helm(minor): cleanup configmap, move secret_key to k8s secret
This commit is contained in:
Langhammer, Jens
parent
6d0ecd228e
commit
1018309413
|
|
@ -12,87 +12,5 @@ data:
|
||||||
host: "{{ .Release.Name }}-redis-master"
|
host: "{{ .Release.Name }}-redis-master"
|
||||||
cache_db: 0
|
cache_db: 0
|
||||||
message_queue_db: 1
|
message_queue_db: 1
|
||||||
|
|
||||||
# Error reporting, sends stacktrace to sentry.beryju.org
|
|
||||||
error_report_enabled: {{ .Values.config.error_reporting }}
|
error_report_enabled: {{ .Values.config.error_reporting }}
|
||||||
|
domain: ".{{ .Values.ingress.hosts[0] }}"
|
||||||
{{- if .Values.config.secret_key }}
|
|
||||||
secret_key: {{ .Values.config.secret_key }}
|
|
||||||
{{- else }}
|
|
||||||
secret_key: {{ randAlphaNum 50 }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
primary_domain: {{ .Values.primary_domain }}
|
|
||||||
domains:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
- kubernetes-healthcheck-host
|
|
||||||
|
|
||||||
passbook:
|
|
||||||
sign_up:
|
|
||||||
# Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
|
|
||||||
enabled: true
|
|
||||||
password_reset:
|
|
||||||
# Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
|
|
||||||
enabled: true
|
|
||||||
# Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
|
|
||||||
verification:
|
|
||||||
- email
|
|
||||||
# Text used in title, on login page and multiple other places
|
|
||||||
branding: passbook
|
|
||||||
login:
|
|
||||||
# Override URL used for logo
|
|
||||||
logo_url: null
|
|
||||||
# Override URL used for Background on Login page
|
|
||||||
bg_url: null
|
|
||||||
# Optionally add a subtext, placed below logo on the login page
|
|
||||||
subtext: null
|
|
||||||
footer:
|
|
||||||
links:
|
|
||||||
# Optionally add links to the footer on the login page
|
|
||||||
# - name: test
|
|
||||||
# href: https://test
|
|
||||||
# Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
|
|
||||||
uid_fields:
|
|
||||||
- username
|
|
||||||
- email
|
|
||||||
session:
|
|
||||||
remember_age: 2592000 # 60 * 60 * 24 * 30, one month
|
|
||||||
# Provider-specific settings
|
|
||||||
ldap:
|
|
||||||
# # Completely enable or disable LDAP provider
|
|
||||||
# enabled: false
|
|
||||||
# # AD Domain, used to generate `userPrincipalName`
|
|
||||||
# domain: corp.contoso.com
|
|
||||||
# # Base DN in which passbook should look for users
|
|
||||||
# base_dn: dn=corp,dn=contoso,dn=com
|
|
||||||
# # LDAP field which is used to set the django username
|
|
||||||
# username_field: sAMAccountName
|
|
||||||
# # LDAP server to connect to, can be set to `<domain_name>`
|
|
||||||
# server:
|
|
||||||
# name: corp.contoso.com
|
|
||||||
# use_tls: false
|
|
||||||
# # Bind credentials, used for account creation
|
|
||||||
# bind:
|
|
||||||
# username: Administraotr@corp.contoso.com
|
|
||||||
# password: VerySecurePassword!
|
|
||||||
# Which field from `uid_fields` maps to which LDAP Attribute
|
|
||||||
login_field_map:
|
|
||||||
username: sAMAccountName
|
|
||||||
email: mail # or userPrincipalName
|
|
||||||
user_attribute_map:
|
|
||||||
active_directory:
|
|
||||||
username: "%(sAMAccountName)s"
|
|
||||||
email: "%(mail)s"
|
|
||||||
name: "%(displayName)"
|
|
||||||
# # Create new users in LDAP upon sign-up
|
|
||||||
# create_users: true
|
|
||||||
# # Reset LDAP password when user reset their password
|
|
||||||
# reset_password: true
|
|
||||||
saml_idp:
|
|
||||||
signing: true
|
|
||||||
autosubmit: false
|
|
||||||
issuer: passbook
|
|
||||||
assertion_valid_for: 86400
|
|
||||||
# List of python packages with provider types to load.
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: {{ include "passbook.fullname" . }}-secret-key
|
||||||
|
data:
|
||||||
|
{{- if .Values.config.secret_key }}
|
||||||
|
secret_key: {{ .Values.config.secret_key | b64enc | quote }}
|
||||||
|
{{- else }}
|
||||||
|
secret_key: {{ randAlphaNum 50 | b64enc | quote}}
|
||||||
|
{{- end }}
|
||||||
|
|
@ -39,6 +39,11 @@ spec:
|
||||||
name: {{ include "passbook.fullname" . }}-config
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
prefix: PASSBOOK_
|
prefix: PASSBOOK_
|
||||||
env:
|
env:
|
||||||
|
- name: PASSBOOK_SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ include "passbook.fullname" . }}-secret-key
|
||||||
|
key: secret_key
|
||||||
- name: PASSBOOK_REDIS__PASSWORD
|
- name: PASSBOOK_REDIS__PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
@ -65,6 +70,11 @@ spec:
|
||||||
name: {{ include "passbook.fullname" . }}-config
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
prefix: PASSBOOK_
|
prefix: PASSBOOK_
|
||||||
env:
|
env:
|
||||||
|
- name: PASSBOOK_SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ include "passbook.fullname" . }}-secret-key
|
||||||
|
key: secret_key
|
||||||
- name: PASSBOOK_REDIS__PASSWORD
|
- name: PASSBOOK_REDIS__PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,11 @@ spec:
|
||||||
name: {{ include "passbook.fullname" . }}-config
|
name: {{ include "passbook.fullname" . }}-config
|
||||||
prefix: PASSBOOK_
|
prefix: PASSBOOK_
|
||||||
env:
|
env:
|
||||||
|
- name: PASSBOOK_SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ include "passbook.fullname" . }}-secret-key
|
||||||
|
key: secret_key
|
||||||
- name: PASSBOOK_REDIS__PASSWORD
|
- name: PASSBOOK_REDIS__PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
|
||||||
Reference in New Issue