fix(newt): update Helm install credentials and client flag handling

Use a Kubernetes Secret for Newt Helm chart credentials and configure the chart with auth.existingSecretName instead of passing credential values through auth.keys.*. Add Helm-specific acceptClients handling so the generated Kubernetes command sets newtInstances[0].acceptClients=true when client connections are enabled.
2026-05-04 11:34:19 +00:00 · 2026-05-03 15:07:42 +02:00
1 changed files with 16 additions and 7 deletions
--- a/src/components/newt-install-commands.tsx
+++ b/src/components/newt-install-commands.tsx
@@ -52,6 +52,10 @@ export function NewtSiteInstallCommands({
    const acceptClientsEnv = !acceptClients
        ? "\n      - DISABLE_CLIENTS=true"
        : "";
    const acceptClientsHelmValue = acceptClients
        ? ` \\
      --set newtInstances[0].acceptClients=true`
        : "";
    const commandList: Record<Platform, Record<string, CommandItem[]>> = {
        linux: {
@@ -162,13 +166,18 @@ sudo systemctl enable --now newt`
            "Helm Chart": [
                `helm repo add fossorial https://charts.fossorial.io`,
                `helm repo update fossorial`,
-                `helm install newt fossorial/newt \\
+                `kubectl create namespace newt --dry-run=client -o yaml | kubectl apply -f -`,
-    --create-namespace \\
+                `kubectl create secret generic newt-main-tunnel-auth \\
-    --set newtInstances[0].name="main-tunnel" \\
+   -n newt \\
-    --set newtInstances[0].enabled=true \\
+  --from-literal=PANGOLIN_ENDPOINT="${endpoint}" \\
-    --set-string newtInstances[0].auth.keys.endpointKey="${endpoint}" \\
+  --from-literal=NEWT_ID="${id}" \\
-    --set-string newtInstances[0].auth.keys.idKey="${id}" \\
+  --from-literal=NEWT_SECRET="${secret}" \\
-    --set-string newtInstances[0].auth.keys.secretKey="${secret}"`
+  --dry-run=client -o yaml | kubectl apply -f -`,
                `helm upgrade --install newt fossorial/newt \\
  -n newt \\
  --set newtInstances[0].name="main-tunnel" \\
  --set newtInstances[0].enabled=true \\
  --set-string newtInstances[0].auth.existingSecretName="newt-main-tunnel-auth"${acceptClientsHelmValue}`
            ]
        },
        podman: {