mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-25 02:16:08 +07:00
77 lines
1.8 KiB
YAML
77 lines
1.8 KiB
YAML
app-template:
|
|
controllers:
|
|
main:
|
|
type: statefulset
|
|
containers:
|
|
main:
|
|
image:
|
|
repository: docker.io/kanidm/server
|
|
tag: 1.1.0-rc.15
|
|
statefulset:
|
|
volumeClaimTemplates:
|
|
- name: data
|
|
size: 1Gi
|
|
globalMounts:
|
|
- path: /data
|
|
accessMode: "ReadWriteOnce"
|
|
configMaps:
|
|
config:
|
|
enabled: true
|
|
data:
|
|
server.toml: |
|
|
bindaddress = "[::]:443"
|
|
ldapbindaddress = "[::]:636"
|
|
# trust_x_forward_for = false
|
|
db_path = "/data/kanidm.db"
|
|
tls_chain = "/data/ca.crt"
|
|
tls_key = "/data/tls.key"
|
|
domain = "auth.khuedoan.com"
|
|
origin = "https://auth.khuedoan.com"
|
|
service:
|
|
main:
|
|
ports:
|
|
http:
|
|
enabled: false
|
|
https:
|
|
port: 443
|
|
protocol: HTTPS
|
|
ldap:
|
|
port: 636
|
|
protocol: TCP
|
|
ingress:
|
|
main:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
|
hosts:
|
|
- host: &host auth.khuedoan.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
service:
|
|
name: main
|
|
port: https
|
|
tls:
|
|
- hosts:
|
|
- *host
|
|
secretName: kanidm-tls-certificate
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
type: configMap
|
|
name: kanidm-config
|
|
globalMounts:
|
|
- path: /data/server.toml
|
|
subPath: server.toml
|
|
tls:
|
|
enabled: true
|
|
type: secret
|
|
name: kanidm-selfsigned-certificate
|
|
globalMounts:
|
|
- path: /data/ca.crt
|
|
subPath: ca.crt
|
|
- path: /data/tls.key
|
|
subPath: tls.key
|