-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9273f13
commit 3f83907
Showing
5 changed files
with
413 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,275 @@ | ||
| ingress: | ||
| admin: | ||
| enabled: true | ||
| className: "nginx" | ||
| annotations: | ||
| cert-manager.io/cluster-issuer: letsencrypt-prod | ||
| hosts: | ||
| - host: localhost | ||
| paths: | ||
| - path: "/admin/kratos/?(.*)" | ||
| pathType: ImplementationSpecific | ||
| tls: | ||
| - secretName: radar-base-tls | ||
| hosts: | ||
| - localhost | ||
| public: | ||
| enabled: true | ||
| className: "nginx" | ||
| annotations: | ||
| nginx.ingress.kubernetes.io/rewrite-target: /$1 | ||
| cert-manager.io/cluster-issuer: letsencrypt-prod | ||
| hosts: | ||
| - host: localhost | ||
| paths: | ||
| - path: "/kratos/?(.*)" | ||
| pathType: ImplementationSpecific | ||
| tls: | ||
| - secretName: kratos-public-tls | ||
| hosts: | ||
| - localhost | ||
|
|
||
| kratos: | ||
| development: false | ||
|
|
||
| # -- Enables database migration | ||
| automigration: | ||
| enabled: true | ||
| # -- Configure the way to execute database migration. Possible values: job, initContainer | ||
| # When set to job, the migration will be executed as a job on release or upgrade. | ||
| # When set to initContainer, the migration will be executed when Kratos pod is created | ||
| # Defaults to job | ||
| type: job | ||
| # -- Ability to override the entrypoint of the automigration container | ||
| # (e.g. to source dynamic secrets or export environment dynamic variables) | ||
| customCommand: [ ] | ||
| # -- Ability to override arguments of the entrypoint. Can be used in-depended of customCommand | ||
| # eg: | ||
| # - sleep 5; | ||
| # - kratos | ||
| customArgs: [ ] | ||
| # -- resource requests and limits for the automigration initcontainer | ||
| resources: { } | ||
|
|
||
| # -- You can add multiple identity schemas here. You can pass JSON schema using `--set-file` Helm CLI argument. | ||
| identitySchemas: | ||
| "identity.user.schema.json": | | ||
| { | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "$id": "user", | ||
| "title": "user", | ||
| "type": "object", | ||
| "properties": { | ||
| "traits": { | ||
| "type": "object", | ||
| "properties": { | ||
| "email": { | ||
| "type": "string", | ||
| "format": "email", | ||
| "title": "E-Mail", | ||
| "minLength": 5, | ||
| "ory.sh/kratos": { | ||
| "credentials": { | ||
| "password": { | ||
| "identifier": true | ||
| }, | ||
| "totp": { | ||
| "account_name": true | ||
| } | ||
| }, | ||
| "verification": { | ||
| "via": "email" | ||
| }, | ||
| "recovery": { | ||
| "via": "email" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "required": [ "email" ] | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } | ||
| "identity.default.schema.json": | | ||
| { | ||
| "$schema": "http://json-schema.org/draft-07/schema#", | ||
| "$id": "default", | ||
| "title": "user", | ||
| "type": "object", | ||
| "properties": { | ||
| "traits": { | ||
| "type": "object", | ||
| "properties": { | ||
| "email": { | ||
| "type": "string", | ||
| "format": "email", | ||
| "title": "E-Mail", | ||
| "minLength": 5, | ||
| "ory.sh/kratos": { | ||
| "credentials": { | ||
| "password": { | ||
| "identifier": true | ||
| }, | ||
| "totp": { | ||
| "account_name": true | ||
| } | ||
| }, | ||
| "verification": { | ||
| "via": "email" | ||
| }, | ||
| "recovery": { | ||
| "via": "email" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "required": [ "email" ] | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } | ||
| # -- You can customize the emails Kratos is sending (also uncomment config.courier.template_override_path below) | ||
| emailTemplates: { } | ||
| # emailTemplates: | ||
| # recovery: | ||
| # valid: | ||
| # subject: Recover access to your account | ||
| # body: |- | ||
| # Hi, please recover access to your account by clicking the following link: | ||
| # <a href="{{ .RecoveryURL }}">{{ .RecoveryURL }}</a> | ||
| # plainBody: |- | ||
| # Hi, please recover access to your account by clicking the following link: {{ .RecoveryURL }} | ||
| # invalid: | ||
| # subject: Account access attempted | ||
| # body: |- | ||
| # Hi, you (or someone else) entered this email address when trying to recover access to an account. | ||
| # However, this email address is not on our database of registered users and therefore the attempt has failed. If this was you, check if you signed up using a different address. If this was not you, please ignore this email. | ||
| # plainBody: |- | ||
| # Hi, you (or someone else) entered this email address when trying to recover access to an account. | ||
| # verification: | ||
| # valid: | ||
| # subject: Please verify your email address | ||
| # body: |- | ||
| # Hi, please verify your account by clicking the following link: | ||
| # <a href="{{ .VerificationURL }}">{{ .VerificationURL }}</a> | ||
| # plainBody: |- | ||
| # Hi, please verify your account by clicking the following link: {{ .VerificationURL }} | ||
| # invalid: | ||
| # subject: | ||
| # body: | ||
| # plainBody: | ||
|
|
||
| config: | ||
|
|
||
| session: | ||
| # Defines how long a session is active. Once that lifespan has been reached, the user needs to sign in again. | ||
| lifespan: 24h | ||
|
|
||
| cookie: | ||
| ##-- If false, cookie is removed when the browser is closed --## | ||
| persistent: false | ||
|
|
||
| courier: | ||
| smtp: | ||
| from_address: [email protected] | ||
|
|
||
| serve: | ||
| public: | ||
| base_url: https://localhost/kratos/ | ||
| cors: | ||
| enabled: true | ||
| allowed_origins: | ||
| - https://localhost/kratos-ui/ | ||
| allowed_methods: | ||
| - POST | ||
| - GET | ||
| - PUT | ||
| - PATCH | ||
| - DELETE | ||
| allowed_headers: | ||
| - Authorization | ||
| - Cookie | ||
| - Content-Type | ||
| - Accept | ||
| exposed_headers: | ||
| - Content-Type | ||
| - Set-Cookie | ||
| - Accept | ||
| allow_credentials: true | ||
| admin: | ||
| base_url: https://localhost/admin/kratos/ | ||
|
|
||
| selfservice: | ||
| default_browser_return_url: https://localhost/managementportal | ||
| allowed_return_urls: | ||
| - "https://localhost/" | ||
| - "http://localhost/" | ||
|
|
||
| methods: | ||
| password: | ||
| config: | ||
| haveibeenpwned_enabled: true | ||
| max_breaches: 0 | ||
| ignore_network_errors: false | ||
| min_password_length: 12 | ||
| identifier_similarity_check_enabled: true | ||
| enabled: true | ||
| totp: | ||
| config: | ||
| issuer: Radar | ||
| enabled: true | ||
| link: | ||
| enabled: true | ||
|
|
||
| flows: | ||
| error: | ||
| ui_url: https://localhost/kratos-ui/error | ||
|
|
||
| settings: | ||
| ui_url: https://localhost/kratos-ui/settings | ||
| required_aal: highest_available | ||
|
|
||
| recovery: | ||
| enabled: true | ||
| ui_url: https://localhost/kratos-ui/recovery | ||
| use: link | ||
|
|
||
| verification: | ||
| # our current flow necessitates that users reset their password after they activate an account in managementportal, | ||
| # this works as verification | ||
| ui_url: https://localhost/kratos-ui/verification | ||
| enabled: false | ||
| use: link | ||
| after: | ||
| default_browser_return_url: https://localhost/kratos-ui | ||
|
|
||
| logout: | ||
| after: | ||
| default_browser_return_url: https://localhost/kratos-ui/login | ||
|
|
||
| login: | ||
| ui_url: https://localhost/kratos-ui/login | ||
|
|
||
| registration: | ||
| ui_url: https://localhost/kratos-ui/registration | ||
| after: | ||
| password: | ||
| hooks: | ||
| - hook: session | ||
| oidc: | ||
| hooks: | ||
| - hook: session | ||
|
|
||
| identity: | ||
| default_schema_id: user | ||
| schemas: | ||
| # identitySchemas: | ||
| - id: user | ||
| url: file:///etc/config/identity.user.schema.json | ||
|
|
||
| log: | ||
| level: debug | ||
| format: text | ||
| leak_sensitive_values: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| config: | ||
| csrfCookieName: "radar_csrf" | ||
|
|
||
| ingress: | ||
| enabled: true | ||
| className: "nginx" | ||
| annotations: | ||
| nginx.ingress.kubernetes.io/rewrite-target: /$1 | ||
| cert-manager.io/cluster-issuer: letsencrypt-prod | ||
| hosts: | ||
| - host: localhost | ||
| paths: | ||
| - path: "/kratos-ui/?(.*)" | ||
| pathType: ImplementationSpecific | ||
| tls: | ||
| - secretName: radar-base-tls | ||
| hosts: | ||
| - localhost | ||
| # -- Set this to ORY Kratos's Admin URL | ||
| kratosAdminUrl: "kratos-admin" | ||
|
|
||
| # -- Set this to ORY Kratos's public URL | ||
| kratosPublicUrl: "https://localhost/kratos" | ||
|
|
||
| # -- Set this to ORY Kratos's public URL accessible from the outside world. | ||
| kratosBrowserUrl: "https://localhost/kratos" | ||
|
|
||
| # -- The basePath | ||
| basePath: "" | ||
|
|
||
| # -- The jwksUrl | ||
| jwksUrl: "" | ||
|
|
||
| projectName: "SecureApp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.