diff --git a/swh/values/production/default.yaml b/swh/values/production/default.yaml
index 92d94010ace1d04ef30283f1d4c0ee6651ba3699..61ddd18969d746f415f5c26fbd41145073d9213c 100644
--- a/swh/values/production/default.yaml
+++ b/swh/values/production/default.yaml
@@ -24,6 +24,10 @@ externalAuthorizedNetworkRanges:
- 213.135.60.146
- 37.187.96.121
+keycloakConfiguration:
+ server_url: https://auth.softwareheritage.org/auth/
+ realm_name: SoftwareHeritageStaging
+
memcached:
enabled: true
diff --git a/swh/values/production/swh.yaml b/swh/values/production/swh.yaml
index b8bb2fabffcb183c19f75b9b64a0d228063d7e75..dc319b8c4d6f19b7baf5d67fa42a752f12eb1ae6 100644
--- a/swh/values/production/swh.yaml
+++ b/swh/values/production/swh.yaml
@@ -54,6 +54,17 @@ readOnlyStorageConfiguration:
storageConfigurationRef: postgresqlROStorageConfiguration
objstorageConfigurationRef: roObjstorageConfiguration
+postgresqlDepositConfiguration:
+ host: db.internal.staging.swh.network
+ port: 5432
+ db: softwareheritage-deposit
+ user: swhstorage
+ pass: ${POSTGRESQL_PASSWORD}
+ secrets:
+ POSTGRESQL_PASSWORD:
+ secretKeyRef: swh-postgresql-deposit-secrets
+ secretKeyName: postgres-swh-deposit-password
+
azureCacheConfiguration:
cls: azure
connection_string: "DefaultEndpointsProtocol=https;AccountName=swhvaultstorage;AccountKey=${ACCOUNT_KEY};EndpointSuffix=core.windows.net"
@@ -170,6 +181,22 @@ scrubberROStoragePrimaryConfiguration:
scrubberROStorageSecondaryConfiguration:
storageConfigurationRef: secondaryPostgresqlROStorageConfiguration
+djangoDepositConfiguration:
+ secrets:
+ DJANGO_SECRET_KEY:
+ secretKeyRef: swh-deposit-django-secret
+ secretKeyName: deposit-django-secret-key
+
+azureDepositConfiguration:
+ connection_string: "DefaultEndpointsProtocol=https;AccountName=swhdepositstoragestaging;AccountKey=${ACCOUNT_KEY};EndpointSuffix=core.windows.net"
+ container_name: deposit-tarballs
+ content_type: application/octet-stream
+ content_encoding: ""
+ secrets:
+ ACCOUNT_KEY:
+ secretKeyRef: swh-deposit-azure-secret
+ secretKeyName: azure-swh-deposit-key
+
graphql:
enabled: true
deployments:
@@ -1090,3 +1117,49 @@ web:
matomo:
url: https://piwik.inria.fr/
site_id: 59
+
+deposit:
+ enabled: true
+ logLevel: INFO
+ requestedCpu: 500m
+ requestedMemory: 500Mi
+ migrationsEnabled: false
+ replicas: 2
+ ingress:
+ enabled: true
+ secretName: swh-deposit-crt
+ extraAnnotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production-gandi
+ kubernetes.io/ingress.class: nginx
+ kubernetes.io/tls-acme: "true"
+ # The default behavior is true (when tls is enabled). We don't want that behavior
+ # since the rp is in charge of this
+ # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#server-side-https-enforcement-through-redirect
+ nginx.ingress.kubernetes.io/ssl-redirect: "false"
+ tlsEnabled: true
+ endpoints:
+ default:
+ paths:
+ - path: /
+ - path: /static
+ port: 80
+ authenticated:
+ paths:
+ - path: /1/private/
+ # auth-file with authentication
+ authentication: swh/deposit-auth-secrets
+ databaseConfigurationRef: postgresqlDepositConfiguration
+ schedulerConfigurationRef: remoteSchedulerConfiguration
+ storageConfigurationRef: remoteStorageConfiguration
+ storageMetadataConfigurationRef: remoteStorageConfiguration
+ djangoConfigurationRef: djangoDepositConfiguration
+ blobstorageConfigurationRef: azureDepositConfiguration
+ keycloakConfigurationRef: keycloakConfiguration
+ hosts:
+ - deposit-rpc-ingress
+ - deposit.softwareheritage.org
+ - deposit-dynamic.internal.softwareheritage.org
+ extraConfig:
+ max_upload_size: 209715200
+ extraction_dir: "/tmp/swh-deposit/archive/"
+ cache_uri: memcached:11211