127 lines
3.6 KiB
YAML
127 lines
3.6 KiB
YAML
image:
|
|
repository: 2fauth/2fauth
|
|
pullPolicy: IfNotPresent
|
|
tag: 5.0.0@sha256:4845b8be5b6a2e40e29bb27dee36fffc746ef15b8c9e09f065dcae646c34182f
|
|
|
|
securityContext:
|
|
container:
|
|
readOnlyRootFilesystem: false
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
|
|
twofauth:
|
|
app:
|
|
name: 2FAuth
|
|
site_owner: mail@example.com
|
|
url: http://localhost:8000
|
|
session_lifetime: 120
|
|
trusted_proxies: []
|
|
mail:
|
|
driver: log
|
|
host: ""
|
|
port: 587
|
|
from: ""
|
|
user: ""
|
|
pass: ""
|
|
# TLS | STARTTLS | SSL
|
|
encryption: STARTTLS
|
|
from_name: 2FAuth
|
|
from_address: changeme@example.com
|
|
auth:
|
|
# web-guard | reverse-proxy-guard
|
|
guard: web-guard
|
|
# show if guard uses reverse-proxy-guard
|
|
proxy_header_for_user: ""
|
|
proxy_header_for_email: ""
|
|
proxy_logout_url: ""
|
|
webauthn:
|
|
name: 2FAuth
|
|
id: ""
|
|
icon: ""
|
|
# required | preferred | discouraged
|
|
user_verified: preferred
|
|
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
probes:
|
|
liveness:
|
|
path: /infos
|
|
readiness:
|
|
path: /infos
|
|
startup:
|
|
type: tcp
|
|
env:
|
|
# APP
|
|
APP_ENV: local
|
|
APP_KEY:
|
|
secretKeyRef:
|
|
name: twofauth-secret
|
|
key: APP_KEY
|
|
APP_NAME: "{{ .Values.twofauth.app.name }}"
|
|
SITE_OWNER: "{{ .Values.twofauth.app.site_owner }}"
|
|
APP_URL: "{{ .Values.twofauth.app.url }}"
|
|
SESSION_LIFETIME: "{{ .Values.twofauth.app.session_lifetime }}"
|
|
TRUSTED_PROXIES: '{{ join "," .Values.twofauth.app.trusted_proxies }}'
|
|
# MAIL
|
|
MAIL_DRIVER: "{{ .Values.twofauth.mail.driver }}"
|
|
MAIL_HOST: "{{ .Values.twofauth.mail.host }}"
|
|
MAIL_PORT: "{{ .Values.twofauth.mail.port }}"
|
|
MAIL_FROM: "{{ .Values.twofauth.mail.from }}"
|
|
MAIL_USERNAME: "{{ .Values.twofauth.mail.user }}"
|
|
MAIL_PASSWORD: "{{ .Values.twofauth.mail.pass }}"
|
|
MAIL_ENCRYPTION: "{{ .Values.twofauth.mail.encryption }}"
|
|
MAIL_FROM_NAME: "{{ .Values.twofauth.mail.from_name }}"
|
|
MAIL_FROM_ADDRESS: "{{ .Values.twofauth.mail.from_address }}"
|
|
# AUTH
|
|
AUTHENTICATION_GUARD: "{{ .Values.twofauth.auth.guard }}"
|
|
AUTH_PROXY_HEADER_FOR_USER: "{{ .Values.twofauth.auth.proxy_header_for_user }}"
|
|
AUTH_PROXY_HEADER_FOR_EMAIL: "{{ .Values.twofauth.auth.proxy_header_for_email }}"
|
|
PROXY_LOGOUT_URL: "{{ .Values.twofauth.auth.proxy_logout_url }}"
|
|
# WebAuthn:
|
|
WEBAUTHN_NAME: "{{ .Values.twofauth.webauthn.name }}"
|
|
WEBAUTHN_ID: "{{ .Values.twofauth.webauthn.id }}"
|
|
# Optional image data in BASE64 (128 bytes maximum) or an image url
|
|
WEBAUTHN_ICON: "{{ .Values.twofauth.webauthn.icon }}"
|
|
WEBAUTHN_USER_VERIFICATION: "{{ .Values.twofauth.webauthn.user_verified }}"
|
|
# Postgres
|
|
DB_CONNECTION: pgsql
|
|
DB_DATABASE: "{{ .Values.cnpg.main.database }}"
|
|
DB_USERNAME: "{{ .Values.cnpg.main.user }}"
|
|
DB_PORT: 5432
|
|
DB_HOST:
|
|
secretKeyRef:
|
|
name: cnpg-main-urls
|
|
key: host
|
|
DB_PASSWORD:
|
|
secretKeyRef:
|
|
name: cnpg-main-user
|
|
key: password
|
|
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
protocol: http
|
|
targetPort: 8000
|
|
port: 8000
|
|
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
mountPath: /2fauth
|
|
varrun:
|
|
enabled: false
|
|
|
|
cnpg:
|
|
main:
|
|
enabled: true
|
|
user: twofauth
|
|
database: twofauth
|
|
|
|
portal:
|
|
open:
|
|
enabled: true
|