2024-08-14 05:12:37 +00:00
---
2024-07-27 00:15:41 +00:00
nameOverride : ""
fullnameOverride : ""
passmower :
# Hostname on which Passmower will be deployed to. Will be used as ingress host.
host : "auth.k-space.ee"
# Local groups will be created with given prefix.
2024-08-14 05:12:37 +00:00
group_prefix : 'k-space'
2024-07-27 00:15:41 +00:00
# Local or remote group which members will automatically become admins.
admin_group : 'k-space:onboarding'
# If set, require all users to be member of the given local or remote group.
# required_group: ""
# GitHub organization to pull groups from. Set to keep users other organizations private from Passmower.
github_organization : "codemowers"
# Allow enrolling new users automatically. Actual access will be based on required_group parameter. Disable to only manually provision users.
enroll_users : false
2024-08-29 11:38:44 +00:00
# Disable making changes to users on their profile or via admin panel - use for enforcing GitOps practices via OIDCUser spec.
disable_frontend_edit : true
2024-07-27 00:15:41 +00:00
# Comma-separated, wildcard enabled namespace selector to select, in which namespaces Passmower looks for client CRDs.
namespace_selector : "*"
# Domain which will be preferred for determining primary emails.
2024-08-14 05:12:37 +00:00
preferred_email_domain : 'k-space.ee'
2024-07-27 00:15:41 +00:00
# Require users to set a custom username instead of system generated one. Will be used as OIDCUser CRD name and OIDC username claim.
require_custom_username : true
# Normalize incoming email addresses by removing aliases (e.g. username+alias@gmail.com) etc.
normalize_email_addresses : true
# Email credentials secret name. Secret must contain EMAIL_HOST, EMAIL_PASSWORD, EMAIL_PORT, EMAIL_SSL and EMAIL_USERNAME
email_credentials_secretRef : "email-credentials"
# GitHub OAuth client secret name. Secret must contain GH_CLIENT_ID and GH_CLIENT_SECRET
github_client_secretRef : "github-client"
# Slack API client secret name. Secret must contain SLACK_TOKEN
slack_client_secretRef : "slack-client"
# Different texts displayed and sent to the user
texts :
approval :
configMapRef :
name : passmower-approval
emails :
configMapRef :
name : passmower-email-templates
terms_of_service :
configMapRef :
name : passmower-tos
2024-08-29 11:38:44 +00:00
disable_frontend_edit :
content : "Edit users via [the members repo](https://git.k-space.ee/k-space/members). The repository is automatically synced to cluster via [ArgoCD](https://argocd.k-space.ee/applications/argocd/members?view=tree&resource=)"
2024-08-14 05:12:37 +00:00
2024-07-27 00:15:41 +00:00
redis :
# Requires the Codemowers redis-operator to be installed: https://github.com/codemowers/operatorlib/tree/main/samples/redis-operator
redisClaim :
enabled : false
spec :
capacity : 100Mi
class : ephemeral
# Deploys a simple, non persistent Redis deployment.
internal :
enabled : false
# Use your own implementation - just provide a secret with a valid Redis URL.
external :
enabled : true
secretKeyRef :
name : "dragonfly-auth"
key : "REDIS_URI"
service :
type : ClusterIP
port : 80
ingress :
className : ""
annotations :
kubernetes.io/ingress.class : traefik
traefik.ingress.kubernetes.io/router.entrypoints : websecure
traefik.ingress.kubernetes.io/router.tls : "true"
external-dns.alpha.kubernetes.io/target : traefik.k-space.ee
2024-07-28 12:37:19 +00:00
external-dns.alpha.kubernetes.io/hostname : auth.k-space.ee,auth2.k-space.ee
2024-07-27 00:15:41 +00:00
tls :
- hosts :
- "*.k-space.ee"
2024-08-27 12:58:05 +00:00
# image:
# repository: docker.com/passmower/passmower
# pullPolicy: IfNotPresent
# # Overrides the image tag whose default is the chart appVersion.
# tag: "develop"
2024-07-27 00:15:41 +00:00
podSecurityContext : {}
securityContext : {}
2025-01-01 23:25:04 +00:00
replicaCount : 4
2024-07-27 00:15:41 +00:00
resources : {}
nodeSelector : {}
tolerations : [ ]
affinity : {}