--- title: "matrix-authentication-service" description: "OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)" --- # matrix-authentication-service ![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.0](https://img.shields.io/badge/AppVersion-0.13.0-informational?style=flat-square) OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861) ## Maintainers | Name | Email | Url | | ---- | ------ | --- | | WrenIX | | | ## Usage Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm's [documentation](https://helm.sh/docs) to get started. Once Helm has been set up correctly, fetch the charts as follows: ```bash helm pull oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service ``` You can install a chart release using the following command: ```bash helm install matrix-authentication-service-release oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service --values values.yaml ``` To uninstall a chart release use `helm`'s delete command: ```bash helm uninstall matrix-authentication-service-release ``` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | | autoscaling.enabled | bool | `false` | | | autoscaling.maxReplicas | int | `100` | | | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | config.branding.imprint | string | `nil` | | | config.branding.logo_uri | string | `nil` | | | config.branding.policy_uri | string | `nil` | | | config.branding.service_name | string | `nil` | | | config.branding.tos_uri | string | `nil` | | | config.clients | list | `[]` | | | config.database.connect_timeout | int | `30` | | | config.database.database | string | `"sliding_sync"` | | | config.database.host | string | `"localhost"` | | | config.database.idle_timeout | int | `600` | | | config.database.max_connections | int | `10` | | | config.database.max_lifetime | int | `1800` | | | config.database.min_connections | int | `0` | | | config.database.password | string | `"secret"` | | | config.database.port | int | `5432` | | | config.database.username | string | `"sliding_sync"` | | | config.email.from | string | `"\"Authentication Service\" "` | | | config.email.reply_to | string | `"\"Authentication Service\" "` | | | config.email.transport | string | `"blackhole"` | | | config.experimental.access_token_ttl | int | `300` | | | config.experimental.compat_token_ttl | int | `300` | | | config.http.issuer | string | `"http://[::]:8080/"` | | | config.http.listeners[0].binds[0].address | string | `"[::]:8080"` | | | config.http.listeners[0].name | string | `"http"` | | | config.http.listeners[0].proxy_protocol | bool | `false` | | | config.http.listeners[0].resources[0].name | string | `"discovery"` | | | config.http.listeners[0].resources[1].name | string | `"human"` | | | config.http.listeners[0].resources[2].name | string | `"oauth"` | | | config.http.listeners[0].resources[3].name | string | `"compat"` | | | config.http.listeners[0].resources[4].name | string | `"graphql"` | | | config.http.listeners[0].resources[4].playground | bool | `true` | | | config.http.listeners[0].resources[5].name | string | `"assets"` | | | config.http.listeners[0].resources[5].path | string | `"/usr/local/share/mas-cli/assets/"` | | | config.http.listeners[1].binds[0].address | string | `"[::]:8081"` | | | config.http.listeners[1].name | string | `"internal"` | | | config.http.listeners[1].resources[0].name | string | `"health"` | | | config.http.listeners[2].binds[0].address | string | `"[::]:9100"` | | | config.http.listeners[2].name | string | `"metrics"` | | | config.http.listeners[2].resources[0].name | string | `"prometheus"` | | | config.http.public_base | string | `"http://[::]:8080/"` | | | config.http.trusted_proxies[0] | string | `"192.128.0.0/16"` | | | config.http.trusted_proxies[1] | string | `"172.16.0.0/12"` | | | config.http.trusted_proxies[2] | string | `"10.0.0.0/10"` | | | config.http.trusted_proxies[3] | string | `"127.0.0.1/8"` | | | config.http.trusted_proxies[4] | string | `"fd00::/8"` | | | config.http.trusted_proxies[5] | string | `"::1/128"` | | | config.matrix.endpoint | string | `"http://localhost:8008/"` | | | config.matrix.homeserver | string | `"localhost:8008"` | | | config.matrix.secret | string | `"kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G"` | | | config.passwords.enabled | bool | `true` | | | config.passwords.schemes[0].algorithm | string | `"argon2id"` | | | config.passwords.schemes[0].version | int | `1` | | | config.policy.authorization_grant_entrypoint | string | `"authorization_grant/violation"` | | | config.policy.client_registration_entrypoint | string | `"client_registration/violation"` | | | config.policy.data | string | `nil` | | | config.policy.email_entrypoint | string | `"email/violation"` | | | config.policy.password_entrypoint | string | `"password/violation"` | | | config.policy.register_entrypoint | string | `"register/violation"` | | | config.policy.wasm_module | string | `"/usr/local/share/mas-cli/policy.wasm"` | | | config.secrets.encryption | string | `nil` | | | config.secrets.keys | list | `[]` | | | config.telemetry.metrics.exporter | string | `"prometheus"` | | | config.telemetry.sentry.dsn | string | `nil` | | | config.telemetry.tracing.exporter | string | `"none"` | | | config.telemetry.tracing.propagators | list | `[]` | | | config.templates.assets_manifest | string | `"/usr/local/share/mas-cli/manifest.json"` | | | config.templates.path | string | `"/usr/local/share/mas-cli/templates/"` | | | config.templates.translations_path | string | `"/usr/local/share/mas-cli/translations/"` | | | config.upstream_oauth2.providers | list | `[]` | | | fullnameOverride | string | `""` | | | global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | | global.image.registry | string | `nil` | if set it will overwrite all registry entries | | image.pullPolicy | string | `"IfNotPresent"` | | | image.registry | string | `"ghcr.io"` | | | image.repository | string | `"element-hq/matrix-authentication-service"` | | | image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | ingress.annotations | object | `{}` | | | ingress.className | string | `""` | | | ingress.enabled | bool | `false` | | | ingress.hosts[0].host | string | `"auth.matrix.chart-example.local"` | | | ingress.hosts[0].paths[0].path | string | `"/l"` | | | ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | | | ingress.hosts[1].host | string | `"matrix.chart-example.local"` | | | ingress.hosts[1].paths[0].path | string | `"/_matrix/client/v3/login"` | | | ingress.hosts[1].paths[0].pathType | string | `"Exact"` | | | ingress.hosts[1].paths[1].path | string | `"/_matrix/client/v3/logout"` | | | ingress.hosts[1].paths[1].pathType | string | `"Exact"` | | | ingress.hosts[1].paths[2].path | string | `"/_matrix/client/v3/refresh"` | | | ingress.hosts[1].paths[2].pathType | string | `"Exact"` | | | ingress.tls | list | `[]` | | | livenessProbe.httpGet.path | string | `"/health"` | | | livenessProbe.httpGet.port | string | `"internal"` | | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | | podLabels | object | `{}` | | | podSecurityContext.fsGroup | int | `1000` | | | prometheus.servicemonitor.enabled | bool | `false` | | | prometheus.servicemonitor.labels | object | `{}` | | | readinessProbe.httpGet.path | string | `"/health"` | | | readinessProbe.httpGet.port | string | `"internal"` | | | replicaCount | int | `1` | | | resources | object | `{}` | | | securityContext.capabilities.drop[0] | string | `"ALL"` | | | securityContext.readOnlyRootFilesystem | bool | `true` | | | securityContext.runAsNonRoot | bool | `true` | | | securityContext.runAsUser | int | `1000` | | | service.port.http | int | `8080` | | | service.port.metrics | int | `9100` | | | service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | | | serviceAccount.automount | bool | `true` | | | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | | volumeMounts | list | `[]` | | | volumes | list | `[]` | | Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)