Newer
Older
<< : &IMAGE_DEFAULTS_SSO { tag: "0.2.0", pullPolicy: "Always" }
repository: "open.greenhost.net:4567/openappstack/single-sign-on/consent_provider"
loginProviderImage:
<< : *IMAGE_DEFAULTS_SSO
repository: "open.greenhost.net:4567/openappstack/single-sign-on/login_provider"
singleSignOnHost: &SSO_HOST "sso.{{ domain }}"
userpanel:
<< : &IMAGE_DEFAULTS_USER_PANEL { tag: "1.2.0", pullPolicy: "Always" }
repository: "open.greenhost.net:4567/openappstack/user-panel/frontend"
ingress:
host: "admin.{{ domain }}"
userbackend:
image:
<< : *IMAGE_DEFAULTS_USER_PANEL
repository: "open.greenhost.net:4567/openappstack/user-panel/backend"
applications:
- name: *USER_PANEL
description: Administration interface to manage user accounts
- name: &NEXTCLOUD nextcloud
description: "Nextcloud Files offers an on-premise Universal File Access and sync platform with powerful collaboration capabilities and desktop, mobile and web interfaces."
- name: &WORDPRESS wordpress
description: "WordPress website hosting."
- name: &GRAFANA grafana
description: "Grafana allows you to query, visualize, alert on and understand metrics generated by OpenAppStack. It can be used to create explore and share dashboards."
username: "{{ userbackend_admin_username }}"
password: "{{ userbackend_admin_password }}"
email: "{{ userbackend_admin_email }}"
postgresImage: postgres
postgresTag: 11
postgresPullPolicy: Always
postgresPassword: "{{ userbackend_postgres_password }}"
persistence:
hydra:
hydra:
config:
urls:
self:
issuer: "https://sso.{{ domain }}"
login: "https://sso.{{ domain }}/login"
consent: "https://sso.{{ domain }}/consent"
secrets:
system: "{{ hydra_system_secret }}"
ingress:
public:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
hosts:
- host: *SSO_HOST
paths: ["/"]
tls:
- hosts:
- *SSO_HOST
secretName: hydra-public.tls
admin:
enabled: false
oAuthClients:
- clientName: *USER_PANEL
clientSecret: "{{ userpanel_oauth_client_secret }}"
redirectUri: "https://admin.{{ domain }}/callback"
scopes: "openid profile email openappstack_roles"
clientUri: "https://admin.{{ domain }}"
clientLogoUri: "https://admin.{{ domain }}/favicon.ico"
tokenEndpointAuthMethod: "client_secret_basic"
responseTypes:
- "token"
grantTypes:
- "implicit"
- clientName: *NEXTCLOUD
clientSecret: "{{ nextcloud_oauth_client_secret }}"
redirectUri: "https://files.{{ domain }}/apps/sociallogin/custom_oidc/oas"
scopes: "openid profile email openappstack_roles"
clientUri: "https://files.{{ domain }}"
clientLogoUri: "https://files.{{ domain }}/core/img/favicon-touch.png"
tokenEndpointAuthMethod: "client_secret_post"
responseTypes:
- "code"
- "id_token"
grantTypes:
- "authorization_code"
- "refresh_token"
- "client_credentials"
- clientName: *WORDPRESS
clientSecret: "{{ wordpress_oauth_client_secret }}"
redirectUri: "https://www.{{ domain }}/wp-admin/admin-ajax.php?action=openid-connect-authorize"
scopes: "openid profile email openappstack_roles offline_access"
clientUri: "https://www.{{ domain }}"
clientLogoUri: "https://www.{{ domain }}/wp-admin/images/wordpress-logo.svg"
tokenEndpointAuthMethod: "client_secret_post"
- "authorization_code"
- "refresh_token"
- "client_credentials"
- clientName: *GRAFANA
clientSecret: "{{ grafana_oauth_client_secret }}"
redirectUri: "https://grafana.{{ domain }}/login/generic_oauth"
scopes: "openid profile email openappstack_roles"
clientUri: "https://grafana.{{ domain }}"
clientLogoUri: "https://grafana.{{ domain }}/public/img/grafana_icon.svg"
tokenEndpointAuthMethod: "client_secret_post"
responseTypes:
- "code"
- "id_token"
grantTypes:
- "authorization_code"
- "refresh_token"
- "client_credentials"