cvat-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: cvat-config
data:
  cvatSettings: |
    from cvat.settings.production import *
    DEBUG = False

    for key in RQ_QUEUES:
        RQ_QUEUES[key]['HOST'] = os.getenv('CVAT_REDIS_HOST', 'cvat_redis')

    CACHEOPS_REDIS['host'] = os.getenv('CVAT_REDIS_HOST', 'cvat_redis')
    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql',
            'HOST': os.getenv('CVAT_POSTGRES_HOST', 'cvat_db'),
            'NAME': os.getenv('CVAT_POSTGRES_DBNAME', 'cvat'),
            'USER': os.getenv('CVAT_POSTGRES_USER', 'root'),
            'PASSWORD': os.getenv('CVAT_POSTGRES_PASSWORD', ''),
        }
    }

    # add custom apps here
    import ldap
    from django_auth_ldap.config import LDAPSearch, NestedActiveDirectoryGroupType

    DJANGO_AUTH_TYPE = 'LDAP'
    AUTH_LOGIN_NOTE = '''<p>
        For successful login please make sure you are member of cvat_users group
    </p>'''

    # Baseline configuration.
    AUTH_LDAP_SERVER_URI = "ldap://<ldap-host>:<ldap-port>"

    # Credentials for LDAP server
    AUTH_LDAP_BIND_DN = "<username>"
    AUTH_LDAP_BIND_PASSWORD = "<password>"

    # Set up basic user search
    AUTH_LDAP_USER_SEARCH = LDAPSearch("<params>",
        ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

    # Set up the basic group parameters.
    AUTH_LDAP_GROUP_SEARCH = LDAPSearch("<params>",
        ldap.SCOPE_SUBTREE, "(objectClass=group)")
    AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()

    # Populate the Django user from the LDAP directory.
    AUTH_LDAP_USER_ATTR_MAP = {
        "first_name": "givenName",
        "last_name": "sn",
        "email": "mail",
    }

    AUTH_LDAP_ALWAYS_UPDATE_USER = True

    # Cache group memberships for an hour to minimize LDAP traffic
    AUTH_LDAP_CACHE_GROUPS = True
    AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
    AUTH_LDAP_AUTHORIZE_ALL_USERS = True

    # Keep ModelBackend around for per-user permissions and maybe a local
    # superuser.
    AUTHENTICATION_BACKENDS += ['django_auth_ldap.backend.LDAPBackend']

    AUTH_LDAP_ADMIN_GROUPS = [
        'CN=cvat_admin,<params>',
    ]

    AUTH_LDAP_ANNOTATOR_GROUPS = [
        'CN=data_annotation,<params>',
    ]

    AUTH_LDAP_USER_GROUPS = [
        'CN=cvat_users,<params>',
    ]

    AUTH_LDAP_OBSERVER_GROUPS = [
        'CN=cvat_users,<params>',
    ]
  cvatProxyConfig: |
    server {
      listen       80;
      server_name  cvat.tacc.utexas.edu;

      proxy_pass_header       X-CSRFToken;
      proxy_set_header        Host $http_host;
      proxy_pass_header       Set-Cookie;

      location ~* /api/.*|git/.*|analytics/.*|static/.*|admin(?:/(.*))?.*|documentation/.*|django-rq(?:/(.*))? {
        proxy_pass              http://cvat:8080;
      }

      location / {
        proxy_pass              http://cvat-ui;
      }
    }
  nginxConfig: |
    worker_processes 2;


    events {
        worker_connections  1024;
    }

    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile      on;
        keepalive_timeout  65;
        # For long domain names (e.g. AWS hosts)
        server_names_hash_bucket_size 128;

        include /etc/nginx/conf.d/*.conf;
        client_max_body_size 0;
    }