127 lines
3.6 KiB
YAML
127 lines
3.6 KiB
YAML
|
image:
|
||
|
repository: 2fauth/2fauth
|
||
|
pullPolicy: IfNotPresent
|
||
|
tag: 5.0.4@sha256:d76532e680bd5bc4306672f41d4af8cf7fd97d928fd780e7c664c8b2276e8a34
|
||
|
|
||
|
securityContext:
|
||
|
container:
|
||
|
readOnlyRootFilesystem: false
|
||
|
runAsUser: 1000
|
||
|
runAsGroup: 1000
|
||
|
|
||
|
twofauth:
|
||
|
app:
|
||
|
name: 2FAuth
|
||
|
site_owner: mail@example.com
|
||
|
url: http://localhost:8000
|
||
|
session_lifetime: 120
|
||
|
trusted_proxies: []
|
||
|
mail:
|
||
|
driver: log
|
||
|
host: ""
|
||
|
port: 587
|
||
|
from: ""
|
||
|
user: ""
|
||
|
pass: ""
|
||
|
# TLS | STARTTLS | SSL
|
||
|
encryption: STARTTLS
|
||
|
from_name: 2FAuth
|
||
|
from_address: changeme@example.com
|
||
|
auth:
|
||
|
# web-guard | reverse-proxy-guard
|
||
|
guard: web-guard
|
||
|
# show if guard uses reverse-proxy-guard
|
||
|
proxy_header_for_user: ""
|
||
|
proxy_header_for_email: ""
|
||
|
proxy_logout_url: ""
|
||
|
webauthn:
|
||
|
name: 2FAuth
|
||
|
id: ""
|
||
|
icon: ""
|
||
|
# required | preferred | discouraged
|
||
|
user_verified: preferred
|
||
|
|
||
|
workload:
|
||
|
main:
|
||
|
podSpec:
|
||
|
containers:
|
||
|
main:
|
||
|
probes:
|
||
|
liveness:
|
||
|
path: /infos
|
||
|
readiness:
|
||
|
path: /infos
|
||
|
startup:
|
||
|
type: tcp
|
||
|
env:
|
||
|
# APP
|
||
|
APP_ENV: local
|
||
|
APP_KEY:
|
||
|
secretKeyRef:
|
||
|
name: twofauth-secret
|
||
|
key: APP_KEY
|
||
|
APP_NAME: "{{ .Values.twofauth.app.name }}"
|
||
|
SITE_OWNER: "{{ .Values.twofauth.app.site_owner }}"
|
||
|
APP_URL: "{{ .Values.twofauth.app.url }}"
|
||
|
SESSION_LIFETIME: "{{ .Values.twofauth.app.session_lifetime }}"
|
||
|
TRUSTED_PROXIES: '{{ join "," .Values.twofauth.app.trusted_proxies }}'
|
||
|
# MAIL
|
||
|
MAIL_DRIVER: "{{ .Values.twofauth.mail.driver }}"
|
||
|
MAIL_HOST: "{{ .Values.twofauth.mail.host }}"
|
||
|
MAIL_PORT: "{{ .Values.twofauth.mail.port }}"
|
||
|
MAIL_FROM: "{{ .Values.twofauth.mail.from }}"
|
||
|
MAIL_USERNAME: "{{ .Values.twofauth.mail.user }}"
|
||
|
MAIL_PASSWORD: "{{ .Values.twofauth.mail.pass }}"
|
||
|
MAIL_ENCRYPTION: "{{ .Values.twofauth.mail.encryption }}"
|
||
|
MAIL_FROM_NAME: "{{ .Values.twofauth.mail.from_name }}"
|
||
|
MAIL_FROM_ADDRESS: "{{ .Values.twofauth.mail.from_address }}"
|
||
|
# AUTH
|
||
|
AUTHENTICATION_GUARD: "{{ .Values.twofauth.auth.guard }}"
|
||
|
AUTH_PROXY_HEADER_FOR_USER: "{{ .Values.twofauth.auth.proxy_header_for_user }}"
|
||
|
AUTH_PROXY_HEADER_FOR_EMAIL: "{{ .Values.twofauth.auth.proxy_header_for_email }}"
|
||
|
PROXY_LOGOUT_URL: "{{ .Values.twofauth.auth.proxy_logout_url }}"
|
||
|
# WebAuthn:
|
||
|
WEBAUTHN_NAME: "{{ .Values.twofauth.webauthn.name }}"
|
||
|
WEBAUTHN_ID: "{{ .Values.twofauth.webauthn.id }}"
|
||
|
# Optional image data in BASE64 (128 bytes maximum) or an image url
|
||
|
WEBAUTHN_ICON: "{{ .Values.twofauth.webauthn.icon }}"
|
||
|
WEBAUTHN_USER_VERIFICATION: "{{ .Values.twofauth.webauthn.user_verified }}"
|
||
|
# Postgres
|
||
|
DB_CONNECTION: pgsql
|
||
|
DB_DATABASE: "{{ .Values.cnpg.main.database }}"
|
||
|
DB_USERNAME: "{{ .Values.cnpg.main.user }}"
|
||
|
DB_PORT: 5432
|
||
|
DB_HOST:
|
||
|
secretKeyRef:
|
||
|
name: cnpg-main-urls
|
||
|
key: host
|
||
|
DB_PASSWORD:
|
||
|
secretKeyRef:
|
||
|
name: cnpg-main-user
|
||
|
key: password
|
||
|
|
||
|
service:
|
||
|
main:
|
||
|
ports:
|
||
|
main:
|
||
|
protocol: http
|
||
|
targetPort: 8000
|
||
|
port: 8000
|
||
|
|
||
|
persistence:
|
||
|
config:
|
||
|
enabled: true
|
||
|
mountPath: /2fauth
|
||
|
varrun:
|
||
|
enabled: false
|
||
|
|
||
|
cnpg:
|
||
|
main:
|
||
|
enabled: true
|
||
|
user: twofauth
|
||
|
database: twofauth
|
||
|
|
||
|
portal:
|
||
|
open:
|
||
|
enabled: true
|