core/installer/values-tmpl/penpot.yaml - pcloud - Gitiles

 apiVersion: hydra.ory.sh/v1alpha1
 kind: OAuth2Client
 metadata:
   name: penpot
   namespace: {{ .Release.Namespace }}
 spec:
   grantTypes:
   - authorization_code
   responseTypes:
   - code
   scope: "openid profile email"
   secretName: oauth2-credentials # TODO(gio): config
   redirectUris:
   - https://{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}/api/auth/oauth/oidc/callback # TODO
   hydraAdmin:
     endpoint: /admin/clients
     forwardedProto: https
     port: 80
     url: http://hydra-admin.esrt-core-auth.svc.cluster.local
   tokenEndpointAuthMethod: client_secret_post
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: penpot
   namespace: {{ .Release.Namespace }}
 spec:
   chart:
     spec:
       chart: charts/penpot
       sourceRef:
         kind: GitRepository
         name: pcloud
         namespace: {{ .Global.Id }}
   interval: 1m0s
   values:
     global:
       postgresqlEnabled: true
       redisEnabled: true
     fullnameOverride: penpot
     frontend:
       ingress:
         enabled: true
         className: {{ .Values.Network.IngressClass }}
         {{ if .Values.Network.CertificateIssuer }}
         annotations:
           acme.cert-manager.io/http01-edit-in-place: "true"
           cert-manager.io/cluster-issuer: "{{ .Values.Network.CertificateIssuer }}"
         {{ end }}
         hosts:
         - "{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}"
         tls:
         - hosts:
           - "{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}"
           secretName: cert-{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}
     persistence:
       enabled: true
     config:
       publicURI: https://{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}
       # flags: "enable-registration enable-login"
       flags: "enable-login-with-oidc enable-registration enable-insecure-register disable-demo-users disable-demo-warning" # TODO(gio): remove enable-insecure-register?
       postgresql:
         host: penpot-postgresql.{{ .Release.Namespace }}.svc.cluster.local
         database: penpot
         username: penpot
         password: penpot
       redis:
         host: penpot-redis-headless.{{ .Release.Namespace }}.svc.cluster.local
       providers:
         oidc:
           enabled: true
           baseURI: https://hydra.{{ .Global.Domain }}
           clientID: ""
           clientSecret: ""
           authURI: ""
           tokenURI: ""
           userURI: ""
           roles: ""
           rolesAttribute: ""
           scopes: ""
           nameAttribute: "name"
           emailAttribute: "email"
         existingSecret: oauth2-credentials
         secretKeys:
           oidcClientIDKey: client_id
           oidcClientSecretKey: client_secret
     redis:
       image:
         tag: 7.0.8-debian-11-r16
     postgresql:
       image:
         tag: 15.3.0-debian-11-r16
       auth:
         username: penpot
         password: penpot
         database: penpot
	apiVersion: hydra.ory.sh/v1alpha1
	kind: OAuth2Client
	metadata:
	name: penpot
	namespace: {{ .Release.Namespace }}
	spec:
	grantTypes:
	- authorization_code
	responseTypes:
	- code
	scope: "openid profile email"
	secretName: oauth2-credentials # TODO(gio): config
	redirectUris:
	- https://{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}/api/auth/oauth/oidc/callback # TODO
	hydraAdmin:
	endpoint: /admin/clients
	forwardedProto: https
	port: 80
	url: http://hydra-admin.esrt-core-auth.svc.cluster.local
	tokenEndpointAuthMethod: client_secret_post
	---
	apiVersion: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	metadata:
	name: penpot
	namespace: {{ .Release.Namespace }}
	spec:
	chart:
	spec:
	chart: charts/penpot
	sourceRef:
	kind: GitRepository
	name: pcloud
	namespace: {{ .Global.Id }}
	interval: 1m0s
	values:
	global:
	postgresqlEnabled: true
	redisEnabled: true
	fullnameOverride: penpot
	frontend:
	ingress:
	enabled: true
	className: {{ .Values.Network.IngressClass }}
	{{ if .Values.Network.CertificateIssuer }}
	annotations:
	acme.cert-manager.io/http01-edit-in-place: "true"
	cert-manager.io/cluster-issuer: "{{ .Values.Network.CertificateIssuer }}"
	{{ end }}
	hosts:
	- "{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}"
	tls:
	- hosts:
	- "{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}"
	secretName: cert-{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}
	persistence:
	enabled: true
	config:
	publicURI: https://{{ .Values.Subdomain }}.{{ .Values.Network.Domain }}
	# flags: "enable-registration enable-login"
	flags: "enable-login-with-oidc enable-registration enable-insecure-register disable-demo-users disable-demo-warning" # TODO(gio): remove enable-insecure-register?
	postgresql:
	host: penpot-postgresql.{{ .Release.Namespace }}.svc.cluster.local
	database: penpot
	username: penpot
	password: penpot
	redis:
	host: penpot-redis-headless.{{ .Release.Namespace }}.svc.cluster.local
	providers:
	oidc:
	enabled: true
	baseURI: https://hydra.{{ .Global.Domain }}
	clientID: ""
	clientSecret: ""
	authURI: ""
	tokenURI: ""
	userURI: ""
	roles: ""
	rolesAttribute: ""
	scopes: ""
	nameAttribute: "name"
	emailAttribute: "email"
	existingSecret: oauth2-credentials
	secretKeys:
	oidcClientIDKey: client_id
	oidcClientSecretKey: client_secret
	redis:
	image:
	tag: 7.0.8-debian-11-r16
	postgresql:
	image:
	tag: 15.3.0-debian-11-r16
	auth:
	username: penpot
	password: penpot
	database: penpot