catalog/stable/firezone/2.3.0/ix_values.yaml

164 lines
5.9 KiB
YAML

image:
repository: firezone/firezone
pullPolicy: IfNotPresent
tag: 0.7.36@sha256:e44d84d836a4df35558944c3109ebc54beea9868fd0cec5db8dee78e57ff3f59
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
PUID: 0
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
service:
main:
ports:
main:
protocol: http
port: 13000
wireguard:
enabled: true
ports:
wireguard:
enabled: true
protocol: udp
port: 51820
firezone:
web:
external_url: "https://example.com"
trusted_proxies: []
private_clients: []
admin:
reset_admin_on_boot: false
default_email: "admin@email.com"
default_password: "1234567890"
devices:
allow_unprivileged_device_management: true
allow_unprivileged_device_config: true
vpn_session_duration: 0
client_persistent_keepalive: 25
default_client_mtu: 1280
client_endpoint: ""
client_dns:
- 1.1.1.1
- 1.0.0.1
client_allowed_ips:
- 0.0.0.0/0
max_devices_per_user: 10
authorization:
local_auth_enabled: true
disable_vpn_on_oidc_error: false
wireguard:
ipv4_masquerade_enabled: true
connectivity:
checks_enabled: true
checks_interval: 43200
other:
telemetry_enabled: false
workload:
main:
podSpec:
containers:
main:
env:
# web
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
EXTERNAL_URL: "{{ .Values.firezone.web.external_url }}"
PHOENIX_SECURE_COOKIES: "{{ .Values.firezone.web.secure_cookies }}"
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
PHOENIX_EXTERNAL_TRUSTED_PROXIES: "{{ toJson .Values.firezone.web.trusted_proxies }}"
PHOENIX_PRIVATE_CLIENTS: "{{ toJson .Values.firezone.web.private_clients }}"
# DB
DATABASE_HOST:
secretKeyRef:
name: cnpg-main-urls
key: host
DATABASE_PORT: 5432
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
DATABASE_PASSWORD:
secretKeyRef:
name: cnpg-main-user
key: password
# DATABASE_POOL_SIZE
DATABASE_SSL_ENABLED: false
# DATABASE_SSL_OPTS: "{}"
# Admin
RESET_ADMIN_ON_BOOT: "{{ .Values.firezone.admin.reset_admin_on_boot }}"
DEFAULT_ADMIN_EMAIL: "{{ .Values.firezone.admin.default_email }}"
DEFAULT_ADMIN_PASSWORD: "{{ .Values.firezone.admin.default_password }}"
# Secrets and Encryption
GUARDIAN_SECRET_KEY:
secretKeyRef:
name: firezone-secrets
key: GUARDIAN_SECRET_KEY
DATABASE_ENCRYPTION_KEY:
secretKeyRef:
name: firezone-secrets
key: DATABASE_ENCRYPTION_KEY
SECRET_KEY_BASE:
secretKeyRef:
name: firezone-secrets
key: SECRET_KEY_BASE
LIVE_VIEW_SIGNING_SALT:
secretKeyRef:
name: firezone-secrets
key: LIVE_VIEW_SIGNING_SALT
COOKIE_SIGNING_SALT:
secretKeyRef:
name: firezone-secrets
key: COOKIE_SIGNING_SALT
COOKIE_ENCRYPTION_SALT:
secretKeyRef:
name: firezone-secrets
key: COOKIE_ENCRYPTION_SALT
# Devices
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: "{{ .Values.firezone.devices.allow_unprivileged_device_management }}"
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: "{{ .Values.firezone.devices.allow_unprivileged_device_config }}"
VPN_SESSION_DURATION: "{{ .Values.firezone.devices.vpn_session_duration }}"
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: "{{ .Values.firezone.devices.client_persistent_keepalive }}"
DEFAULT_CLIENT_MTU: "{{ .Values.firezone.devices.default_client_mtu }}"
DEFAULT_CLIENT_ENDPOINT: "{{ .Values.firezone.devices.client_endpoint }}"
DEFAULT_CLIENT_DNS: '{{ join "," .Values.firezone.devices.client_dns }}'
DEFAULT_CLIENT_ALLOWED_IPS: '{{ join "," .Values.firezone.devices.client_allowed_ips }}'
# Limits
MAX_DEVICES_PER_USER: "{{ .Values.firezone.devices.max_devices_per_user }}"
# Authorization
LOCAL_AUTH_ENABLED: "{{ .Values.firezone.authorization.local_auth_enabled }}"
DISABLE_VPN_ON_OIDC_ERROR: "{{ .Values.firezone.authorization.disable_vpn_on_oidc_error }}"
# SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
# OPENID_CONNECT_PROVIDERS: "[]"
# SAML_IDENTITY_PROVIDERS: "[]"
# WireGuard
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
WIREGUARD_IPV4_ENABLED: true
WIREGUARD_IPV4_MASQUERADE: "{{ .Values.firezone.wireguard.ipv4_masquerade_enabled }}"
WIREGUARD_IPV6_ENABLED: false
WIREGUARD_IPV6_MASQUERADE: false
# Outbound Emails
# OUTBOUND_EMAIL_FROM: ""
# OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
# Connectivity Checks
CONNECTIVITY_CHECKS_ENABLED: "{{ .Values.firezone.connectivity.checks_enabled }}"
CONNECTIVITY_CHECKS_INTERVAL: "{{ .Values.firezone.connectivity.checks_interval }}"
# Telemetry
TELEMETRY_ENABLED: "{{ .Values.firezone.other.telemetry_enabled }}"
persistence:
config:
enabled: true
mountPath: "/var/firezone"
cnpg:
main:
enabled: true
user: firezone
database: firezone
portal:
open:
enabled: true