Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 0c5b8bebda895075dfc6d8ffb2c61329a0438542 / . / core / installer / values-tmpl / core-auth.yaml
blob: a454c3b3790adcef6c702564c2993de75b07ff69 [file] [log] [blame]
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]1apiVersion: helm.toolkit.fluxcd.io/v2beta1
2kind: HelmRelease
3metadata:
4 name: core-auth
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]5 namespace: {{ .Global.NamespacePrefix }}core-auth
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]6spec:
7 chart:
8 spec:
9 chart: charts/auth
10 sourceRef:
11 kind: GitRepository
12 name: pcloud
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]13 namespace: {{ .Global.Id }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]14 dependsOn:
15 - name: core-auth-storage
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]16 namespace: {{ .Global.NamespacePrefix }}core-auth
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]17 interval: 1m0s
18 values:
19 kratos:
20 fullnameOverride: kratos
21 image:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]22 repository: oryd/kratos
23 tag: v0.13.0
24 pullPolicy: IfNotPresent
25 # repository: giolekva/ory-kratos
26 # tag: latest
27 # pullPolicy: Always
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]28 service:
29 admin:
30 enabled: true
31 type: ClusterIP
32 port: 80
33 name: http
34 public:
35 enabled: true
36 type: ClusterIP
37 port: 80
38 name: http
39 ingress:
40 admin:
41 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]42 className: {{ .Global.Id }}-ingress-private
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]43 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]44 - host: kratos.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]45 paths:
46 - path: /
47 pathType: Prefix
48 tls:
49 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]50 - kratos.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]51 public:
52 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]53 className: {{ .Global.PCloudEnvName }}-ingress-public
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]54 annotations:
55 acme.cert-manager.io/http01-edit-in-place: "true"
56 cert-manager.io/cluster-issuer: {{ .Global.Id }}-public
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]57 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]58 - host: accounts.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]59 paths:
60 - path: /
61 pathType: Prefix
62 tls:
63 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]64 - accounts.{{ .Global.Domain }}
65 secretName: cert-accounts.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]66 secret:
67 enabled: true
68 kratos:
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]69 automigration:
70 enabled: true
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]71 development: false
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]72 courier:
73 enabled: false
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]74 config:
75 version: v0.7.1-alpha.1
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]76 dsn: postgres://kratos:kratos@postgres.lekva-core-auth.svc:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]77 serve:
78 public:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]79 base_url: https://accounts.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]80 cors:
81 enabled: true
82 debug: false
83 allow_credentials: true
84 allowed_origins:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]85 - https://{{ .Global.Domain }}
86 - https://*.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]87 admin:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]88 base_url: https://kratos.p.{{ .Global.Domain }}/
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]89 selfservice:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]90 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]91 # whitelisted_return_urls:
92 # - https://accounts-ui.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]93 methods:
94 password:
95 enabled: true
96 flows:
97 error:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]98 ui_url: https://accounts-ui.{{ .Global.Domain }}/error
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]99 settings:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]100 ui_url: https://accounts-ui.{{ .Global.Domain }}/settings
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]101 privileged_session_max_age: 15m
102 recovery:
103 enabled: false
104 verification:
105 enabled: false
106 logout:
107 after:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]108 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}/login
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]109 login:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]110 ui_url: https://accounts-ui.{{ .Global.Domain }}/login
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]111 lifespan: 10m
112 after:
113 password:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]114 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}/
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]115 registration:
116 lifespan: 10m
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]117 ui_url: https://accounts-ui.{{ .Global.Domain }}/registration
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]118 after:
119 password:
120 hooks:
121 -
122 hook: session
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]123 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}/
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]124 log:
125 level: debug
126 format: text
127 leak_sensitive_values: true
128 cookies:
129 path: /
130 same_site: None
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]131 domain: {{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]132 secrets:
133 cookie:
134 - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
135 # cipher:
136 # - 32-LONG-SECRET-NOT-SECURE-AT-ALL
137 # ciphers:
138 # algorithm: xchacha20-poly1305
139 hashers:
140 argon2:
141 parallelism: 1
142 memory: 128MB
143 iterations: 2
144 salt_length: 16
145 key_length: 16
146 identity:
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]147 schemas:
148 - id: user
149 url: file:///etc/config/identity.schema.json
150 default_schema_id: user
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]151 courier:
152 smtp:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]153 connection_uri: smtps://test-z1VmkYfYPjgdPRgPFgmeZ31esT9rUgS%40{{ .Global.Domain }}:iW%213Kk%5EPPLFrZa%24%21bbpTPN9Wv3b8mvwS6ZJvMLtce%23A2%2A4MotD@mx1.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]154 identitySchemas:
155 "identity.schema.json": |
156 {
157 "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
158 "$schema": "http://json-schema.org/draft-07/schema#",
159 "title": "User",
160 "type": "object",
161 "properties": {
162 "traits": {
163 "type": "object",
164 "properties": {
165 "username": {
166 "type": "string",
167 "format": "username",
168 "title": "Username",
169 "minLength": 3,
170 "ory.sh/kratos": {
171 "credentials": {
172 "password": {
173 "identifier": true
174 }
175 }
176 }
177 }
178 },
179 "additionalProperties": false
180 }
181 }
182 }
183 hydra:
184 fullnameOverride: hydra
185 image:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]186 repository: oryd/hydra
187 tag: v2.1.2
188 pullPolicy: IfNotPresent
189 # repository: giolekva/ory-hydra
190 # tag: latest
191 # pullPolicy: Always
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]192 service:
193 admin:
194 enabled: true
195 type: ClusterIP
196 port: 80
197 name: http
198 public:
199 enabled: true
200 type: ClusterIP
201 port: 80
202 name: http
203 ingress:
204 admin:
205 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]206 className: {{ .Global.Id }}-ingress-private
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]207 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]208 - host: hydra.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]209 paths:
210 - path: /
211 pathType: Prefix
212 tls:
213 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]214 - hydra.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]215 public:
216 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]217 className: {{ .Global.PCloudEnvName }}-ingress-public
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]218 annotations:
219 acme.cert-manager.io/http01-edit-in-place: "true"
220 cert-manager.io/cluster-issuer: {{ .Global.Id }}-public
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]221 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]222 - host: hydra.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]223 paths:
224 - path: /
225 pathType: Prefix
226 tls:
227 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]228 - hydra.{{ .Global.Domain }}
229 secretName: cert-hydra.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]230 secret:
231 enabled: true
232 maester:
233 enabled: false
234 hydraFullnameOverride: hydra
235 hydra-maester:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]236 fullnameOverride: {{ .Global.Id }}-hydra-maester
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]237 image:
238 repository: giolekva/ory-hydra-maester
239 tag: latest
240 pullPolicy: IfNotPresent
241 adminService:
242 name: hydra
243 port: 80
244 hydra:
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]245 automigration:
246 enabled: true
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]247 config:
248 version: v1.10.6
Giorgi Lekveishvili0c5b8be2023-05-31 14:15:52 +0400[diff] [blame^]249 dsn: postgres://hydra:hydra@postgres.lekva-core-auth.svc:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]250 serve:
251 cookies:
252 same_site_mode: None
253 public:
254 cors:
255 enabled: true
256 debug: false
257 allow_credentials: true
258 allowed_origins:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]259 - https://{{ .Global.Domain }}
260 - https://*.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]261 admin:
262 # host: localhost
263 cors:
264 allowed_origins:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]265 - https://hydra.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]266 tls:
267 allow_termination_from:
268 - 0.0.0.0/0
269 - 10.42.0.0/16
270 - 10.43.0.0/16
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]271 tls:
272 allow_termination_from:
273 - 0.0.0.0/0
274 - 10.42.0.0/16
275 - 10.43.0.0/16
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]276 urls:
277 self:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]278 public: https://hydra.{{ .Global.Domain }}
279 issuer: https://hydra.{{ .Global.Domain }}
280 consent: https://accounts-ui.{{ .Global.Domain }}/consent
281 login: https://accounts-ui.{{ .Global.Domain }}/login
282 logout: https://accounts-ui.{{ .Global.Domain }}/logout
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]283 secrets:
284 system:
285 - youReallyNeedToChangeThis
286 oidc:
287 subject_identifiers:
288 supported_types:
289 - pairwise
290 - public
291 pairwise:
292 salt: youReallyNeedToChangeThis
293 log:
294 level: trace
295 leak_sensitive_values: false
296 ui:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame]297 certificateIssuer: {{ .Global.Id }}-public
298 ingressClassName: {{ .Global.PCloudEnvName }}-ingress-public
299 domain: {{ .Global.Domain }}
300 internalDomain: p.{{ .Global.Domain }}