khuedoan-homelab/platform/kanidm/values.yaml

app-template:
  controllers:
    main:
      type: statefulset
      containers:
        main:
          image:
            repository: docker.io/kanidm/server
            tag: 1.1.0-rc.15
      statefulset:
        volumeClaimTemplates:
          - name: data
            size: 1Gi
            globalMounts:
              - path: /data
            accessMode: "ReadWriteOnce"
  configMaps:
    config:
      enabled: true
      data:
        server.toml: |
          bindaddress = "[::]:443"
          ldapbindaddress = "[::]:636"
          # trust_x_forward_for = false
          db_path = "/data/kanidm.db"
          tls_chain = "/data/ca.crt"
          tls_key = "/data/tls.key"
          domain = "auth.khuedoan.com"
          origin = "https://auth.khuedoan.com"
  service:
    main:
      ports:
        http:
          enabled: false
        https:
          port: 443
          protocol: HTTPS
        ldap:
          port: 636
          protocol: TCP
  ingress:
    main:
      enabled: true
      className: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
      hosts:
        - host: &host auth.khuedoan.com
          paths:
            - path: /
              pathType: Prefix
              service:
                name: main
                port: https
      tls:
        - hosts:
            - *host
          secretName: kanidm-tls-certificate
  persistence:
    config:
      enabled: true
      type: configMap
      name: kanidm-config
      globalMounts:
        - path: /data/server.toml
          subPath: server.toml
    tls:
      enabled: true
      type: secret
      name: kanidm-selfsigned-certificate
      globalMounts:
        - path: /data/ca.crt
          subPath: ca.crt
        - path: /data/tls.key
          subPath: tls.key
feat: install Kanidm for identity management 2023-12-31 12:35:23 +07:00			`app-template:`
			`controllers:`
			`main:`
			`type: statefulset`
			`containers:`
			`main:`
			`image:`
			`repository: docker.io/kanidm/server`
			`tag: 1.1.0-rc.15`
			`statefulset:`
			`volumeClaimTemplates:`
			`- name: data`
			`size: 1Gi`
			`globalMounts:`
			`- path: /data`
			`accessMode: "ReadWriteOnce"`
			`configMaps:`
			`config:`
			`enabled: true`
			`data:`
			`server.toml: \|`
			`bindaddress = "[::]:443"`
			`ldapbindaddress = "[::]:636"`
			`# trust_x_forward_for = false`
			`db_path = "/data/kanidm.db"`
			`tls_chain = "/data/ca.crt"`
			`tls_key = "/data/tls.key"`
			`domain = "auth.khuedoan.com"`
			`origin = "https://auth.khuedoan.com"`
			`service:`
			`main:`
			`ports:`
			`http:`
			`enabled: false`
			`https:`
			`port: 443`
			`protocol: HTTPS`
			`ldap:`
			`port: 636`
			`protocol: TCP`
			`ingress:`
			`main:`
			`enabled: true`
			`className: nginx`
			`annotations:`
			`cert-manager.io/cluster-issuer: letsencrypt-prod`
			`nginx.ingress.kubernetes.io/backend-protocol: HTTPS`
			`hosts:`
			`- host: &host auth.khuedoan.com`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`service:`
			`name: main`
			`port: https`
			`tls:`
			`- hosts:`
			`- *host`
			`secretName: kanidm-tls-certificate`
			`persistence:`
			`config:`
			`enabled: true`
			`type: configMap`
			`name: kanidm-config`
			`globalMounts:`
			`- path: /data/server.toml`
			`subPath: server.toml`
			`tls:`
			`enabled: true`
			`type: secret`
			`name: kanidm-selfsigned-certificate`
			`globalMounts:`
			`- path: /data/ca.crt`
			`subPath: ca.crt`
			`- path: /data/tls.key`
			`subPath: tls.key`