# Common configuration shared between components common: # Common secrets and configurations authorizer: clientId: "ac56c81d4d6d95c0ac12" clientSecret: "6add4bc64f394456a77fa85708ad8c9b67e39e4c" identity: # Default values # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 revisionHistoryLimit: 10 name: "plugin-access-manager-identity" description: "Identity plugin for Midaz" image: # -- Repository for the container image repository: ghcr.io/lerianstudio/plugin-identity # -- Image pull policy pullPolicy: Always # -- Image tag used for deployment tag: "2.1.1" # -- Secrets for pulling images from a private registry imagePullSecrets: - name: regcred # -- Overrides the default generated name by Helm nameOverride: "" # -- Overrides the full name generated by Helm fullnameOverride: "" ingress: # -- Enable or disable ingress enabled: false # -- Ingress class name className: "" # -- Additional ingress annotations annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix # -- TLS configuration for ingress tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local service: # -- Kubernetes service type type: ClusterIP # -- Service port port: 4001 deploymentStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 podSecurityContext: {} # fsGroup: 2000 securityContext: # -- Defines the group ID for the user running the process inside the container runAsGroup: 1000 # -- Defines the user ID for the process running inside the container runAsUser: 1000 # -- Ensures the process does not run as root runAsNonRoot: true capabilities: drop: - ALL # -- Defines the root filesystem as read-only readOnlyRootFilesystem: true pdb: # -- Enable or disable PodDisruptionBudget enabled: true # -- Maximum number of unavailable pods maxUnavailable: 1 # -- Minimum number of available pods minAvailable: 0 # -- Annotations for PodDisruptionBudget annotations: {} resources: # -- CPU and memory limits for pods limits: cpu: 200m memory: 256Mi # -- Minimum CPU and memory requests requests: cpu: 100m memory: 128Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 1 # -- Maximum number of replicas maxReplicas: 3 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # -- Node selector for scheduling pods on specific nodes nodeSelector: {} # -- Tolerations for scheduling on tainted nodes tolerations: {} # -- Affinity rules for pod scheduling affinity: {} # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: midaz.io/owner # operator: In # values: # - midaz # podAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # - labelSelector: # matchExpressions: [] # topologyKey: kubernetes.io/hostname # -- ConfigMap for environment variables and configurations # -- All environment variables are declared in the templates/configmap.yaml # @default -- templates/identity/configmap.yaml configmap: # -- Default Environment ENV_NAME: "development" AUTH_ENABLED: "true" AUTH_PORT: "4000" AUTH_ADDRESS: "http://plugin-access-manager-auth:4000" AUTHORIZER_CLIENT_ID: "{{ .Values.common.authorizer.clientId }}" # -- Extra environment variables extraEnvVars: {} # -- Secrets for storing sensitive data # -- All secrets are declared in the templates/secrets.yaml # @default -- templates/identity/secrets.yaml secrets: AUTHORIZER_CLIENT_SECRET: "{{ .Values.common.authorizer.clientSecret }}" LICENSE_KEY: "" ORGANIZATION_IDS: "" useExistingSecret: false existingSecretName: "" auth: # Default values # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 3 revisionHistoryLimit: 10 name: "plugin-access-manager-auth" image: # -- Repository for the console service container image repository: ghcr.io/lerianstudio/plugin-auth # -- Image pull policy pullPolicy: Always # -- Image tag used for deployment tag: "2.4.4" # -- Secrets for pulling images from a private registry imagePullSecrets: - name: regcred # -- Overrides the default generated name by Helm nameOverride: "" # -- Overrides the full name generated by Helm fullnameOverride: "" # -- Overrides the full name generated by Helm namespaceOverride: "" ingress: # -- Enable or disable ingress enabled: false # -- Ingress class name className: "" # -- Additional ingress annotations annotations: {} hosts: - host: "" paths: - path: / pathType: Prefix # -- TLS configuration for ingress tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local service: # -- Kubernetes service type type: ClusterIP # -- Service port port: 4000 deploymentStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 podSecurityContext: {} # fsGroup: 2000 securityContext: {} # # -- Defines the group ID for the user running the process inside the container # runAsGroup: 1000 # # -- Defines the user ID for the process running inside the container # runAsUser: 1000 # # -- Ensures the process does not run as root # runAsNonRoot: true # capabilities: # drop: # - ALL # # -- Defines the root filesystem as read-only # readOnlyRootFilesystem: false pdb: # -- Enable or disable PodDisruptionBudget enabled: true # -- Maximum number of unavailable pods maxUnavailable: 1 # -- Minimum number of available pods minAvailable: 0 # -- Annotations for PodDisruptionBudget annotations: {} resources: # -- CPU and memory limits for pods limits: cpu: 1 memory: 756Mi # -- Minimum CPU and memory requests requests: cpu: 500m memory: 256Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 3 # -- Maximum number of replicas maxReplicas: 9 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 # -- Node selector for scheduling pods on specific nodes nodeSelector: {} # -- Tolerations for scheduling on tainted nodes tolerations: {} # -- Affinity rules for pod scheduling affinity: {} # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: # - matchExpressions: # - key: midaz.io/owner # operator: In # values: # - midaz # podAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # - labelSelector: # matchExpressions: [] # topologyKey: kubernetes.io/hostname # -- ConfigMap for environment variables and configurations # @default -- templates/auth/configmap.yaml configmap: # -- Default Environment variables for the postgres DB_USER: "auth" DB_HOST: "plugin-access-manager-auth-database" DB_PORT: 5432 DB_NAME: "casdoor" DB_SSLMODE: "disable" # -- Default Environment ENV_NAME: "development" # -- Default Redis Settings REDIS_HOST: "plugin-access-manager-valkey-primary" REDIS_PORT: 6379 REDIS_USER: "auth" AUTHORIZER_CLIENT_ID: "ac56c81d4d6d95c0ac12" # -- Extra environment variables extraEnvVars: {} # -- Secrets for storing sensitive data # @default -- templates/auth/secrets.yaml secrets: DB_PASSWORD: "lerian" AUTHORIZER_CLIENT_SECRET: "6add4bc64f394456a77fa85708ad8c9b67e39e4c" REDIS_PASSWORD: "lerian" LICENSE_KEY: "" ORGANIZATION_IDS: "" useExistingSecret: false existingSecretName: "" backend: replicaCount: 1 revisionHistoryLimit: 10 name: "plugin-access-manager-auth-backend" # -- Whether to create database on startup (requires CREATEDB permission) createDatabase: true image: # -- Repository for the auth backend (casdoor) container image repository: ghcr.io/lerianstudio/casdoor # -- Image pull policy pullPolicy: Always # -- Image tag used for deployment tag: "latest" resources: limits: cpu: 512m memory: 2048Mi requests: cpu: 256m memory: 1024Mi autoscaling: # -- Enable or disable horizontal pod autoscaling enabled: true # -- Minimum number of replicas minReplicas: 1 # -- Maximum number of replicas maxReplicas: 3 # -- Target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 migrations: image: # -- Repository for the casdoor-migrations container image repository: ghcr.io/lerianstudio/casdoor-migrations # -- Image pull policy pullPolicy: Always # -- Image tag used for deployment tag: "latest" # -- Init User Job configuration # -- Creates admin user on FIRST INSTALL ONLY (not on upgrades) # -- If the admin user is deleted by the customer, it will NOT be recreated initUser: # -- Enable or disable the init user job enabled: true image: # -- Repository for the casdoor-user-init container image repository: ghcr.io/lerianstudio/casdoor-user-init # -- Image pull policy pullPolicy: Always # -- Image tag used for deployment tag: "latest" # -- Admin user email (default: admin@midaz.tech) adminEmail: "admin@midaz.tech" # -- Admin user display name adminDisplayName: "Admin" # -- Admin password (will be stored in a secret) # -- IMPORTANT: Change this in production! adminPassword: "" # -- Use existing secret for admin password instead of creating one # -- IMPORTANT: If set to true, adminPasswordSecretName MUST be specified useExistingSecret: false # -- Name of the existing secret containing ADMIN_PASSWORD # -- REQUIRED when useExistingSecret is true # -- The secret must exist in the same namespace and contain the key specified in adminPasswordSecretKey adminPasswordSecretName: "" # -- Key in the secret containing the admin password adminPasswordSecretKey: "ADMIN_PASSWORD" # -- Timeout waiting for Casdoor to be ready (in seconds) casdoorTimeout: 120 # -- Timeout waiting for user table to exist (in seconds) tableTimeout: 60 # -- Resources for the init user job resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi auth-database: # Database dependency for identity and access management. # For more details, refer to the documentation: # https://docs.lerian.studio/docs/midaz-security#identity-management-with-casdoor enabled: true global: security: allowInsecureImages: true image: repository: bitnamisecure/postgresql tag: "latest" auth: enabled: true enablePostgresUser: false username: "auth" password: "lerian" database: "casdoor" primary: persistence: size: 8Gi resourcesPreset: large extendedConfiguration: | shared_buffers = 2GB max_wal_senders = 20 wal_keep_size = 512MB max_replication_slots = 20 extraEnvVars: - name: POSTGRESQL_WAL_LEVEL value: "logical" - name: POSTGRESQL_HOST_STANDBY value: "on" - name: POSTGRESQL_MAX_CONNECTIONS value: "500" - name: POSTGRESQL_TCP_KEEPALIVES_IDLE value: "30" - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL value: "10" - name: POSTGRESQL_TCP_KEEPALIVES_COUNT value: "5" valkey: # Redis is used to handle scenarios where real-time performance and fast data retrieval are essential. # This component is responsible for providing an in-memory data store # For more details, refer to the documentation: # https://docs.lerian.studio/docs/midaz-components#why-redis enabled: true global: security: allowInsecureImages: true image: repository: bitnamisecure/valkey tag: "latest" architecture: standalone auth: enabled: false otel-collector-lerian: enabled: true