Fix broken dependencies in helm chart and allow using existing secrets in the chart (#18941)

* Add ability to specify an existing Secret (#18139)

Closes #18139

* Allow using secrets with external postgres

* Upgrade CronJob to batch/v1

* Allow using redis.auth.existingSecret

* Helmignore mastodon-*.tgz for easy local development

* Upgrade helm dependencies

* Upgrade postgresql to 11

* Allow putting SMTP password into a secret

* Add optional login to SMTP secret

This to allow setting LOGIN either in values.yaml or
in the secret.

* Switch to bitnami charts full archive

This prevents older versions from disappearing, see
https://github.com/bitnami/charts/issues/10539 for
full context.

Co-authored-by: Ted Tramonte <ted.tramonte@gmail.com>
This commit is contained in:
Alex Nordlund 2022-08-10 17:12:58 +02:00 committed by GitHub
parent d48bceaad7
commit e237efdb4e
15 changed files with 183 additions and 125 deletions

View File

@ -21,3 +21,4 @@
.idea/ .idea/
*.tmproj *.tmproj
.vscode/ .vscode/
mastodon-*.tgz

View File

@ -1,12 +1,12 @@
dependencies: dependencies:
- name: elasticsearch - name: elasticsearch
repository: https://charts.bitnami.com/bitnami repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 15.10.3 version: 19.0.1
- name: postgresql - name: postgresql
repository: https://charts.bitnami.com/bitnami repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 8.10.14 version: 11.1.3
- name: redis - name: redis
repository: https://charts.bitnami.com/bitnami repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
version: 10.9.0 version: 16.13.2
digest: sha256:f5c57108f7768fd16391c1a050991c7809f84a640cca308d7d24d87379d04000 digest: sha256:17ea58a3264aa22faff18215c4269f47dabae956d0df273c684972f356416193
generated: "2021-08-05T08:01:01.457727804Z" generated: "2022-08-08T21:44:18.0195364+02:00"

View File

@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.2.1 version: 2.0.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
@ -24,13 +24,13 @@ appVersion: 3.3.0
dependencies: dependencies:
- name: elasticsearch - name: elasticsearch
version: 15.10.3 version: 19.0.1
repository: https://charts.bitnami.com/bitnami repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
condition: elasticsearch.enabled condition: elasticsearch.enabled
- name: postgresql - name: postgresql
version: 8.10.14 version: 11.1.3
repository: https://charts.bitnami.com/bitnami repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
condition: postgresql.enabled condition: postgresql.enabled
- name: redis - name: redis
version: 10.9.0 version: 16.13.2
repository: https://charts.bitnami.com/bitnami repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami

View File

@ -77,3 +77,53 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- define "mastodon.postgresql.fullname" -}} {{- define "mastodon.postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/*
Get the mastodon secret.
*/}}
{{- define "mastodon.secretName" -}}
{{- if .Values.mastodon.secrets.existingSecret }}
{{- printf "%s" (tpl .Values.mastodon.secrets.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the postgresql secret.
*/}}
{{- define "mastodon.postgresql.secretName" -}}
{{- if (and (or .Values.postgresql.enabled .Values.postgresql.postgresqlHostname) .Values.postgresql.auth.existingSecret) }}
{{- printf "%s" (tpl .Values.postgresql.auth.existingSecret $) -}}
{{- else if .Values.postgresql.enabled -}}
{{- printf "%s-postgresql" (tpl .Release.Name $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the redis secret.
*/}}
{{- define "mastodon.redis.secretName" -}}
{{- if .Values.redis.auth.existingSecret }}
{{- printf "%s" (tpl .Values.redis.auth.existingSecret $) -}}
{{- else if .Values.redis.existingSecret }}
{{- printf "%s" (tpl .Values.redis.existingSecret $) -}}
{{- else -}}
{{- printf "%s-redis" (tpl .Release.Name $) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a mastodon secret object should be created
*/}}
{{- define "mastodon.createSecret" -}}
{{- if (or
(and .Values.mastodon.s3.enabled (not .Values.mastodon.s3.existingSecret))
(not .Values.mastodon.secrets.existingSecret )
(and (not .Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret))
) -}}
{{- true -}}
{{- end -}}
{{- end -}}

View File

@ -10,14 +10,14 @@ data:
{{- else }} {{- else }}
DB_HOST: {{ .Values.postgresql.postgresqlHostname }} DB_HOST: {{ .Values.postgresql.postgresqlHostname }}
{{- end }} {{- end }}
DB_NAME: {{ .Values.postgresql.postgresqlDatabase }} DB_NAME: {{ .Values.postgresql.auth.database }}
DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }} DB_POOL: {{ .Values.mastodon.sidekiq.concurrency | quote }}
DB_PORT: "5432" DB_PORT: "5432"
DB_USER: {{ .Values.postgresql.postgresqlUsername }} DB_USER: {{ .Values.postgresql.auth.username }}
DEFAULT_LOCALE: {{ .Values.mastodon.locale }} DEFAULT_LOCALE: {{ .Values.mastodon.locale }}
{{- if .Values.elasticsearch.enabled }} {{- if .Values.elasticsearch.enabled }}
ES_ENABLED: "true" ES_ENABLED: "true"
ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master ES_HOST: {{ template "mastodon.elasticsearch.fullname" . }}-master-hl
ES_PORT: "9200" ES_PORT: "9200"
{{- end }} {{- end }}
LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }} LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}

View File

@ -1,5 +1,5 @@
{{ if .Values.mastodon.cron.removeMedia.enabled }} {{ if .Values.mastodon.cron.removeMedia.enabled }}
apiVersion: batch/v1beta1 apiVersion: batch/v1
kind: CronJob kind: CronJob
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-media-remove name: {{ include "mastodon.fullname" . }}-media-remove
@ -49,21 +49,17 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}

View File

@ -70,22 +70,31 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
{{- if .Values.mastodon.smtp.existingSecret }}
- name: "SMTP_LOGIN"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }}
key: login
optional: true
- name: "SMTP_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .Values.mastodon.smtp.existingSecret }}
key: password
{{- end -}}
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}
volumeMounts: volumeMounts:
- name: assets - name: assets

View File

@ -43,16 +43,12 @@ spec:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }} value: {{ .Values.mastodon.streaming.port | quote }}

View File

@ -56,21 +56,17 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}

View File

@ -50,21 +50,17 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}

View File

@ -51,21 +51,17 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}

View File

@ -56,21 +56,17 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}

View File

@ -50,21 +50,17 @@ spec:
- configMapRef: - configMapRef:
name: {{ include "mastodon.fullname" . }}-env name: {{ include "mastodon.fullname" . }}-env
- secretRef: - secretRef:
name: {{ template "mastodon.fullname" . }} name: {{ template "mastodon.secretName" . }}
env: env:
- name: "DB_PASS" - name: "DB_PASS"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if .Values.postgresql.enabled }} name: {{ template "mastodon.postgresql.secretName" . }}
name: {{ .Release.Name }}-postgresql key: password
{{- else }}
name: {{ template "mastodon.fullname" . }}
{{- end }}
key: postgresql-password
- name: "REDIS_PASSWORD" - name: "REDIS_PASSWORD"
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-redis name: {{ template "mastodon.redis.secretName" . }}
key: redis-password key: redis-password
- name: "PORT" - name: "PORT"
value: {{ .Values.mastodon.web.port | quote }} value: {{ .Values.mastodon.web.port | quote }}

View File

@ -1,3 +1,4 @@
{{- if (include "mastodon.createSecret" .) }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -7,9 +8,12 @@ metadata:
type: Opaque type: Opaque
data: data:
{{- if .Values.mastodon.s3.enabled }} {{- if .Values.mastodon.s3.enabled }}
{{- if not .Values.mastodon.s3.existingSecret }}
AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}" AWS_ACCESS_KEY_ID: "{{ .Values.mastodon.s3.access_key | b64enc }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}" AWS_SECRET_ACCESS_KEY: "{{ .Values.mastodon.s3.access_secret | b64enc }}"
{{- end }} {{- end }}
{{- end }}
{{- if not .Values.mastodon.secrets.existingSecret }}
{{- if not (empty .Values.mastodon.secrets.secret_key_base) }} {{- if not (empty .Values.mastodon.secrets.secret_key_base) }}
SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}" SECRET_KEY_BASE: "{{ .Values.mastodon.secrets.secret_key_base | b64enc }}"
{{- else }} {{- else }}
@ -30,6 +34,10 @@ data:
{{- else }} {{- else }}
VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }} VAPID_PUBLIC_KEY: {{ required "vapid.public_key is required" .Values.mastodon.secrets.vapid.public_key }}
{{- end }} {{- end }}
{{- if not .Values.postgresql.enabled }}
postgresql-password: "{{ .Values.postgresql.postgresqlPassword | b64enc }}"
{{- end }} {{- end }}
{{- if not .Values.postgresql.enabled }}
{{- if not .Values.postgresql.auth.existingSecret }}
postgresql-password: "{{ .Values.postgresql.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end -}}

View File

@ -48,6 +48,9 @@ mastodon:
enabled: false enabled: false
access_key: "" access_key: ""
access_secret: "" access_secret: ""
# you can also specify the name of an existing Secret
# with keys AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
existingSecret: ""
bucket: "" bucket: ""
endpoint: https://us-east-1.linodeobjects.com endpoint: https://us-east-1.linodeobjects.com
hostname: us-east-1.linodeobjects.com hostname: us-east-1.linodeobjects.com
@ -61,6 +64,10 @@ mastodon:
vapid: vapid:
private_key: "" private_key: ""
public_key: "" public_key: ""
# you can also specify the name of an existing Secret
# with keys SECRET_KEY_BASE and OTP_SECRET and
# VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
existingSecret: ""
sidekiq: sidekiq:
concurrency: 25 concurrency: 25
smtp: smtp:
@ -70,13 +77,16 @@ mastodon:
domain: domain:
enable_starttls_auto: true enable_starttls_auto: true
from_address: notifications@example.com from_address: notifications@example.com
login:
openssl_verify_mode: peer openssl_verify_mode: peer
password:
port: 587 port: 587
reply_to: reply_to:
server: smtp.mailgun.org server: smtp.mailgun.org
tls: false tls: false
login:
password:
# you can also specify the name of an existing Secret
# with the keys login and password
existingSecret:
streaming: streaming:
port: 4000 port: 4000
# this should be set manually since os.cpus() returns the number of CPUs on # this should be set manually since os.cpus() returns the number of CPUs on
@ -127,18 +137,26 @@ postgresql:
# must match those of that external postgres instance # must match those of that external postgres instance
enabled: true enabled: true
# postgresqlHostname: preexisting-postgresql # postgresqlHostname: preexisting-postgresql
postgresqlDatabase: mastodon_production auth:
# you must set a password; the password generated by the postgresql chart will database: mastodon_production
# be rotated on each upgrade: username: postgres
# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade # you must set a password; the password generated by the postgresql chart will
postgresqlPassword: "" # be rotated on each upgrade:
postgresqlUsername: postgres # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
password: ""
# you can also specify the name of an existing Secret
# with a key of postgres-password set to the password you want
existingSecret: ""
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis: redis:
# you must set a password; the password generated by the redis chart will be # you must set a password; the password generated by the redis chart will be
# rotated on each upgrade: # rotated on each upgrade:
password: "" password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# auth:
# existingSecret: ""
service: service:
type: ClusterIP type: ClusterIP
@ -157,45 +175,45 @@ externalAuth:
# client_secret: SECRETKEY # client_secret: SECRETKEY
# redirect_uri: https://example.com/auth/auth/openid_connect/callback # redirect_uri: https://example.com/auth/auth/openid_connect/callback
# assume_email_is_verified: true # assume_email_is_verified: true
# client_auth_method: # client_auth_method:
# response_type: # response_type:
# response_mode: # response_mode:
# display: # display:
# prompt: # prompt:
# send_nonce: # send_nonce:
# send_scope_to_token_endpoint: # send_scope_to_token_endpoint:
# idp_logout_redirect_uri: # idp_logout_redirect_uri:
# http_scheme: # http_scheme:
# host: # host:
# port: # port:
# jwks_uri: # jwks_uri:
# auth_endpoint: # auth_endpoint:
# token_endpoint: # token_endpoint:
# user_info_endpoint: # user_info_endpoint:
# end_session_endpoint: # end_session_endpoint:
saml: saml:
enabled: false enabled: false
# acs_url: http://mastodon.example.com/auth/auth/saml/callback # acs_url: http://mastodon.example.com/auth/auth/saml/callback
# issuer: mastodon # issuer: mastodon
# idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml
# idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----'
# idp_cert_fingerprint: # idp_cert_fingerprint:
# name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
# cert: # cert:
# private_key: # private_key:
# want_assertion_signed: true # want_assertion_signed: true
# want_assertion_encrypted: true # want_assertion_encrypted: true
# assume_email_is_verified: true # assume_email_is_verified: true
# uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1"
# attributes_statements: # attributes_statements:
# uid: "urn:oid:0.9.2342.19200300.100.1.1" # uid: "urn:oid:0.9.2342.19200300.100.1.1"
# email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
# full_name: "urn:oid:2.16.840.1.113730.3.1.241" # full_name: "urn:oid:2.16.840.1.113730.3.1.241"
# first_name: "urn:oid:2.5.4.42" # first_name: "urn:oid:2.5.4.42"
# last_name: "urn:oid:2.5.4.4" # last_name: "urn:oid:2.5.4.4"
# verified: # verified:
# verified_email: # verified_email:
oauth_global: oauth_global:
# Force redirect local login to CAS. Does not function with SAML or LDAP. # Force redirect local login to CAS. Does not function with SAML or LDAP.
oauth_redirect_at_sign_in: false oauth_redirect_at_sign_in: false
cas: cas:
@ -204,15 +222,15 @@ externalAuth:
# host: sso.myserver.com # host: sso.myserver.com
# port: 443 # port: 443
# ssl: true # ssl: true
# validate_url: # validate_url:
# callback_url: # callback_url:
# logout_url: # logout_url:
# login_url: # login_url:
# uid_field: 'user' # uid_field: 'user'
# ca_path: # ca_path:
# disable_ssl_verification: false # disable_ssl_verification: false
# assume_email_is_verified: true # assume_email_is_verified: true
# keys: # keys:
# uid: 'user' # uid: 'user'
# name: 'name' # name: 'name'
# email: 'email' # email: 'email'
@ -222,7 +240,7 @@ externalAuth:
# location: 'location' # location: 'location'
# image: 'image' # image: 'image'
# phone: 'phone' # phone: 'phone'
pam: pam:
enabled: false enabled: false
# email_domain: example.com # email_domain: example.com
# default_service: rpam # default_service: rpam
@ -232,9 +250,9 @@ externalAuth:
# host: myservice.namespace.svc # host: myservice.namespace.svc
# port: 389 # port: 389
# method: simple_tls # method: simple_tls
# base: # base:
# bind_on: # bind_on:
# password: # password:
# uid: cn # uid: cn
# mail: mail # mail: mail
# search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))"