global: # All envs defined in global.usrEnv will be available across all services. usrEnvs: {} # normal: # variable1: value1 # secret: # variable4: value4 istio: ingress: false enabled: false namespace: istio-system alb: ingress: false cloud: testEnviroment: false upgrade: enabled: false storageClass: provisioner: k8s.io/minikube-hostpath parameters: {} #parameters: #type: #fsType: #storageAccountType: #kind: #pool: reclaimPolicy: Retain allowVolumeExpansion: true mountOptions: [debug] volumeBindingMode: WaitForFirstConsumer allowedTopologies: gcePdStorageType: pd-standard azureStorageAccountType: Standard_LRS azureStorageKind: Managed lbIp: "" domain: demoexample.gluu.org isDomainRegistered: "false" gluuPersistenceType: couchbase gluuJackrabbitCluster: "true" oxauth: enabled: true fido2: enabled: false scim: enabled: false config: enabled: true jackrabbit: enabled: true persistence: enabled: true oxtrust: enabled: true opendj: enabled: true oxshibboleth: enabled: false oxd-server: enabled: false nginx-ingress: enabled: true oxauth-key-rotation: enabled: false cr-rotate: enabled: false config: usrEnvs: {} # normal: # variable1: value1 # secret: # variable4: value4 orgName: Gluu email: support@gluu.com adminPass: P@ssw0rd ldapPass: P@ssw0rd redisPass: P@assw0rd countryCode: US state: TX city: Austin configmap: gluuOxdApplicationCertCn: oxd-server gluuOxdAdminCertCn: oxd-server gluuCouchbaseCrt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lKQUwyem5UWlREUHFNTUEwR0NTcUdTSWIzRFFFQkN3VUFNQzB4S3pBcEJnTlYKQkFNTUlpb3VZMkpuYkhWMUxtUmxabUYxYkhRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3TWpBMQpNRGt4T1RVeFdoY05NekF3TWpBeU1Ea3hPVFV4V2pBdE1Tc3dLUVlEVlFRRERDSXFMbU5pWjJ4MWRTNWtaV1poCmRXeDBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUIKQ2dLQ0FRRUFycmQ5T3lvSnRsVzhnNW5nWlJtL2FKWjJ2eUtubGU3dVFIUEw4Q2RJa1RNdjB0eHZhR1B5UkNQQgo3RE00RTFkLzhMaU5takdZZk41QjZjWjlRUmNCaG1VNmFyUDRKZUZ3c0x0cTFGT3MxaDlmWGo3d3NzcTYrYmlkCjV6Umw3UEE0YmdvOXVkUVRzU1UrWDJUUVRDc0dxVVVPWExrZ3NCMjI0RDNsdkFCbmZOeHcvYnFQa2ZCQTFxVzYKVXpxellMdHN6WE5GY0dQMFhtU3c4WjJuaFhhUGlva2pPT2dyMkMrbVFZK0htQ2xGUWRpd2g2ZjBYR0V0STMrKwoyMStTejdXRkF6RlFBVUp2MHIvZnk4TDRXZzh1YysvalgwTGQrc2NoQTlNQjh3YmJORUp2ZjNMOGZ5QjZ0cTd2CjF4b0FnL0g0S1dJaHdqSEN0dFVnWU1oU0xWV3UrUUlEQVFBQm80R2NNSUdaTUIwR0ExVWREZ1FXQkJTWmQxWU0KVGNIRVZjSENNUmp6ejczZitEVmxxREJkQmdOVkhTTUVWakJVZ0JTWmQxWU1UY0hFVmNIQ01Sanp6NzNmK0RWbApxS0V4cEM4d0xURXJNQ2tHQTFVRUF3d2lLaTVqWW1kc2RYVXVaR1ZtWVhWc2RDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlKQUwyem5UWlREUHFNTUF3R0ExVWRFd1FGTUFNQkFmOHdDd1lEVlIwUEJBUURBZ0VHTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQk9meTVWSHlKZCtWUTBXaUQ1aSs2cmhidGNpSmtFN0YwWVVVZnJ6UFN2YWVFWQp2NElVWStWOC9UNnE4Mk9vVWU1eCtvS2dzbFBsL01nZEg2SW9CRnVtaUFqek14RTdUYUhHcXJ5dk13Qk5IKzB5CnhadG9mSnFXQzhGeUlwTVFHTEs0RVBGd3VHRlJnazZMRGR2ZEN5NVdxWW1MQWdBZVh5VWNaNnlHYkdMTjRPUDUKZTFiaEFiLzRXWXRxRHVydFJrWjNEejlZcis4VWNCVTRLT005OHBZN05aaXFmKzlCZVkvOEhZaVQ2Q0RRWWgyTgoyK0VWRFBHcFE4UkVsRThhN1ZLL29MemlOaXFyRjllNDV1OU1KdjM1ZktmNUJjK2FKdWduTGcwaUZUYmNaT1prCkpuYkUvUENIUDZFWmxLaEFiZUdnendtS1dDbTZTL3g0TklRK2JtMmoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= gluuCouchbasePass: P@ssw0rd gluuCouchbaseSuperUserPass: P@ssw0rd gluuCouchbaseSuperUser: admin gluuCouchbaseUrl: cbgluu.default.svc.cluster.local gluuCouchbaseBucketPrefix: gluu gluuCouchbaseUser: gluu gluuCouchbaseIndexNumReplica: 0 gluuCouchbasePassFile: /etc/gluu/conf/couchbase_password gluuCouchbaseSuperUserPassFile: /etc/gluu/conf/couchbase_superuser_password gluuCouchbaseCertFile: /etc/certs/couchbase.crt gluuPersistenceLdapMapping: default gluuCacheType: NATIVE_PERSISTENCE gluuSyncShibManifests: false gluuSyncCasaManifests: false gluuMaxRamPercent: "75.0" configAdapterName: kubernetes containerMetadataName: kubernetes configSecretAdapter: kubernetes gluuRedisUrl: redis:6379 gluuRedisUseSsl: "false" gluuRedisType: STANDALONE gluuRedisSslTruststore: "" gluuRedisSentinelGroup: "" gluuOxtrustBackend: oxtrust:8080 gluuOxauthBackend: oxauth:8080 gluuOxdServerUrl: oxd-server:8443 gluuOxdBindIpAddresses: "*" gluuLdapUrl: opendj:1636 gluuJackrabbitPostgresUser: jackrabbit gluuJackrabbitPostgresPasswordFile: /etc/gluu/conf/postgres_password gluuJackrabbitPostgresDatabaseName: jackrabbit gluuJackrabbitPostgresHost: postgresql.postgres.svc.cluster.local gluuJackrabbitPostgresPort: 5432 gluuJackrabbitAdminId: admin gluuJackrabbitAdminPassFile: /etc/gluu/conf/jackrabbit_admin_password gluuJackrabbitSyncInterval: 300 gluuJackrabbitUrl: http://jackrabbit:8080 gluuJackrabbitAdminIdFile: /etc/gluu/conf/jackrabbit_admin_id gluuDocumentStoreType: JCA lbAddr: "" ldapServiceName: opendj gluuOxtrustApiEnabled: false gluuOxtrustApiTestMode: false gluuPassportEnabled: false # BELOW TEMP KEY TO BE REMOVED IN 4.3 gluuPassportFailureRedirectUrl: "" gluuCasaEnabled: false gluuRadiusEnabled: false gluuSamlEnabled: false image: repository: gluufederation/config-init tag: 4.2.3_03 pullSecrets: [] volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} resources: {} nginx-ingress: ingress: enabled: true path: / # -- Enable Admin UI endpoints /identity adminUiEnabled: true # -- Admin UI ingress resource labels. key app is taken. adminUiLabels: { } # -- Admin UI ingress resource additional annotations. adminUiAdditionalAnnotations: { } # -- Enable endpoint /.well-known/openid-configuration openidConfigEnabled: true # -- openid-configuration ingress resource labels. key app is taken openidConfigLabels: { } # -- openid-configuration ingress resource additional annotations. openidAdditionalAnnotations: { } # -- Enable endpoint /.well-known/uma2-configuration uma2ConfigEnabled: true # -- uma 2 config ingress resource labels. key app is taken uma2ConfigLabels: { } # -- uma2 config ingress resource additional annotations. uma2AdditionalAnnotations: { } # -- Enable endpoint /.well-known/webfinger webfingerEnabled: true # -- webfinger ingress resource labels. key app is taken webfingerLabels: { } # -- webfinger ingress resource additional annotations. webfingerAdditionalAnnotations: { } # -- Enable endpoint /.well-known/simple-web-discovery webdiscoveryEnabled: true # -- webdiscovery ingress resource labels. key app is taken webdiscoveryLabels: { } # -- webdiscovery ingress resource additional annotations. webdiscoveryAdditionalAnnotations: { } # -- Enable endpoint /.well-known/scim-configuration scimConfigEnabled: false # -- webdiscovery ingress resource labels. key app is taken scimConfigLabels: { } # -- SCIM config ingress resource additional annotations. scimConfigAdditionalAnnotations: { } # -- Enable SCIM endpoints /scim scimEnabled: false # -- scim config ingress resource labels. key app is taken scimLabels: { } # -- SCIM ingress resource additional annotations. scimAdditionalAnnotations: { } # -- Enable endpoint /.well-known/fido-configuration u2fConfigEnabled: true # -- u2f config ingress resource labels. key app is taken u2fConfigLabels: { } # -- u2f config ingress resource additional annotations. u2fAdditionalAnnotations: { } # -- Enable endpoint /.well-known/fido2-configuration fido2ConfigEnabled: false # -- fido2 config ingress resource labels. key app is taken fido2ConfigLabels: { } # -- fido2 config ingress resource additional annotations. fido2ConfigAdditionalAnnotations: { } # -- Enable all fido2 endpoints fido2Enabled: false # -- fido2 ingress resource labels. key app is taken fido2Labels: { } # -- Enable Auth server endpoints /oxauth authServerEnabled: true # -- Auth server config ingress resource labels. key app is taken authServerLabels: { } # -- Auth server ingress resource additional annotations. authServerAdditionalAnnotations: { } # -- Enable casa endpoints /casa casaEnabled: false # -- Casa ingress resource labels. key app is taken casaLabels: { } # -- Casa ingress resource additional annotations. casaAdditionalAnnotations: { } # -- Enable passport endpoints /idp passportEnabled: false # -- passport ingress resource labels. key app is taken. passportLabels: { } # -- passport ingress resource additional annotations. passportAdditionalAnnotations: { } # -- Enable shibboleth endpoints /idp shibEnabled: false # -- shibboleth ingress resource labels. key app is taken. shibLabels: { } # -- shibboleth ingress resource additional annotations. shibAdditionalAnnotations: { } # -- Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} additionalLabels: { } # -- Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken # Enable client certificate authentication # nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" # Create the secret containing the trusted ca certificates # nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" # Specify the verification depth in the client certificates chain # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" # Specify if certificates are passed to upstream server # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" additionalAnnotations: # Required annotation below kubernetes.io/ingress.class: "nginx" hosts: - demoexample.gluu.org tls: - secretName: tls-certificate # DON'T change hosts: - demoexample.gluu.org jackrabbit: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 # This id needs to be unique to each kubernetes cluster in a multi cluster setup # west, east, south, north, region ...etc If left empty it will be randomly generated. clusterId: "first" service: jackRabbitServiceName: jackrabbit replicas: 1 secrets: gluuJackrabbitAdminPass: admin gluuJackrabbitPostgresPass: P@ssw0rd storage: size: 5Gi image: repository: gluufederation/jackrabbit tag: 4.2.3_04 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 1500m memory: 1000Mi requests: cpu: 1500m memory: 1000Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} opendj: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 multiCluster: enabled: false serfAdvertiseAddrSuffix: "regionalldap.gluu.org" serfKey: Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk= # -- Serf peer addresses. One per cluster. serfPeers: - "gluu-opendj-regional-0-regional.gluu.org:30946" - "gluu-opendj-regional-0-regional.gluu.org:31946" # -- The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows # the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} # If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org replicaCount: 1 # -- This id needs to be unique to each kubernetes cluster in a multi cluster setup # west, east, south, north, region ...etc If left empty it will be randomly generated. clusterId: "" # -- Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. # Used when gluu is installed in the same kubernetes cluster more than once. namespaceIntId: 0 service: ldapServiceName: opendj replicas: 1 persistence: size: 5Gi image: repository: gluufederation/opendj tag: 4.2.3_02 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 1500m memory: 2000Mi requests: cpu: 1500m memory: 2000Mi ports: tcp-ldaps: port: 1636 targetPort: 1636 protocol: TCP nodePort: "" tcp-ldap: port: 1389 targetPort: 1389 protocol: TCP nodePort: "" tcp-repl: port: 8989 targetPort: 8989 protocol: TCP nodePort: "" tcp-admin: port: 4444 targetPort: 4444 protocol: TCP nodePort: "" tcp-serf: port: 7946 targetPort: 7946 protocol: TCP nodePort: "" udp-serf: port: 7946 targetPort: 7946 protocol: UDP nodePort: "" # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} persistence: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 image: repository: gluufederation/persistence tag: 4.2.3_03 pullPolicy: Always pullSecrets: [] resources: {} volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} oxauth: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: oxAuthServiceName: oxauth replicas: 1 image: repository: gluufederation/oxauth tag: 4.2.3_14 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 2500m memory: 2500Mi requests: cpu: 2500m memory: 2500Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} oxtrust: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: oxTrustServiceName: oxtrust replicas: 1 image: repository: gluufederation/oxtrust tag: 4.2.3_09 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 1000m memory: 1000Mi requests: cpu: 1000m memory: 1000Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} fido2: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: fido2ServiceName: fido2 replicas: 1 image: repository: gluufederation/fido2 tag: 4.2.3_06 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 500m memory: 500Mi requests: cpu: 500m memory: 500Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} scim: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: scimServiceName: scim replicas: 1 image: repository: gluufederation/scim tag: 4.2.3_08 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 1000m memory: 1000Mi requests: cpu: 1000m memory: 1000Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} oxd-server: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: oxdServerServiceName: oxd-server replicas: 1 image: repository: gluufederation/oxd-server tag: 4.2.3_04 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 1000m memory: 400Mi requests: cpu: 1000m memory: 400Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} casa: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: casaServiceName: casa replicas: 1 image: repository: gluufederation/casa tag: 4.2.3_08 pullPolicy: Always pullSecrets: [] resources: requests: memory: "500Mi" cpu: "500m" limits: memory: "500Mi" cpu: "500m" # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} oxpassport: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: oxPassportServiceName: oxpassport replicas: 1 image: repository: gluufederation/oxpassport tag: 4.2.3_06 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 700m memory: 900Mi requests: cpu: 700m memory: 900Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} oxshibboleth: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: oxShibbolethServiceName: oxshibboleth replicas: 1 image: repository: gluufederation/oxshibboleth tag: 4.2.3_14 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 1000m memory: 1000Mi requests: cpu: 1000m memory: 1000Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} radius: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: radiusServiceName: radius replicas: 1 image: repository: gluufederation/radius tag: 4.2.3_02 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 700m memory: 700Mi requests: cpu: 700m memory: 700Mi # livenessProbe: # initialDelaySeconds: 25 # readinessProbe: # initialDelaySeconds: 30 volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} cr-rotate: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 service: crRotateServiceName: cr-rotate image: repository: gluufederation/cr-rotate tag: 4.2.3_05 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 200m memory: 200Mi requests: cpu: 200m memory: 200Mi volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {} oxauth-key-rotation: #usrEnvs: # normal: # variable1: value1 # secret: # variable4: value4 keysLife: 48 image: repository: gluufederation/certmanager tag: 4.2.3_07 pullPolicy: Always pullSecrets: [] resources: limits: cpu: 300m memory: 300Mi requests: cpu: 300m memory: 300Mi volumes: [] # Configure any additional volumes that need to be attached to the pod volumeMounts: [] # Configure any additional volumesMounts that need to be attached to the containers dnsPolicy: "" dnsConfig: {}