Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 3ca1f3fe3115fefc0dd06e8c2ce06bb37abc9016 / . / core / installer / values-tmpl / core-auth.yaml
blob: 5686659b3795b6d9ad49eb4a6d23bdeddd17a761 [file] [log] [blame]
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]1apiVersion: helm.toolkit.fluxcd.io/v2beta1
2kind: HelmRelease
3metadata:
4 name: core-auth
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]5 namespace: {{ .Global.NamespacePrefix }}core-auth
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]6spec:
7 chart:
8 spec:
9 chart: charts/auth
10 sourceRef:
11 kind: GitRepository
12 name: pcloud
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]13 namespace: {{ .Global.Id }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]14 dependsOn:
15 - name: core-auth-storage
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]16 namespace: {{ .Global.NamespacePrefix }}core-auth
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]17 interval: 1m0s
18 values:
19 kratos:
20 fullnameOverride: kratos
21 image:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]22 repository: oryd/kratos
23 tag: v0.13.0
24 pullPolicy: IfNotPresent
25 # repository: giolekva/ory-kratos
26 # tag: latest
27 # pullPolicy: Always
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]28 service:
29 admin:
30 enabled: true
31 type: ClusterIP
32 port: 80
33 name: http
34 public:
35 enabled: true
36 type: ClusterIP
37 port: 80
38 name: http
39 ingress:
40 admin:
41 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]42 className: {{ .Global.Id }}-ingress-private
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]43 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]44 - host: kratos.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]45 paths:
46 - path: /
47 pathType: Prefix
48 tls:
49 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]50 - kratos.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]51 public:
52 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]53 className: {{ .Global.PCloudEnvName }}-ingress-public
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]54 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]55 - host: accounts.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]56 paths:
57 - path: /
58 pathType: Prefix
59 tls:
60 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]61 - accounts.{{ .Global.Domain }}
62 secretName: cert-accounts.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]63 secret:
64 enabled: true
65 kratos:
66 autoMigrate: true
67 development: false
68 config:
69 version: v0.7.1-alpha.1
70 dsn: postgres://postgres:psswd@postgres:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
71 serve:
72 public:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]73 base_url: https://accounts.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]74 cors:
75 enabled: true
76 debug: false
77 allow_credentials: true
78 allowed_origins:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]79 - https://{{ .Global.Domain }}
80 - https://*.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]81 admin:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]82 base_url: https://kratos.p.{{ .Global.Domain }}/
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]83 selfservice:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]84 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]85 whitelisted_return_urls:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]86 - https://accounts-ui.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]87 methods:
88 password:
89 enabled: true
90 flows:
91 error:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]92 ui_url: https://accounts-ui.{{ .Global.Domain }}/error
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]93 settings:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]94 ui_url: https://accounts-ui.{{ .Global.Domain }}/settings
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]95 privileged_session_max_age: 15m
96 recovery:
97 enabled: false
98 verification:
99 enabled: false
100 logout:
101 after:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]102 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}/login
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]103 login:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]104 ui_url: https://accounts-ui.{{ .Global.Domain }}/login
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]105 lifespan: 10m
106 after:
107 password:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]108 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}/
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]109 registration:
110 lifespan: 10m
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]111 ui_url: https://accounts-ui.{{ .Global.Domain }}/registration
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]112 after:
113 password:
114 hooks:
115 -
116 hook: session
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]117 default_browser_return_url: https://accounts-ui.{{ .Global.Domain }}/
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]118 log:
119 level: debug
120 format: text
121 leak_sensitive_values: true
122 cookies:
123 path: /
124 same_site: None
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]125 domain: {{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]126 secrets:
127 cookie:
128 - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
129 # cipher:
130 # - 32-LONG-SECRET-NOT-SECURE-AT-ALL
131 # ciphers:
132 # algorithm: xchacha20-poly1305
133 hashers:
134 argon2:
135 parallelism: 1
136 memory: 128MB
137 iterations: 2
138 salt_length: 16
139 key_length: 16
140 identity:
141 default_schema_url: file:///etc/config/identity.schema.json
142 courier:
143 smtp:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]144 connection_uri: smtps://test-z1VmkYfYPjgdPRgPFgmeZ31esT9rUgS%40{{ .Global.Domain }}:iW%213Kk%5EPPLFrZa%24%21bbpTPN9Wv3b8mvwS6ZJvMLtce%23A2%2A4MotD@mx1.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]145 identitySchemas:
146 "identity.schema.json": |
147 {
148 "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
149 "$schema": "http://json-schema.org/draft-07/schema#",
150 "title": "User",
151 "type": "object",
152 "properties": {
153 "traits": {
154 "type": "object",
155 "properties": {
156 "username": {
157 "type": "string",
158 "format": "username",
159 "title": "Username",
160 "minLength": 3,
161 "ory.sh/kratos": {
162 "credentials": {
163 "password": {
164 "identifier": true
165 }
166 }
167 }
168 }
169 },
170 "additionalProperties": false
171 }
172 }
173 }
174 hydra:
175 fullnameOverride: hydra
176 image:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]177 repository: oryd/hydra
178 tag: v2.1.2
179 pullPolicy: IfNotPresent
180 # repository: giolekva/ory-hydra
181 # tag: latest
182 # pullPolicy: Always
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]183 service:
184 admin:
185 enabled: true
186 type: ClusterIP
187 port: 80
188 name: http
189 public:
190 enabled: true
191 type: ClusterIP
192 port: 80
193 name: http
194 ingress:
195 admin:
196 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]197 className: {{ .Global.Id }}-ingress-private
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]198 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]199 - host: hydra.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]200 paths:
201 - path: /
202 pathType: Prefix
203 tls:
204 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]205 - hydra.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]206 public:
207 enabled: true
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]208 className: {{ .Global.PCloudEnvName }}-ingress-public
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]209 hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]210 - host: hydra.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]211 paths:
212 - path: /
213 pathType: Prefix
214 tls:
215 - hosts:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]216 - hydra.{{ .Global.Domain }}
217 secretName: cert-hydra.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]218 secret:
219 enabled: true
220 maester:
221 enabled: false
222 hydraFullnameOverride: hydra
223 hydra-maester:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]224 fullnameOverride: {{ .Global.Id }}-hydra-maester
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]225 image:
226 repository: giolekva/ory-hydra-maester
227 tag: latest
228 pullPolicy: IfNotPresent
229 adminService:
230 name: hydra
231 port: 80
232 hydra:
233 autoMigrate: true
234 config:
235 version: v1.10.6
236 dsn: postgres://postgres:psswd@postgres:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
237 serve:
238 cookies:
239 same_site_mode: None
240 public:
241 cors:
242 enabled: true
243 debug: false
244 allow_credentials: true
245 allowed_origins:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]246 - https://{{ .Global.Domain }}
247 - https://*.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]248 admin:
249 # host: localhost
250 cors:
251 allowed_origins:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]252 - https://hydra.p.{{ .Global.Domain }}
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]253 tls:
254 allow_termination_from:
255 - 0.0.0.0/0
256 - 10.42.0.0/16
257 - 10.43.0.0/16
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]258 tls:
259 allow_termination_from:
260 - 0.0.0.0/0
261 - 10.42.0.0/16
262 - 10.43.0.0/16
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]263 urls:
264 self:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]265 public: https://hydra.{{ .Global.Domain }}
266 issuer: https://hydra.{{ .Global.Domain }}
267 consent: https://accounts-ui.{{ .Global.Domain }}/consent
268 login: https://accounts-ui.{{ .Global.Domain }}/login
269 logout: https://accounts-ui.{{ .Global.Domain }}/logout
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]270 secrets:
271 system:
272 - youReallyNeedToChangeThis
273 oidc:
274 subject_identifiers:
275 supported_types:
276 - pairwise
277 - public
278 pairwise:
279 salt: youReallyNeedToChangeThis
280 log:
281 level: trace
282 leak_sensitive_values: false
283 ui:
Giorgi Lekveishvili3ca1f3f2023-05-30 14:33:02 +0400[diff] [blame^]284 certificateIssuer: {{ .Global.Id }}-public
285 ingressClassName: {{ .Global.PCloudEnvName }}-ingress-public
286 domain: {{ .Global.Domain }}
287 internalDomain: p.{{ .Global.Domain }}