Newer
Older
---
apiVersion: v1
kind: ConfigMap
metadata:
name: stackspin-single-sign-on-values
data:
values.yaml: |
singleSignOnHost: &SSO_HOST "sso.${domain}"
login:
user: ${admin_email}
password: ${userbackend_admin_password}
db:
uri: single-sign-on-database
password: ${dashboard_postgresql_password}
# Watches the flux-system namespace because that is where the app
# installation secrets live
hydra:
config:
urls:
self:
issuer: "https://sso.${domain}"
login: "https://sso.${domain}/login/auth"
consent: "https://sso.${domain}/login/consent"
logout: "https://sso.${domain}/login/logout"
system:
- "${hydra_system_secret}"
dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-database-postgresql:5432/hydra"
ingress:
public:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
hosts:
- host: *SSO_HOST
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- *SSO_HOST
secretName: hydra-public.tls
admin:
enabled: false
dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-database-postgresql:5432/kratos"
serve:
public:
base_url: https://sso.${domain}/api/
courier:
smtp:
Maarten de Waard
committed
connection_uri: smtp://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password_urlencoded}@${outgoing_mail_smtp_host}:${outgoing_mail_smtp_port}/
from_address: ${outgoing_mail_from_address}
secrets:
session:
- "${kratos_session_secret}"
selfservice:
# The URL to redirect to if there is a call to kratos on another URL
# than the flows listed below
default_browser_return_url: https://sso.${domain}/login/login
flows:
recovery:
ui_url: https://sso.${domain}/login/recovery
login:
ui_url: https://sso.${domain}/login/login
settings:
ui_url: https://sso.${domain}/login/settings
# Registration is not (yet) possible, but if it will be, it should
# be on this link:
registration:
ui_url: https://sso.${domain}/login/registration