`/_broadcast`| |**env.anycableHttpBroadcastPort**|Port to receive broadcasting requests|`8090`| |**env.anycableHttpBroadcastSecret**|Authorization secret to protect the broadcasting endpoint|| @@ -94,6 +93,7 @@ These are the values used to configure anycable-go itself: |**env.anycableRedisTlsVerify**|Whether to validate Redis server TLS certificate if rediss:// protocol is used|`false`| |**env.anycableRedisTlsClientCertPath**|Path to file with client TLS certificate in PEM format if Redis server requires client authentication|| |**env.anycableRedisTlsClientKeyPath**|Path to file with private key for client TLS certificate if Redis server requires client authentication|| +|**env.anycableRedisDisableCache**|Some managed Redis (e.g., Google Cloud) providers block many Redis commands, including client-side server tracking, which is enabled in AnyCable by default. See [here for more details](https://docs.anycable.io/troubleshooting?id=failed-to-connect-to-redis-unknown-command-39client39-with-args-beginning-with-39tracking39)|`false`| |**env.anycableRpcConcurrency**|Max number of concurrent RPC request; should be slightly less than the RPC server concurrency|`28`| |**env.anycableRpcHost**|RPC service address|`localhost:50051`| |**env.anycableRpcEnableTls**|Enable client-side TLS with the RPC server|`false`| @@ -147,6 +147,7 @@ These are the values used to configure anycable-go itself: |**env.anycableJwtIdKey**|Encryption key used to verify JWT tokens|| |**env.anycableJwtIdParam**|Name of a query string param or an HTTP header carrying a token|`jid`| |**env.anycableJwtIdEnforce**|Whether to enforce token presence for all connections|`false`| +|**env.anycableTurboStreams**|Enable Turbo Streams|`false`| |**env.anycableTurboRailsKey**|Enable Turbo Streams fastlane with the specified signing key|| |**env.anycableTurboRailsCleartext**|Enable Turbo Streams fastlane without stream names signing|`false`| |**env.anycableCableReadyKey**|Enable CableReady fastlane with the specified signing key|| diff --git a/anycable-go/Chart.yaml b/anycable-go/Chart.yaml index d5992e1..a5d9aee 100644 --- a/anycable-go/Chart.yaml +++ b/anycable-go/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: A Helm chart for anycable-go websocket server. name: anycable-go -version: 0.5.11 -appVersion: 1.4.7 +version: 0.5.12 +appVersion: 1.5.6 home: https://anycable.io/ icon: https://docs.anycable.io/assets/images/logo.svg keywords: diff --git a/anycable-go/templates/env-secret.yml b/anycable-go/templates/env-secret.yml index 6cb209f..101eeb1 100644 --- a/anycable-go/templates/env-secret.yml +++ b/anycable-go/templates/env-secret.yml @@ -12,9 +12,24 @@ data: {{- if .anycablePath }} ANYCABLE_PATH: {{ .anycablePath | toString | b64enc | quote }} # {{ .anycablePath }} {{- end }} + {{- if .anycableSecret }} + ANYCABLE_SECRET: {{ .anycableSecret | toString | b64enc | quote }} # {{ .anycableSecret }} + {{- end }} + {{- if .anycableStreamsSecret }} + ANYCABLE_STREAMS_SECRET: {{ .anycableStreamsSecret | toString | b64enc | quote }} # {{ .anycableStreamsSecret }} + {{- end }} + {{- if .anycableJwtSecret }} + ANYCABLE_JWT_SECRET: {{ .anycableJwtSecret | toString | b64enc | quote }} # {{ .anycableJwtSecret }} + {{- end }} + {{- if .anycableJwtTtl }} + ANYCABLE_JWT_TTL: {{ .anycableJwtTtl| toString | b64enc | quote }} # {{ .anycableJwtTtl }} + {{- end }} {{- if .anycableBroadcastAdapter }} ANYCABLE_BROADCAST_ADAPTER: {{ .anycableBroadcastAdapter | toString | b64enc | quote }} # {{ .anycableBroadcastAdapter }} {{- end }} + {{- if .anycableBroadcastKey }} + ANYCABLE_BROADCAST_KEY: {{ .anycableBroadcastKey | toString | b64enc | quote }} # {{ .anycableBroadcastKey }} + {{- end }} {{- if .anycableHttpBroadcastPath }} ANYCABLE_HTTP_BROADCAST_PATH: {{ .anycableHttpBroadcastPath | toString | b64enc | quote }} # {{ .anycableHttpBroadcastPath }} {{- end }} @@ -48,6 +63,9 @@ data: {{- if .anycableRedisTlsClientKeyPath }} ANYCABLE_REDIS_TLS_CLIENT_KEY_PATH: {{ .anycableRedisTlsClientKeyPath | toString | b64enc | quote }} # {{ .anycableRedisTlsClientKeyPath }} {{- end }} + {{- if .anycableRedisDisableCache }} + ANYCABLE_REDIS_DISABLE_CACHE: {{ .anycableRedisDisableCache | toString | b64enc | quote }} # {{ .anycableRedisDisableCache }} + {{- end -}} {{- if .anycableRpcConcurrency }} ANYCABLE_RPC_CONCURRENCY: {{ .anycableRpcConcurrency | toString | b64enc | quote }} # {{ .anycableRpcConcurrency }} {{- end }} @@ -261,6 +279,9 @@ data: {{- if .anycableJwtIdEnforce }} ANYCABLE_JWT_ID_ENFORCE: {{ .anycableJwtIdEnforce | toString | b64enc | quote }} # {{ .anycableJwtIdEnforce }} {{- end }} + {{- if .anycableTurboStreams }} + ANYCABLE_TURBO_STREAMS: {{ .anycableTurboStreams | toString | b64enc | quote }} # {{ .anycableTurboStreams }} + {{- end }} {{- if .anycableTurboRailsKey }} ANYCABLE_TURBO_RAILS_KEY: {{ .anycableTurboRailsKey | toString | b64enc | quote }} # {{ .anycableTurboRailsKey }} {{- end }} diff --git a/anycable-go/values.yaml b/anycable-go/values.yaml index f532ad5..b35f7f1 100644 --- a/anycable-go/values.yaml +++ b/anycable-go/values.yaml @@ -11,7 +11,7 @@ hpa: image: repository: anycable/anycable-go - tag: 1.4.1 + tag: 1.5.6 pullPolicy: IfNotPresent pullSecrets: enabled: false @@ -145,12 +145,27 @@ env: # listen port number anycablePort: "8080" + # The application secret used to secure AnyCable features: signed streams, JWT authentication, etc. + anycableSecret: "" + + # A dedicated secret key used to sign streams. If none specified, the application secret is used. + anycableStreamsSecret: "" + + # The secret key used to sign JWT tokens. Optional (the application secret is used if no JWT secret specified) + anycableJwtSecret: "" + + # The time-to-live (TTL) for tokens in seconds. Default: 3600 (1 hour). + anycableJwtTtl: "" + # WebSocket endpoint path (you can specify multiple paths using comma as separator) anycablePath: "/cable" # Broadcasting adapter to use: redis (default), http, redisx or nats (multiple are allowed via a comma-separated list) anycableBroadcastAdapter: "redis" + # A secret key used to authorize broadcast requests. Currently, only used by the HTTP adapter. If not set, the value is inferred from the application secret. + anycableBroadcastKey: "" + # HTTP pub/sub endpoint path anycableHttpBroadcastPath: "/_broadcast" @@ -184,6 +199,9 @@ env: # Path to file with private key for client TLS certificate if Redis server requires client authentication. anycableRedisTlsClientKeyPath: "" + # https://docs.anycable.io/troubleshooting?id=failed-to-connect-to-redis-unknown-command-39client39-with-args-beginning-with-39tracking39 + anycableRedisDisableCache: "" + # Max number of concurrent RPC request; should be slightly less than the RPC server concurrency, default: 28 anycableRpcConcurrency: "28" @@ -397,6 +415,9 @@ env: # Whether to enforce token presence for all connections, default: false anycableJwtIdEnforce: "false" + # Enable Turbo Streams + anycableTurboStreams: "" + # Enable Turbo Streams fastlane with the specified signing key, default: "" (disabled) anycableTurboRailsKey: ""