# Single sign-on Single sign-on adds an Authentication server to your k8s cluster, that can be used by applications within your cluster and by external applications to log in your users. This chart also includes a minimalistic user-panel which can be used to create new users, assign roles to users and grant users access to applications. ## Prerequisites * Kubernetes 1.13+ with Beta APIs enabled * helm 2.14.3+ * ORY helm chart repository installed * `helm repo add ory https://k8s.ory.sh/helm/charts && helm repo update` ## Configuration You can configure the chart by changing the default values in the `./values.yaml` file. The following table lists the configurable parameters of the single sign-on chart and their default values. Values in **bold** letters need to be changed for Routing and TLS to work. | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------------- | ------------------------- | | `singleSignOnHost` | **FQDN of the openID Connect / oAuth2 server** | **sso.oas.example.net** | | `loginProviderImage.repository` | Name of image repository to be used for login provider | open.greenhost.net:4567/openappstack/single-sign-on/login_provider | | `loginProviderImage.tag` | Release version of login provider image | master | | `consentProviderImage.repository` | Name of image repository to be used for consent provider| open.greenhost.net:4567/openappstack/single-sign-on/consent_provider | | `consentProviderImage.tag` | Release version of consent provider image | master | | `userpanel.ingress.host` | **FQDN of the userpanel** | **admin.oas.example.net** | | `userpanel.oAuth.client_secret` | oAuth2 client secret | YouReallyNeedToChangeThis | | `userbackend.username` | Username of the admin user | admin | | `userbackend.password` | Password of the admin user | YouReallyNeedToChangeThis | | `userbackend.email` | Email address of the admin user | admin@example.net | | `userbackend.postgres.password` | Root pw of the psql DB | postgres | | `hydra.hydra.config.urls.self.issuer`| **Base URI of the oAuth server** | **https://sso.oas.example.net** | | `hydra.hydra.config.urls.login` | **URI that will be used for the login page** | **https://sso.oas.example.net/login** | | `hydra.hydra.config.urls.consent` | **URI that will be used for permission checks** | **https://sso.oas.example.net/consent** | | `hydra.hydra.config.secrets.system` | Secret that is used to generate secure tokens | YouReallyNeedToChangeThis | ## Installing and uninstalling the Chart To install the chart with the realease name `single-sign-on` first clone the repository, and then run helm install. ``` $ git clone https://open.greenhost.net/openappstack/single-sign-on $ cd single-sign-on/helmchart/single-sign-on/ $ helm install -n single-sign-on . ``` The last command will deploy the single sign-on components on your server and applies a default configuration. You should change the default configuration before running the command. The [configuration](#configuration) section lists all configuration parameters. In case you already ran the install command, you can uninstall the deployment by executing: ``` $ helm list # [OPTIONAL] - Lists all deployed releases $ helm delete single-sign-on --purge ``` > **WARNING**: Executing the `delete` command with the `purge` flag will delete all data that is related to the applications. Don't run this command in a production environment if you are not absolutely sure that you have a restorable backup of your data.