2023-09-03 14:58:07 +02:00
|
|
|
secret:
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- name of secret to store generated secret (like clientI)
|
2023-09-03 14:58:07 +02:00
|
|
|
name: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- label of secret to store generated secret
|
2023-09-03 14:58:07 +02:00
|
|
|
labels: {}
|
|
|
|
|
|
|
|
|
|
blueprint:
|
|
|
|
|
authentik:
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- domain to authentik, used in generated url (like issuer)
|
2023-09-03 14:58:07 +02:00
|
|
|
domain: "https://auth.wrenix.eu"
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- label of generated secret with blueprint
|
2023-09-03 14:58:07 +02:00
|
|
|
labels:
|
|
|
|
|
goauthentik_blueprint: "1"
|
|
|
|
|
provider:
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- creat an provider for authentification (otherwise just a like in menu is created)
|
2023-09-06 00:40:34 +02:00
|
|
|
enabled: true
|
2023-09-03 14:58:07 +02:00
|
|
|
name: ""
|
|
|
|
|
authorizationFlow: "default-provider-authorization-implicit-consent"
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- type of application connection, current support: oidc and proxy
|
2023-09-06 22:02:27 +02:00
|
|
|
type: "oidc" # or proxy
|
|
|
|
|
oidc:
|
|
|
|
|
clientType: "confidential"
|
|
|
|
|
# -- client id - generated if secret enabled
|
|
|
|
|
clientID:
|
|
|
|
|
# -- client secret - generated if secret enabled
|
|
|
|
|
clientSecret:
|
|
|
|
|
redirectURL: ""
|
|
|
|
|
# -- Need for non-curve / RSA
|
|
|
|
|
signingKey: ""
|
|
|
|
|
# -- Scope
|
|
|
|
|
scopes:
|
|
|
|
|
proxy:
|
|
|
|
|
externalHost:
|
2023-09-06 23:10:12 +02:00
|
|
|
skipPathRegex: ""
|
|
|
|
|
cookieDomain: ""
|
2023-09-06 22:02:27 +02:00
|
|
|
ingress:
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- deploy ingress on application domain for e.g. logout (WIP)
|
2023-09-06 22:02:27 +02:00
|
|
|
enabled: false
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- domain of application (where outpost should be deployed)
|
2023-09-06 22:02:27 +02:00
|
|
|
domain:
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- service backend to authentik
|
2023-09-06 22:02:27 +02:00
|
|
|
backend: authentik
|
2023-09-03 14:58:07 +02:00
|
|
|
application:
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- application name in menu
|
2023-09-03 14:58:07 +02:00
|
|
|
name: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- application slug
|
2023-09-03 14:58:07 +02:00
|
|
|
slug: "app-name"
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- put this application in authentik in group
|
2023-09-03 14:58:07 +02:00
|
|
|
group: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# url to application
|
2023-09-03 14:58:07 +02:00
|
|
|
launchURL: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- open application in new tab
|
2023-09-03 14:58:07 +02:00
|
|
|
openInNewTab: false
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- icon of application (url)
|
2023-09-03 14:58:07 +02:00
|
|
|
icon: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- description of application
|
2023-09-03 14:58:07 +02:00
|
|
|
description: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- publisher of application
|
2023-09-03 14:58:07 +02:00
|
|
|
publisher: ""
|
2023-11-03 15:48:54 +01:00
|
|
|
# -- uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled)
|
|
|
|
|
bindPolicyID:
|
|
|
|
|
policyEngineMode: "any"
|
|
|
|
|
# -- authentik groups created / give access to this application
|
2023-09-26 19:24:18 +02:00
|
|
|
# disable any groups by set groups: [] (to a slice)
|
2023-09-06 00:40:34 +02:00
|
|
|
# example:
|
|
|
|
|
# - slug: "app: grafana-admin"
|
|
|
|
|
# parent: "app: infra"
|
|
|
|
|
# bindID: uuid
|
|
|
|
|
#
|
2023-09-26 19:24:18 +02:00
|
|
|
groups:
|
