---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-forward-auth-0.3.10-d2iq-defaults
  namespace: ${releaseNamespace}
data:
  values.yaml: |-
    ---
    replicaCount: 1
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
        ephemeral-storage: 200Mi
    service:
      type: ClusterIP
      port: 4181
    traefikForwardAuth:
      enabled: false
      # oidcUri, clientID, clientSecret will be overridden by the TFAController
      oidcUri: "https://dex.${releaseNamespace}.svc.cluster.local:8080/dex"
      clientId: traefik-forward-auth-kommander
      clientSecret:
        value: "placeholder"
        valueFrom:
          secretKeyRef: null
      allowedUser:
        valueFrom:
          secretKeyRef: null
      cookieSecure: true
      userCookieName: "kommander_profile_name"
      whitelist: []
      enableRBAC: true
      enableImpersonation: true
      rbacPassThroughPaths:
        - "/dkp/kiali/"
        - "/dkp/kiali/*"
      extraConfig: |
        cookie-name =  _forward_auth_kommander
        csrf-cookie-name = _forward_auth_csrf_kommander
        url-path = /_oauth_kommander
        groups-session-name = _forward_auth_claims_kommander
    ingress:
      enabled: true
      annotations:
        kubernetes.io/ingress.class: kommander-traefik
        ingress.kubernetes.io/protocol: https
        traefik.ingress.kubernetes.io/router.middlewares: ${releaseNamespace}-forwardauth@kubernetescrd
        traefik.ingress.kubernetes.io/router.tls: "true"
      paths:
        - /_oauth_kommander
      hosts:
        - ""
      tls: []
    deploymentAnnotations:
      configmap.reloader.stakater.com/reload: "traefik-forward-auth-configmap"
    initContainers: null
    addonsInitializer: "${initializerImage:=mesosphere/kubeaddons-addon-initializer:v0.5.5}"