Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / c77ec4286e32e4e9ef16971db802e77a868e4b62 / . / core / installer / values-tmpl / core-auth.yaml
blob: eb80745e7080a2e7b2d7e47ecda15e5f56158c83 [file] [log] [blame]
giolekva050609f2021-12-29 15:51:40 +0400[diff] [blame]1apiVersion: helm.toolkit.fluxcd.io/v2beta1
2kind: HelmRelease
3metadata:
4 name: core-auth
5 namespace: {{ .Values.NamespacePrefix }}core-auth
6spec:
7 chart:
8 spec:
9 chart: charts/auth
10 sourceRef:
11 kind: GitRepository
12 name: pcloud
13 namespace: {{ .Values.Id }}
14 dependsOn:
15 - name: core-auth-storage
16 namespace: {{ .Values.NamespacePrefix }}core-auth
17 interval: 1m0s
18 values:
19 kratos:
20 fullnameOverride: kratos
21 image:
22 repository: giolekva/ory-kratos
23 tag: latest
24 pullPolicy: Always
25 service:
26 admin:
27 enabled: true
28 type: ClusterIP
29 port: 80
30 name: http
31 public:
32 enabled: true
33 type: ClusterIP
34 port: 80
35 name: http
36 ingress:
37 admin:
38 enabled: true
39 className: {{ .Values.Id }}-ingress-private
40 hosts:
41 - host: kratos.p.{{ .Values.Domain }}
42 paths:
43 - path: /
44 pathType: Prefix
45 tls:
46 - hosts:
47 - kratos.p.{{ .Values.Domain }}
48 public:
49 enabled: true
50 className: {{ .Values.PCloudEnvName }}-ingress-public
51 hosts:
52 - host: accounts.{{ .Values.Domain }}
53 paths:
54 - path: /
55 pathType: Prefix
56 tls:
57 - hosts:
58 - accounts.{{ .Values.Domain }}
59 secretName: cert-accounts.{{ .Values.Domain }}
60 secret:
61 enabled: true
62 kratos:
63 autoMigrate: true
64 development: false
65 config:
66 version: v0.7.1-alpha.1
67 dsn: postgres://postgres:psswd@postgres:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
68 serve:
69 public:
70 base_url: https://accounts.{{ .Values.Domain }}
71 cors:
72 enabled: true
73 debug: false
74 allow_credentials: true
75 allowed_origins:
76 - https://{{ .Values.Domain }}
77 - https://*.{{ .Values.Domain }}
78 admin:
79 base_url: https://kratos.p.{{ .Values.Domain }}/
80 selfservice:
81 default_browser_return_url: https://accounts-ui.{{ .Values.Domain }}
82 whitelisted_return_urls:
83 - https://accounts-ui.{{ .Values.Domain }}
84 methods:
85 password:
86 enabled: true
87 flows:
88 error:
89 ui_url: https://accounts-ui.{{ .Values.Domain }}/error
90 settings:
91 ui_url: https://accounts-ui.{{ .Values.Domain }}/settings
92 privileged_session_max_age: 15m
93 recovery:
94 enabled: false
95 verification:
96 enabled: false
97 logout:
98 after:
99 default_browser_return_url: https://accounts-ui.{{ .Values.Domain }}/login
100 login:
101 ui_url: https://accounts-ui.{{ .Values.Domain }}/login
102 lifespan: 10m
103 after:
104 password:
105 default_browser_return_url: https://accounts-ui.{{ .Values.Domain }}/
106 registration:
107 lifespan: 10m
108 ui_url: https://accounts-ui.{{ .Values.Domain }}/registration
109 after:
110 password:
111 hooks:
112 -
113 hook: session
114 default_browser_return_url: https://accounts-ui.{{ .Values.Domain }}/
115 log:
116 level: debug
117 format: text
118 leak_sensitive_values: true
119 cookies:
120 path: /
121 same_site: None
122 domain: {{ .Values.Domain }}
123 secrets:
124 cookie:
125 - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
126 # cipher:
127 # - 32-LONG-SECRET-NOT-SECURE-AT-ALL
128 # ciphers:
129 # algorithm: xchacha20-poly1305
130 hashers:
131 argon2:
132 parallelism: 1
133 memory: 128MB
134 iterations: 2
135 salt_length: 16
136 key_length: 16
137 identity:
138 default_schema_url: file:///etc/config/identity.schema.json
139 courier:
140 smtp:
141 connection_uri: smtps://test-z1VmkYfYPjgdPRgPFgmeZ31esT9rUgS%40{{ .Values.Domain }}:iW%213Kk%5EPPLFrZa%24%21bbpTPN9Wv3b8mvwS6ZJvMLtce%23A2%2A4MotD@mx1.{{ .Values.Domain }}
142 identitySchemas:
143 "identity.schema.json": |
144 {
145 "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
146 "$schema": "http://json-schema.org/draft-07/schema#",
147 "title": "User",
148 "type": "object",
149 "properties": {
150 "traits": {
151 "type": "object",
152 "properties": {
153 "username": {
154 "type": "string",
155 "format": "username",
156 "title": "Username",
157 "minLength": 3,
158 "ory.sh/kratos": {
159 "credentials": {
160 "password": {
161 "identifier": true
162 }
163 }
164 }
165 }
166 },
167 "additionalProperties": false
168 }
169 }
170 }
171 hydra:
172 fullnameOverride: hydra
173 image:
174 repository: giolekva/ory-hydra
175 tag: latest
176 pullPolicy: Always
177 service:
178 admin:
179 enabled: true
180 type: ClusterIP
181 port: 80
182 name: http
183 public:
184 enabled: true
185 type: ClusterIP
186 port: 80
187 name: http
188 ingress:
189 admin:
190 enabled: true
191 className: {{ .Values.Id }}-ingress-private
192 hosts:
193 - host: hydra.p.{{ .Values.Domain }}
194 paths:
195 - path: /
196 pathType: Prefix
197 tls:
198 - hosts:
199 - hydra.p.{{ .Values.Domain }}
200 public:
201 enabled: true
202 className: {{ .Values.PCloudEnvName }}-ingress-public
203 hosts:
204 - host: hydra.{{ .Values.Domain }}
205 paths:
206 - path: /
207 pathType: Prefix
208 tls:
209 - hosts:
210 - hydra.{{ .Values.Domain }}
211 secretName: cert-hydra.{{ .Values.Domain }}
212 secret:
213 enabled: true
214 maester:
215 enabled: false
216 hydraFullnameOverride: hydra
217 hydra-maester:
218 fullnameOverride: {{ .Values.Id }}-hydra-maester
219 image:
220 repository: giolekva/ory-hydra-maester
221 tag: latest
222 pullPolicy: IfNotPresent
223 adminService:
224 name: hydra
225 port: 80
226 hydra:
227 autoMigrate: true
228 config:
229 version: v1.10.6
230 dsn: postgres://postgres:psswd@postgres:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
231 serve:
232 cookies:
233 same_site_mode: None
234 public:
235 cors:
236 enabled: true
237 debug: false
238 allow_credentials: true
239 allowed_origins:
240 - https://{{ .Values.Domain }}
241 - https://*.{{ .Values.Domain }}
242 admin:
243 # host: localhost
244 cors:
245 allowed_origins:
246 - https://hydra.p.{{ .Values.Domain }}
247 tls:
248 allow_termination_from:
249 - 0.0.0.0/0
250 - 10.42.0.0/16
251 - 10.43.0.0/16
252 - {{ .Values.LighthouseMainIP }}/32
253 tls:
254 allow_termination_from:
255 - 0.0.0.0/0
256 - 10.42.0.0/16
257 - 10.43.0.0/16
258 - {{ .Values.LighthouseMainIP }}/32
259 urls:
260 self:
261 public: https://hydra.{{ .Values.Domain }}
262 issuer: https://hydra.{{ .Values.Domain }}
263 consent: https://accounts-ui.{{ .Values.Domain }}/consent
264 login: https://accounts-ui.{{ .Values.Domain }}/login
265 logout: https://accounts-ui.{{ .Values.Domain }}/logout
266 secrets:
267 system:
268 - youReallyNeedToChangeThis
269 oidc:
270 subject_identifiers:
271 supported_types:
272 - pairwise
273 - public
274 pairwise:
275 salt: youReallyNeedToChangeThis
276 log:
277 level: trace
278 leak_sensitive_values: false
279 ui:
280 certificateIssuer: {{ .Values.Id }}-public
281 ingressClassName: {{ .Values.PCloudEnvName }}-ingress-public
282 domain: {{ .Values.Domain }}
283 internalDomain: p.{{ .Values.Domain }}
284 nebula:
285 lighthouse:
286 name: ui-lighthouse
287 internalIP: {{ .Values.LighthouseMainIP }}
288 externalIP: {{ .Values.PublicIP }}
289 port: "{{ .Values.LighthouseMainPort }}"
290 node:
291 name: ui
292 ipCidr: {{ .Values.LighthouseAuthUIIP }}/24
293 secretName: node-ui-cert
294 certificateAuthority:
295 name: {{ .Values.Id }}
296 namespace: {{ .Values.NamespacePrefix }}ingress-private