treeverse · idanovo · Apr 14, 2024 · Apr 10, 2024 · Apr 10, 2024 · Apr 11, 2024
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -49,4 +49,3 @@ jobs:
         uses: helm/[email protected]
         env:
           CR_TOKEN: "${{ secrets.CR_TOKEN }}"
-
diff --git a/charts/lakefs/templates/_env.tpl b/charts/lakefs/templates/_env.tpl
@@ -53,6 +53,10 @@ env:
   - name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL
     value: /logout
   {{- end }}
+  {{- if (.Values.fluffy.sso).enabled }}
+  - name: LAKEFS_AUTH_AUTHENTICATION_API_ENDPOINT
+    value: {{ printf "http://%s/api/v1" (include "fluffy.ssoServiceName" .) | quote }}
+  {{- end }}
   {{- end }}
   {{- if (.Values.fluffy.rbac).enabled }}
   - name: LAKEFS_AUTH_API_ENDPOINT

diff --git a/examples/lakefs/enterprise/values-external-aws.yaml b/examples/lakefs/enterprise/values-external-aws.yaml
@@ -0,0 +1,59 @@
+lakefsConfig: |
+  logging:
+      level: "INFO"
+  blockstore:
+    type: local
+  auth:
+    authentication_api:
+      endpoint: http://localhost:8080/api/v1
+      external_principals_enabled: true
+ingress:
+  enabled: true
+  ingressClassName: <class-name>
+  hosts:
+    # the ingress that will be created for lakeFS
+    - host: <lakefs.ingress.domain>
+      paths:
+        - /
+
+##################################################
+########### lakeFS enterprise - FLUFFY ###########
+##################################################
+
+fluffy:
+  enabled: true
+  image:
+    repository: treeverse/fluffy
+    tag: '0.3.0'
+    pullPolicy: IfNotPresent
+    privateRegistry:
+      enabled: true
+      secretToken: <dockerhub-token-fluffy-image>
+  fluffyConfig: |
+    logging:
+      format: "json"
+      level: "INFO"
+    auth:
+      external:
+        aws_auth:
+          enabled: true
+        # the maximum age in seconds for the GetCallerIdentity request
+        #get_caller_identity_max_age: 60
+        # list of headers that are required to be present in the GetCallerIdentity request
+        #required_headers:
+        #  x-lakefs-custom-key: "custom-value"
-        #required_headers:
-        #  x-lakefs-custom-key: "custom-value"
+        # headers that must be present by the client when doing login request
+        required_headers:
+          # same host as the lakeFS server ingress
+          X-LakeFS-Server-ID: <lakefs.ingress.domain>
-        #required_headers:
-        #  x-lakefs-custom-key: "custom-value"
+        # headers that must be present by the client when doing login request
+        required_headers:
+          # same host as the lakeFS server ingress
+          X-LakeFS-Server-ID: <lakefs.ingress.domain>
+        # list of headers that are optional for the GetCallerIdentity request
+        #optional_headers:
+        #  optional-key: "custom-value"
+        # list of valid STS hosts for the GetCallerIdentity request
+        #valid_sts_hosts:
+        #  - "sts.amazonaws.com"
+        #  - "sts.us-east-1.amazonaws.com"
+  secrets:
+    create: true
+  sso:
+    enabled: true
+  rbac:
+    enabled: true
+
+useDevPostgres: true
diff --git a/examples/lakefs/enterprise/values-oidc.yaml b/examples/lakefs/enterprise/values-oidc.yaml
@@ -29,7 +29,7 @@ fluffy:
   enabled: true
   image:
     repository: treeverse/fluffy
-    tag: '0.2.7'
+    tag: '0.3.0'
     pullPolicy: IfNotPresent
     privateRegistry:
       enabled: true