feat(auth): support per-deploy login password key override
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
This commit is contained in:
@@ -22,6 +22,7 @@ x-app-env: &app-env
|
||||
|
||||
x-app-volumes: &app-volumes
|
||||
- ./config.yaml:/app/configs/config.yaml:ro
|
||||
- ./config.local.yaml:/app/configs/config.local.yaml:ro
|
||||
- ./prompts.yml:/app/configs/prompts.yml:ro
|
||||
|
||||
x-app-depends: &app-depends
|
||||
@@ -226,6 +227,7 @@ services:
|
||||
CONFIG_PATH: /app/configs/config.yaml
|
||||
volumes:
|
||||
- ./config.yaml:/app/configs/config.yaml:ro
|
||||
- ./config.local.yaml:/app/configs/config.local.yaml:ro
|
||||
- ./prompts.yml:/app/configs/prompts.yml:ro
|
||||
entrypoint: >
|
||||
/bin/sh -c "
|
||||
@@ -355,6 +357,7 @@ services:
|
||||
OPS_DEFAULT_ADMIN_EMAIL: ${OPS_DEFAULT_ADMIN_EMAIL:-}
|
||||
volumes:
|
||||
- ./ops-config.yaml:/app/configs/ops-config.yaml:ro
|
||||
- ./ops-config.local.yaml:/app/configs/ops-config.local.yaml:ro
|
||||
depends_on:
|
||||
pgbouncer:
|
||||
condition: service_healthy
|
||||
|
||||
Reference in New Issue
Block a user