kube/passmower/values.yaml

96 lines
3.1 KiB
YAML

---
nameOverride: ""
fullnameOverride: ""
passmower:
# Hostname on which Passmower will be deployed to. Will be used as ingress host.
host: "auth.k-space.ee"
# Local groups will be created with given prefix.
group_prefix: 'k-space'
# Local or remote group which members will automatically become admins.
admin_group: 'k-space:onboarding'
# If set, require all users to be member of the given local or remote group.
# required_group: ""
# GitHub organization to pull groups from. Set to keep users other organizations private from Passmower.
github_organization: "codemowers"
# Allow enrolling new users automatically. Actual access will be based on required_group parameter. Disable to only manually provision users.
enroll_users: false
# Comma-separated, wildcard enabled namespace selector to select, in which namespaces Passmower looks for client CRDs.
namespace_selector: "*"
# Domain which will be preferred for determining primary emails.
preferred_email_domain: 'k-space.ee'
# Require users to set a custom username instead of system generated one. Will be used as OIDCUser CRD name and OIDC username claim.
require_custom_username: true
# Normalize incoming email addresses by removing aliases (e.g. username+alias@gmail.com) etc.
normalize_email_addresses: true
# Email credentials secret name. Secret must contain EMAIL_HOST, EMAIL_PASSWORD, EMAIL_PORT, EMAIL_SSL and EMAIL_USERNAME
email_credentials_secretRef: "email-credentials"
# GitHub OAuth client secret name. Secret must contain GH_CLIENT_ID and GH_CLIENT_SECRET
github_client_secretRef: "github-client"
# Slack API client secret name. Secret must contain SLACK_TOKEN
slack_client_secretRef: "slack-client"
# Different texts displayed and sent to the user
texts:
approval:
configMapRef:
name: passmower-approval
emails:
configMapRef:
name: passmower-email-templates
terms_of_service:
configMapRef:
name: passmower-tos
redis:
# Requires the Codemowers redis-operator to be installed: https://github.com/codemowers/operatorlib/tree/main/samples/redis-operator
redisClaim:
enabled: false
spec:
capacity: 100Mi
class: ephemeral
# Deploys a simple, non persistent Redis deployment.
internal:
enabled: false
# Use your own implementation - just provide a secret with a valid Redis URL.
external:
enabled: true
secretKeyRef:
name: "dragonfly-auth"
key: "REDIS_URI"
service:
type: ClusterIP
port: 80
ingress:
className: ""
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
external-dns.alpha.kubernetes.io/hostname: auth.k-space.ee,auth2.k-space.ee
tls:
- hosts:
- "*.k-space.ee"
# image:
# repository: docker.com/passmower/passmower
# pullPolicy: IfNotPresent
# # Overrides the image tag whose default is the chart appVersion.
# tag: "develop"
podSecurityContext: {}
securityContext: {}
replicaCount: 3
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}