From 2e80e4e02460e775cc795ce792f2c83c0e5f0a58 Mon Sep 17 00:00:00 2001 From: Oskar Levin Date: Wed, 28 Jan 2026 02:30:53 +0800 Subject: [PATCH 1/9] fix(cactus-backend): bump version after README update --- charts/cactus-backend/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cactus-backend/Chart.yaml b/charts/cactus-backend/Chart.yaml index 734170a..4afa503 100644 --- a/charts/cactus-backend/Chart.yaml +++ b/charts/cactus-backend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cactus-backend description: A backend that exposes an API for the Cactus app to use. type: application -version: 0.5.9 +version: 0.5.10 appVersion: "0.2" maintainers: - name: dataviruset From bfa21ad0b39d0563cb9030728947965bc3654a8b Mon Sep 17 00:00:00 2001 From: Oskar Levin Date: Wed, 28 Jan 2026 02:58:09 +0800 Subject: [PATCH 2/9] fix: missing AUTH_JWT_PROFILE env var in cactus-parser --- charts/cactus-parser/README.md | 4 ++++ charts/cactus-parser/templates/secret.yaml | 1 + charts/cactus-parser/values.yaml | 1 + 3 files changed, 6 insertions(+) diff --git a/charts/cactus-parser/README.md b/charts/cactus-parser/README.md index 11427b1..e4b8884 100644 --- a/charts/cactus-parser/README.md +++ b/charts/cactus-parser/README.md @@ -31,7 +31,11 @@ helm uninstall cactus-parser ## Configuration +The default parser is PIDB which requires PostgreSQL but other parsers can also be used as instructed by Auki Labs. + Refer to the [values.yaml](./values.yaml) file for a comprehensive list of configurable parameters and their default values. +If you're using a parser other than the default one, some environment variable may be irrelevant and can be deleted, +such as those for PostgreSQL. You can specify parameters with `--set key=value` or by providing a custom YAML file: diff --git a/charts/cactus-parser/templates/secret.yaml b/charts/cactus-parser/templates/secret.yaml index 7b3627b..3881eee 100644 --- a/charts/cactus-parser/templates/secret.yaml +++ b/charts/cactus-parser/templates/secret.yaml @@ -9,5 +9,6 @@ type: Opaque data: POSTGRES_PASSWORD: {{ .Values.secretData.POSTGRES_PASSWORD | b64enc | quote }} REDIS_PASSWORD: {{ .Values.secretData.REDIS_PASSWORD | b64enc | quote }} + AUTH_JWT_PROFILE: {{ .Values.secretData.AUTH_JWT_PROFILE | b64enc | quote }} {{- end }} diff --git a/charts/cactus-parser/values.yaml b/charts/cactus-parser/values.yaml index 4deb1a6..3ccf7f1 100644 --- a/charts/cactus-parser/values.yaml +++ b/charts/cactus-parser/values.yaml @@ -89,6 +89,7 @@ existingSecretName: "" secretData: POSTGRES_PASSWORD: cactus-parser # This is the password for the postgres database. This should be a random string. REDIS_PASSWORD: cactus-parser # This is the password for the redis database. This should be a random string. + AUTH_JWT_PROFILE: '{"type":"application","keyId":"123","key":"-----BEGIN RSA PRIVATE KEY-----\nexample\n-----END RSA PRIVATE KEY-----\n","appId":"456","clientId":"789"}' # This is the JWT profile for the auth server (IdP). secrets: # cactus-parser: # as: environment From b7c20857d41ea82f07cca3f099aa08ea0b56e070 Mon Sep 17 00:00:00 2001 From: Oskar Levin Date: Wed, 28 Jan 2026 03:11:43 +0800 Subject: [PATCH 3/9] chore: bump cactus-parser version too --- charts/cactus-parser/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cactus-parser/Chart.yaml b/charts/cactus-parser/Chart.yaml index 8a24ab8..f3aa512 100644 --- a/charts/cactus-parser/Chart.yaml +++ b/charts/cactus-parser/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cactus-parser description: Used to deploy parsers that load product data from a source when requested from cactus-backend type: application -version: 0.0.4 +version: 0.0.5 appVersion: "0.0" maintainers: - name: dataviruset From 87c1201cdd1b12db69477b59fbe115d6c5ab6e14 Mon Sep 17 00:00:00 2001 From: Oskar Levin Date: Wed, 28 Jan 2026 03:49:39 +0800 Subject: [PATCH 4/9] fix: try to use envFrom --- charts/cactus-parser/scripts/pre-install.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/charts/cactus-parser/scripts/pre-install.sh b/charts/cactus-parser/scripts/pre-install.sh index e140276..27a47a0 100755 --- a/charts/cactus-parser/scripts/pre-install.sh +++ b/charts/cactus-parser/scripts/pre-install.sh @@ -14,10 +14,7 @@ kubectl create secret \ -o yaml > "$(dirname "$0")/../templates/ecr-testing-secret.yaml" yq -i '.imagePullSecrets[0].name = "matterless-common-ecr-credentials"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".as = "environment"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".items[0].key = "POSTGRES_PASSWORD"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".items[0].envVarName = "POSTGRES_PASSWORD"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".as = "environment"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".as = "envFrom"' "$(dirname "$0")/../values.yaml" yq -i '.secretData.AUTH_JWT_PROFILE = strenv(AUTH_JWT_PROFILE)' "$(dirname "$0")/../values.yaml" yq -i '.secretData.APP_SECRET = strenv(APP_SECRET)' "$(dirname "$0")/../values.yaml" yq -i '.envVars.APP_KEY = strenv(APP_KEY)' "$(dirname "$0")/../values.yaml" From 3c1f7e3a5b4a56b91d01fbfe9c6ffa30e385f76d Mon Sep 17 00:00:00 2001 From: Shuning Date: Wed, 28 Jan 2026 09:39:01 +0800 Subject: [PATCH 5/9] added APP_SECRET to cactus parser --- charts/cactus-parser/scripts/pre-install.sh | 9 ++++++++- charts/cactus-parser/templates/secret.yaml | 1 + charts/cactus-parser/values.yaml | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/cactus-parser/scripts/pre-install.sh b/charts/cactus-parser/scripts/pre-install.sh index 27a47a0..35bbf39 100755 --- a/charts/cactus-parser/scripts/pre-install.sh +++ b/charts/cactus-parser/scripts/pre-install.sh @@ -14,9 +14,16 @@ kubectl create secret \ -o yaml > "$(dirname "$0")/../templates/ecr-testing-secret.yaml" yq -i '.imagePullSecrets[0].name = "matterless-common-ecr-credentials"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".as = "envFrom"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".as = "environment"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[0].key = "POSTGRES_PASSWORD"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[0].envVarName = "POSTGRES_PASSWORD"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[2].key = "AUTH_JWT_PROFILE"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[2].envVarName = "AUTH_JWT_PROFILE"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[3].key = "APP_SECRET"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[3].envVarName = "APP_SECRET"' "$(dirname "$0")/../values.yaml" yq -i '.secretData.AUTH_JWT_PROFILE = strenv(AUTH_JWT_PROFILE)' "$(dirname "$0")/../values.yaml" yq -i '.secretData.APP_SECRET = strenv(APP_SECRET)' "$(dirname "$0")/../values.yaml" +yq -i '.secretData.POSTGRES_PASSWORD = strenv(POSTGRES_PASSWORD)' "$(dirname "$0")/../values.yaml" yq -i '.envVars.APP_KEY = strenv(APP_KEY)' "$(dirname "$0")/../values.yaml" yq -i '.envVars.AUKI_API_URL = "https://api.auki.network"' "$(dirname "$0")/../values.yaml" yq -i '.envVars.AUKI_DDS_URL = "https://dds.auki.network"' "$(dirname "$0")/../values.yaml" diff --git a/charts/cactus-parser/templates/secret.yaml b/charts/cactus-parser/templates/secret.yaml index 3881eee..b7ae090 100644 --- a/charts/cactus-parser/templates/secret.yaml +++ b/charts/cactus-parser/templates/secret.yaml @@ -10,5 +10,6 @@ data: POSTGRES_PASSWORD: {{ .Values.secretData.POSTGRES_PASSWORD | b64enc | quote }} REDIS_PASSWORD: {{ .Values.secretData.REDIS_PASSWORD | b64enc | quote }} AUTH_JWT_PROFILE: {{ .Values.secretData.AUTH_JWT_PROFILE | b64enc | quote }} + APP_SECRET: {{ .Values.secretData.APP_SECRET | b64enc | quote }} {{- end }} diff --git a/charts/cactus-parser/values.yaml b/charts/cactus-parser/values.yaml index 3ccf7f1..b016106 100644 --- a/charts/cactus-parser/values.yaml +++ b/charts/cactus-parser/values.yaml @@ -90,6 +90,7 @@ secretData: POSTGRES_PASSWORD: cactus-parser # This is the password for the postgres database. This should be a random string. REDIS_PASSWORD: cactus-parser # This is the password for the redis database. This should be a random string. AUTH_JWT_PROFILE: '{"type":"application","keyId":"123","key":"-----BEGIN RSA PRIVATE KEY-----\nexample\n-----END RSA PRIVATE KEY-----\n","appId":"456","clientId":"789"}' # This is the JWT profile for the auth server (IdP). + APP_SECRET: cactus-parser # This is the app secret used together with the app key (defined in the envVars section below) to access Auki services. You should obtain it from the apps section of the Auki console. secrets: # cactus-parser: # as: environment From 66376f4dead8d302fd66e55cbddc4724e076f49b Mon Sep 17 00:00:00 2001 From: Shuning Date: Wed, 28 Jan 2026 10:45:18 +0800 Subject: [PATCH 6/9] fixed index --- charts/cactus-parser/scripts/pre-install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/cactus-parser/scripts/pre-install.sh b/charts/cactus-parser/scripts/pre-install.sh index 35bbf39..ebd713e 100755 --- a/charts/cactus-parser/scripts/pre-install.sh +++ b/charts/cactus-parser/scripts/pre-install.sh @@ -17,10 +17,10 @@ yq -i '.imagePullSecrets[0].name = "matterless-common-ecr-credentials"' "$(dirna yq -i '.secrets."cactus-parser".as = "environment"' "$(dirname "$0")/../values.yaml" yq -i '.secrets."cactus-parser".items[0].key = "POSTGRES_PASSWORD"' "$(dirname "$0")/../values.yaml" yq -i '.secrets."cactus-parser".items[0].envVarName = "POSTGRES_PASSWORD"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".items[2].key = "AUTH_JWT_PROFILE"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".items[2].envVarName = "AUTH_JWT_PROFILE"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".items[3].key = "APP_SECRET"' "$(dirname "$0")/../values.yaml" -yq -i '.secrets."cactus-parser".items[3].envVarName = "APP_SECRET"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[1].key = "AUTH_JWT_PROFILE"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[1].envVarName = "AUTH_JWT_PROFILE"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[2].key = "APP_SECRET"' "$(dirname "$0")/../values.yaml" +yq -i '.secrets."cactus-parser".items[2].envVarName = "APP_SECRET"' "$(dirname "$0")/../values.yaml" yq -i '.secretData.AUTH_JWT_PROFILE = strenv(AUTH_JWT_PROFILE)' "$(dirname "$0")/../values.yaml" yq -i '.secretData.APP_SECRET = strenv(APP_SECRET)' "$(dirname "$0")/../values.yaml" yq -i '.secretData.POSTGRES_PASSWORD = strenv(POSTGRES_PASSWORD)' "$(dirname "$0")/../values.yaml" From f3c173f64f515d4b8cc85d59fdfd4bbfd85e6fbf Mon Sep 17 00:00:00 2001 From: Shuning Date: Wed, 28 Jan 2026 11:39:00 +0800 Subject: [PATCH 7/9] POSTGRES_PASSWORD is not needed --- charts/cactus-parser/scripts/pre-install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/cactus-parser/scripts/pre-install.sh b/charts/cactus-parser/scripts/pre-install.sh index ebd713e..2db2fc8 100755 --- a/charts/cactus-parser/scripts/pre-install.sh +++ b/charts/cactus-parser/scripts/pre-install.sh @@ -23,7 +23,6 @@ yq -i '.secrets."cactus-parser".items[2].key = "APP_SECRET"' "$(dirname "$0")/.. yq -i '.secrets."cactus-parser".items[2].envVarName = "APP_SECRET"' "$(dirname "$0")/../values.yaml" yq -i '.secretData.AUTH_JWT_PROFILE = strenv(AUTH_JWT_PROFILE)' "$(dirname "$0")/../values.yaml" yq -i '.secretData.APP_SECRET = strenv(APP_SECRET)' "$(dirname "$0")/../values.yaml" -yq -i '.secretData.POSTGRES_PASSWORD = strenv(POSTGRES_PASSWORD)' "$(dirname "$0")/../values.yaml" yq -i '.envVars.APP_KEY = strenv(APP_KEY)' "$(dirname "$0")/../values.yaml" yq -i '.envVars.AUKI_API_URL = "https://api.auki.network"' "$(dirname "$0")/../values.yaml" yq -i '.envVars.AUKI_DDS_URL = "https://dds.auki.network"' "$(dirname "$0")/../values.yaml" From 6197668a8555525fec5384de3ca84280bf4dfbd2 Mon Sep 17 00:00:00 2001 From: Shuning Date: Wed, 28 Jan 2026 12:14:21 +0800 Subject: [PATCH 8/9] remove AUTH_JWT_PROFILE and APP_SECRET from cactus parser values.yaml --- charts/cactus-parser/templates/secret.yaml | 8 ++------ charts/cactus-parser/values.yaml | 2 -- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/charts/cactus-parser/templates/secret.yaml b/charts/cactus-parser/templates/secret.yaml index b7ae090..6265758 100644 --- a/charts/cactus-parser/templates/secret.yaml +++ b/charts/cactus-parser/templates/secret.yaml @@ -6,10 +6,6 @@ metadata: labels: {{- include "cactus-parser.labels" . | nindent 4 }} type: Opaque -data: - POSTGRES_PASSWORD: {{ .Values.secretData.POSTGRES_PASSWORD | b64enc | quote }} - REDIS_PASSWORD: {{ .Values.secretData.REDIS_PASSWORD | b64enc | quote }} - AUTH_JWT_PROFILE: {{ .Values.secretData.AUTH_JWT_PROFILE | b64enc | quote }} - APP_SECRET: {{ .Values.secretData.APP_SECRET | b64enc | quote }} +stringData: + {{- toYaml .Values.secretData | nindent 2 }} {{- end }} - diff --git a/charts/cactus-parser/values.yaml b/charts/cactus-parser/values.yaml index b016106..4deb1a6 100644 --- a/charts/cactus-parser/values.yaml +++ b/charts/cactus-parser/values.yaml @@ -89,8 +89,6 @@ existingSecretName: "" secretData: POSTGRES_PASSWORD: cactus-parser # This is the password for the postgres database. This should be a random string. REDIS_PASSWORD: cactus-parser # This is the password for the redis database. This should be a random string. - AUTH_JWT_PROFILE: '{"type":"application","keyId":"123","key":"-----BEGIN RSA PRIVATE KEY-----\nexample\n-----END RSA PRIVATE KEY-----\n","appId":"456","clientId":"789"}' # This is the JWT profile for the auth server (IdP). - APP_SECRET: cactus-parser # This is the app secret used together with the app key (defined in the envVars section below) to access Auki services. You should obtain it from the apps section of the Auki console. secrets: # cactus-parser: # as: environment From 125db5484ce0c11f5da1bd5a4a2ad76e8a68054c Mon Sep 17 00:00:00 2001 From: Oskar Levin Date: Fri, 30 Jan 2026 17:50:37 +0800 Subject: [PATCH 9/9] chore: change away from stringData in secret, update comments --- charts/cactus-parser/templates/secret.yaml | 6 ++++-- charts/cactus-parser/values.yaml | 14 ++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/cactus-parser/templates/secret.yaml b/charts/cactus-parser/templates/secret.yaml index 6265758..0875089 100644 --- a/charts/cactus-parser/templates/secret.yaml +++ b/charts/cactus-parser/templates/secret.yaml @@ -6,6 +6,8 @@ metadata: labels: {{- include "cactus-parser.labels" . | nindent 4 }} type: Opaque -stringData: - {{- toYaml .Values.secretData | nindent 2 }} +data: + {{- range $key, $value := .Values.secretData }} + {{ $key }}: {{ $value | b64enc | quote }} + {{- end }} {{- end }} diff --git a/charts/cactus-parser/values.yaml b/charts/cactus-parser/values.yaml index 4deb1a6..9fa94d2 100644 --- a/charts/cactus-parser/values.yaml +++ b/charts/cactus-parser/values.yaml @@ -87,8 +87,8 @@ monitoring: useExistingSecret: false existingSecretName: "" secretData: - POSTGRES_PASSWORD: cactus-parser # This is the password for the postgres database. This should be a random string. - REDIS_PASSWORD: cactus-parser # This is the password for the redis database. This should be a random string. + POSTGRES_PASSWORD: cactus-parser # Can be commented out if you're not using the default PIDB parser. Otherwise make sure this matches the postgres.auth.password value. + REDIS_PASSWORD: cactus-parser # Can be commented out if you're not using the default PIDB parser. Otherwise make sure this matches the redis.auth.password value. secrets: # cactus-parser: # as: environment @@ -177,13 +177,14 @@ persistentVolume: # https://github.com/bitnami/charts/tree/postgresql/16.7.27/bitnami/postgresql#parameters postgresql: - # If true, the PostgreSQL dependency is enabled + # If true, the PostgreSQL dependency is enabled. + # You can disable it if you want to use an external database or if you are not using the default PIDB parser. enabled: true image: repository: bitnamilegacy/postgresql auth: username: cactus-parser - password: cactus-parser + password: cactus-parser # Make sure this matches the POSTGRES_PASSWORD in the secretData section. Also, don't use the default password in production! database: cactus-parser primary: # resources: @@ -201,7 +202,8 @@ postgresql: # https://github.com/bitnami/charts/tree/redis/22.0.7/bitnami/redis#parameters redis: - # If true, the Redis dependency is enabled + # If true, the Redis dependency is enabled. + # You can disable it if you want to use an external Redis instance or if you are not using the default PIDB parser. enabled: false image: repository: bitnamilegacy/redis @@ -244,7 +246,7 @@ redis: - FLUSHDB auth: enabled: true - password: cactus-parser + password: cactus-parser # Make sure this matches the REDIS_PASSWORD in the secretData section. Also, don't use the default password in production! fullnameOverride: redis postgresqlha: