113 lines
4 KiB
YAML
113 lines
4 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ include "passbook.fullname" . }}-config
|
|
data:
|
|
config.yml: |
|
|
postgresql:
|
|
host: "{{ .Release.Name }}-postgresql"
|
|
name: "{{ .Values.postgresql.postgresqlDatabase }}"
|
|
user: postgres
|
|
redis:
|
|
host: "{{ .Release.Name }}-redis-master"
|
|
cache_db: 0
|
|
message_queue_db: 1
|
|
|
|
# Error reporting, sends stacktrace to sentry.beryju.org
|
|
error_report_enabled: {{ .Values.config.error_reporting }}
|
|
|
|
{{- if .Values.config.secret_key }}
|
|
secret_key: {{ .Values.config.secret_key }}
|
|
{{- else }}
|
|
secret_key: {{ randAlphaNum 50 }}
|
|
{{- end }}
|
|
|
|
primary_domain: {{ .Values.primary_domain }}
|
|
domains:
|
|
{{- range .Values.ingress.hosts }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
- kubernetes-healthcheck-host
|
|
|
|
passbook:
|
|
sign_up:
|
|
# Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
|
|
enabled: true
|
|
password_reset:
|
|
# Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
|
|
enabled: true
|
|
# Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
|
|
verification:
|
|
- email
|
|
# Text used in title, on login page and multiple other places
|
|
branding: passbook
|
|
login:
|
|
# Override URL used for logo
|
|
logo_url: null
|
|
# Override URL used for Background on Login page
|
|
bg_url: null
|
|
# Optionally add a subtext, placed below logo on the login page
|
|
subtext: null
|
|
footer:
|
|
links:
|
|
# Optionally add links to the footer on the login page
|
|
# - name: test
|
|
# href: https://test
|
|
# Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
|
|
uid_fields:
|
|
- username
|
|
- email
|
|
session:
|
|
remember_age: 2592000 # 60 * 60 * 24 * 30, one month
|
|
# Provider-specific settings
|
|
ldap:
|
|
# # Completely enable or disable LDAP provider
|
|
# enabled: false
|
|
# # AD Domain, used to generate `userPrincipalName`
|
|
# domain: corp.contoso.com
|
|
# # Base DN in which passbook should look for users
|
|
# base_dn: dn=corp,dn=contoso,dn=com
|
|
# # LDAP field which is used to set the django username
|
|
# username_field: sAMAccountName
|
|
# # LDAP server to connect to, can be set to `<domain_name>`
|
|
# server:
|
|
# name: corp.contoso.com
|
|
# use_tls: false
|
|
# # Bind credentials, used for account creation
|
|
# bind:
|
|
# username: Administraotr@corp.contoso.com
|
|
# password: VerySecurePassword!
|
|
# Which field from `uid_fields` maps to which LDAP Attribute
|
|
login_field_map:
|
|
username: sAMAccountName
|
|
email: mail # or userPrincipalName
|
|
user_attribute_map:
|
|
active_directory:
|
|
username: "%(sAMAccountName)s"
|
|
email: "%(mail)s"
|
|
name: "%(displayName)"
|
|
# # Create new users in LDAP upon sign-up
|
|
# create_users: true
|
|
# # Reset LDAP password when user reset their password
|
|
# reset_password: true
|
|
oauth_client:
|
|
# List of python packages with sources types to load.
|
|
types:
|
|
- passbook.oauth_client.source_types.discord
|
|
- passbook.oauth_client.source_types.facebook
|
|
- passbook.oauth_client.source_types.github
|
|
- passbook.oauth_client.source_types.google
|
|
- passbook.oauth_client.source_types.reddit
|
|
- passbook.oauth_client.source_types.supervisr
|
|
- passbook.oauth_client.source_types.twitter
|
|
- passbook.oauth_client.source_types.azure_ad
|
|
saml_idp:
|
|
signing: true
|
|
autosubmit: false
|
|
issuer: passbook
|
|
assertion_valid_for: 86400
|
|
# List of python packages with provider types to load.
|
|
types:
|
|
- passbook.saml_idp.processors.generic
|
|
- passbook.saml_idp.processors.salesforce
|