|
|
|
|
@ -1,84 +0,0 @@
|
|
|
|
|
## Ingress settings
|
|
|
|
|
image:
|
|
|
|
|
repository: norishapp/norish
|
|
|
|
|
tag: "v0.13.6-beta"
|
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: true
|
|
|
|
|
className: "traefik"
|
|
|
|
|
annotations:
|
|
|
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
|
|
|
hosts:
|
|
|
|
|
- host: norish.tomik.lat
|
|
|
|
|
paths:
|
|
|
|
|
- path: /
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
tls:
|
|
|
|
|
- hosts:
|
|
|
|
|
- norish.tomik.lat
|
|
|
|
|
|
|
|
|
|
## Persistence settings
|
|
|
|
|
persistence:
|
|
|
|
|
enabled: true
|
|
|
|
|
storageClass: "longhorn"
|
|
|
|
|
accessMode: ReadWriteOnce
|
|
|
|
|
size: 5Gi
|
|
|
|
|
|
|
|
|
|
config:
|
|
|
|
|
# Application URL (required)
|
|
|
|
|
# This should match your ingress hostname
|
|
|
|
|
authUrl: "https://norish.tomik.lat"
|
|
|
|
|
|
|
|
|
|
# Master encryption key (required)
|
|
|
|
|
# Generate with: openssl rand -base64 32
|
|
|
|
|
# For production, use an existing Kubernetes Secret
|
|
|
|
|
masterKey:
|
|
|
|
|
existingSecret: "" # Name of existing Kubernetes secret
|
|
|
|
|
secretKey: "master-key" # Key in the secret where master key is stored
|
|
|
|
|
value: "cp6eVbe4ddmJxlJCJyux5Nlk39gbJR3M9mWjAqEon1c=" # Only used if existingSecret is not set (must be 32-byte base64)
|
|
|
|
|
|
|
|
|
|
# Authentication provider configuration
|
|
|
|
|
# Configure ONE provider for initial admin account creation
|
|
|
|
|
# After first login, manage additional providers via Settings → Admin
|
|
|
|
|
auth:
|
|
|
|
|
# OIDC/OAuth2 provider
|
|
|
|
|
oidc:
|
|
|
|
|
enabled: true
|
|
|
|
|
name: "Authentik"
|
|
|
|
|
issuer: "https://authentik.tomik.lat/application/o/norish/"
|
|
|
|
|
clientId: "tSQZSJDBs479OVLyEzwDYAVaVYJhQuaFouIRWHyg"
|
|
|
|
|
clientSecret: "SpCQGIhXXF9iVT6qc37ApPC8epy1ZhukDtPp6Ipy8XqI7HK4LQUJmsbNTGhLaz25rNgM3GUUDo0vqoGe4INiEjiPeQ4tpiokrvnjPQ2tXf8AFCiu79eyFttB7TCEdtfI"
|
|
|
|
|
|
|
|
|
|
# GitHub OAuth
|
|
|
|
|
github:
|
|
|
|
|
enabled: false
|
|
|
|
|
clientId: ""
|
|
|
|
|
clientSecret: ""
|
|
|
|
|
# Use existing secret for GitHub credentials
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
clientIdKey: "github-client-id"
|
|
|
|
|
clientSecretKey: "github-client-secret"
|
|
|
|
|
|
|
|
|
|
# Google OAuth
|
|
|
|
|
google:
|
|
|
|
|
enabled: false
|
|
|
|
|
clientId: ""
|
|
|
|
|
clientSecret: ""
|
|
|
|
|
# Use existing secret for Google credentials
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
clientIdKey: "google-client-id"
|
|
|
|
|
clientSecretKey: "google-client-secret"
|
|
|
|
|
|
|
|
|
|
## External PostgreSQL database configuration (REQUIRED)
|
|
|
|
|
## Norish requires a central PostgreSQL database
|
|
|
|
|
## You must have a PostgreSQL server available before deploying this chart
|
|
|
|
|
database:
|
|
|
|
|
# Database connection details
|
|
|
|
|
host: "postgres-cluster-pooler.dbs.svc.cluster.local" # Required: PostgreSQL server hostname
|
|
|
|
|
port: 5432
|
|
|
|
|
# Use existing secret for database credentials (recommended for production)
|
|
|
|
|
existingSecret: "norish3-db-credentials" # Name of existing Kubernetes secret
|
|
|
|
|
usernameKey: "username" # Key in the secret for database username
|
|
|
|
|
passwordKey: "password" # Key in the secret for database password
|
|
|
|
|
databaseKey: "database" # Key in the secret for database name (optional)
|
