kube/passmower/values.yaml

---
nameOverride: ""
fullnameOverride: ""

passmower:
  # Hostname on which Passmower will be deployed to. Will be used as ingress host.
  host: "auth.k-space.ee"
  # Local groups will be created with given prefix.
  group_prefix: 'k-space'
  # Local or remote group which members will automatically become admins.
  admin_group: 'k-space:onboarding'
  # If set, require all users to be member of the given local or remote group.
  # required_group: ""
  # GitHub organization to pull groups from. Set to keep users other organizations private from Passmower.
  github_organization: "codemowers"
  # Allow enrolling new users automatically. Actual access will be based on required_group parameter. Disable to only manually provision users.
  enroll_users: false
  # Comma-separated, wildcard enabled namespace selector to select, in which namespaces Passmower looks for client CRDs.
  namespace_selector: "*"
  # Domain which will be preferred for determining primary emails.
  preferred_email_domain: 'k-space.ee'
  # Require users to set a custom username instead of system generated one. Will be used as OIDCUser CRD name and OIDC username claim.
  require_custom_username: true
  # Normalize incoming email addresses by removing aliases (e.g. username+alias@gmail.com) etc.
  normalize_email_addresses: true
  # Email credentials secret name. Secret must contain EMAIL_HOST, EMAIL_PASSWORD, EMAIL_PORT, EMAIL_SSL and EMAIL_USERNAME
  email_credentials_secretRef: "email-credentials"
  # GitHub OAuth client secret name. Secret must contain GH_CLIENT_ID and GH_CLIENT_SECRET
  github_client_secretRef: "github-client"
  # Slack API client secret name. Secret must contain SLACK_TOKEN
  slack_client_secretRef: "slack-client"
  # Different texts displayed and sent to the user
  texts:
    approval:
      configMapRef:
        name: passmower-approval
    emails:
      configMapRef:
        name: passmower-email-templates
    terms_of_service:
      configMapRef:
        name: passmower-tos

redis:
  # Requires the Codemowers redis-operator to be installed: https://github.com/codemowers/operatorlib/tree/main/samples/redis-operator
  redisClaim:
    enabled: false
    spec:
      capacity: 100Mi
      class: ephemeral
  # Deploys a simple, non persistent Redis deployment.
  internal:
    enabled: false
  # Use your own implementation - just provide a secret with a valid Redis URL.
  external:
    enabled: true
    secretKeyRef:
      name: "dragonfly-auth"
      key: "REDIS_URI"

service:
  type: ClusterIP
  port: 80

ingress:
  className: ""
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
    external-dns.alpha.kubernetes.io/hostname: auth.k-space.ee,auth2.k-space.ee
  tls:
    - hosts:
        - "*.k-space.ee"

image:
  repository: passmower/passmower
  pullPolicy: Always
  # Overrides the image tag whose default is the chart appVersion.
  tag: "develop"

podSecurityContext: {}

securityContext: {}

replicaCount: 3

resources: {}

nodeSelector: {}

tolerations: []

affinity: {}
passmower: Cleanup 2024-08-14 05:12:37 +00:00			`---`
migrate to new passmower 2024-07-27 00:15:41 +00:00			`nameOverride: ""`
			`fullnameOverride: ""`

			`passmower:`
			`# Hostname on which Passmower will be deployed to. Will be used as ingress host.`
			`host: "auth.k-space.ee"`
			`# Local groups will be created with given prefix.`
passmower: Cleanup 2024-08-14 05:12:37 +00:00			`group_prefix: 'k-space'`
migrate to new passmower 2024-07-27 00:15:41 +00:00			`# Local or remote group which members will automatically become admins.`
			`admin_group: 'k-space:onboarding'`
			`# If set, require all users to be member of the given local or remote group.`
			`# required_group: ""`
			`# GitHub organization to pull groups from. Set to keep users other organizations private from Passmower.`
			`github_organization: "codemowers"`
			`# Allow enrolling new users automatically. Actual access will be based on required_group parameter. Disable to only manually provision users.`
			`enroll_users: false`
			`# Comma-separated, wildcard enabled namespace selector to select, in which namespaces Passmower looks for client CRDs.`
			`namespace_selector: "*"`
			`# Domain which will be preferred for determining primary emails.`
passmower: Cleanup 2024-08-14 05:12:37 +00:00			`preferred_email_domain: 'k-space.ee'`
migrate to new passmower 2024-07-27 00:15:41 +00:00			`# Require users to set a custom username instead of system generated one. Will be used as OIDCUser CRD name and OIDC username claim.`
			`require_custom_username: true`
			`# Normalize incoming email addresses by removing aliases (e.g. username+alias@gmail.com) etc.`
			`normalize_email_addresses: true`
			`# Email credentials secret name. Secret must contain EMAIL_HOST, EMAIL_PASSWORD, EMAIL_PORT, EMAIL_SSL and EMAIL_USERNAME`
			`email_credentials_secretRef: "email-credentials"`
			`# GitHub OAuth client secret name. Secret must contain GH_CLIENT_ID and GH_CLIENT_SECRET`
			`github_client_secretRef: "github-client"`
			`# Slack API client secret name. Secret must contain SLACK_TOKEN`
			`slack_client_secretRef: "slack-client"`
			`# Different texts displayed and sent to the user`
			`texts:`
			`approval:`
			`configMapRef:`
			`name: passmower-approval`
			`emails:`
			`configMapRef:`
			`name: passmower-email-templates`
			`terms_of_service:`
			`configMapRef:`
			`name: passmower-tos`
passmower: Cleanup 2024-08-14 05:12:37 +00:00
migrate to new passmower 2024-07-27 00:15:41 +00:00			`redis:`
			`# Requires the Codemowers redis-operator to be installed: https://github.com/codemowers/operatorlib/tree/main/samples/redis-operator`
			`redisClaim:`
			`enabled: false`
			`spec:`
			`capacity: 100Mi`
			`class: ephemeral`
			`# Deploys a simple, non persistent Redis deployment.`
			`internal:`
			`enabled: false`
			`# Use your own implementation - just provide a secret with a valid Redis URL.`
			`external:`
			`enabled: true`
			`secretKeyRef:`
			`name: "dragonfly-auth"`
			`key: "REDIS_URI"`

			`service:`
			`type: ClusterIP`
			`port: 80`

			`ingress:`
			`className: ""`
			`annotations:`
			`kubernetes.io/ingress.class: traefik`
			`traefik.ingress.kubernetes.io/router.entrypoints: websecure`
			`traefik.ingress.kubernetes.io/router.tls: "true"`
			`external-dns.alpha.kubernetes.io/target: traefik.k-space.ee`
fix redirects 2024-07-28 12:37:19 +00:00			`external-dns.alpha.kubernetes.io/hostname: auth.k-space.ee,auth2.k-space.ee`
migrate to new passmower 2024-07-27 00:15:41 +00:00			`tls:`
			`- hosts:`
			`- "*.k-space.ee"`

			`image:`
			`repository: passmower/passmower`
			`pullPolicy: Always`
			`# Overrides the image tag whose default is the chart appVersion.`
			`tag: "develop"`

			`podSecurityContext: {}`

			`securityContext: {}`

passmower: run in 3 replicas 2024-08-08 12:53:47 +00:00			`replicaCount: 3`
migrate to new passmower 2024-07-27 00:15:41 +00:00
			`resources: {}`

			`nodeSelector: {}`

			`tolerations: []`

			`affinity: {}`