661 lines
8.1 KiB
Text
661 lines
8.1 KiB
Text
|
|
|
|
= matrix-authentication-service
|
|
|
|
image::https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square[Version: 0.0.3]
|
|
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
|
|
image::https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square[AppVersion: 0.9.0]
|
|
== Maintainers
|
|
|
|
.Maintainers
|
|
|===
|
|
| Name | Email | Url
|
|
|
|
| WrenIX
|
|
|
|
|
| <https://wrenix.eu>
|
|
|===
|
|
|
|
== Usage
|
|
|
|
Helm must be installed and setup to your kubernetes cluster to use the charts.
|
|
Refer to Helm's https://helm.sh/docs[documentation] to get started.
|
|
Once Helm has been set up correctly, fetch the charts as follows:
|
|
|
|
[source,bash]
|
|
----
|
|
helm pull oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service
|
|
----
|
|
|
|
You can install a chart release using the following command:
|
|
|
|
[source,bash]
|
|
----
|
|
helm install matrix-authentication-service-release oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service --values values.yaml
|
|
----
|
|
|
|
To uninstall a chart release use `helm`'s delete command:
|
|
|
|
[source,bash]
|
|
----
|
|
helm uninstall matrix-authentication-service-release
|
|
----
|
|
|
|
== Values
|
|
|
|
.Values
|
|
|===
|
|
| Key | Type | Default | Description
|
|
|
|
| affinity
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| autoscaling.enabled
|
|
| bool
|
|
| `false`
|
|
|
|
|
|
|
| autoscaling.maxReplicas
|
|
| int
|
|
| `100`
|
|
|
|
|
|
|
| autoscaling.minReplicas
|
|
| int
|
|
| `1`
|
|
|
|
|
|
|
| autoscaling.targetCPUUtilizationPercentage
|
|
| int
|
|
| `80`
|
|
|
|
|
|
|
| config.branding.imprint
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.branding.logo_uri
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.branding.policy_uri
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.branding.service_name
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.branding.tos_uri
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.clients
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| config.database.connect_timeout
|
|
| int
|
|
| `30`
|
|
|
|
|
|
|
| config.database.database
|
|
| string
|
|
| `"sliding_sync"`
|
|
|
|
|
|
|
| config.database.host
|
|
| string
|
|
| `"localhost"`
|
|
|
|
|
|
|
| config.database.idle_timeout
|
|
| int
|
|
| `600`
|
|
|
|
|
|
|
| config.database.max_connections
|
|
| int
|
|
| `10`
|
|
|
|
|
|
|
| config.database.max_lifetime
|
|
| int
|
|
| `1800`
|
|
|
|
|
|
|
| config.database.min_connections
|
|
| int
|
|
| `0`
|
|
|
|
|
|
|
| config.database.password
|
|
| string
|
|
| `"secret"`
|
|
|
|
|
|
|
| config.database.port
|
|
| int
|
|
| `5432`
|
|
|
|
|
|
|
| config.database.username
|
|
| string
|
|
| `"sliding_sync"`
|
|
|
|
|
|
|
| config.email.from
|
|
| string
|
|
| `"\"Authentication Service\" <root@localhost>"`
|
|
|
|
|
|
|
| config.email.reply_to
|
|
| string
|
|
| `"\"Authentication Service\" <root@localhost>"`
|
|
|
|
|
|
|
| config.email.transport
|
|
| string
|
|
| `"blackhole"`
|
|
|
|
|
|
|
| config.experimental.access_token_ttl
|
|
| int
|
|
| `300`
|
|
|
|
|
|
|
| config.experimental.compat_token_ttl
|
|
| int
|
|
| `300`
|
|
|
|
|
|
|
| config.http.issuer
|
|
| string
|
|
| `"http://[::]:8080/"`
|
|
|
|
|
|
|
| config.http.listeners[0].binds[0].address
|
|
| string
|
|
| `"[::]:8080"`
|
|
|
|
|
|
|
| config.http.listeners[0].name
|
|
| string
|
|
| `"http"`
|
|
|
|
|
|
|
| config.http.listeners[0].proxy_protocol
|
|
| bool
|
|
| `false`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[0].name
|
|
| string
|
|
| `"discovery"`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[1].name
|
|
| string
|
|
| `"human"`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[2].name
|
|
| string
|
|
| `"oauth"`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[3].name
|
|
| string
|
|
| `"compat"`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[4].name
|
|
| string
|
|
| `"graphql"`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[4].playground
|
|
| bool
|
|
| `true`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[5].name
|
|
| string
|
|
| `"assets"`
|
|
|
|
|
|
|
| config.http.listeners[0].resources[5].path
|
|
| string
|
|
| `"/usr/local/share/mas-cli/assets/"`
|
|
|
|
|
|
|
| config.http.listeners[1].binds[0].address
|
|
| string
|
|
| `"[::]:8081"`
|
|
|
|
|
|
|
| config.http.listeners[1].name
|
|
| string
|
|
| `"internal"`
|
|
|
|
|
|
|
| config.http.listeners[1].resources[0].name
|
|
| string
|
|
| `"health"`
|
|
|
|
|
|
|
| config.http.listeners[2].binds[0].address
|
|
| string
|
|
| `"[::]:9100"`
|
|
|
|
|
|
|
| config.http.listeners[2].name
|
|
| string
|
|
| `"metrics"`
|
|
|
|
|
|
|
| config.http.listeners[2].resources[0].name
|
|
| string
|
|
| `"prometheus"`
|
|
|
|
|
|
|
| config.http.public_base
|
|
| string
|
|
| `"http://[::]:8080/"`
|
|
|
|
|
|
|
| config.http.trusted_proxies[0]
|
|
| string
|
|
| `"192.128.0.0/16"`
|
|
|
|
|
|
|
| config.http.trusted_proxies[1]
|
|
| string
|
|
| `"172.16.0.0/12"`
|
|
|
|
|
|
|
| config.http.trusted_proxies[2]
|
|
| string
|
|
| `"10.0.0.0/10"`
|
|
|
|
|
|
|
| config.http.trusted_proxies[3]
|
|
| string
|
|
| `"127.0.0.1/8"`
|
|
|
|
|
|
|
| config.http.trusted_proxies[4]
|
|
| string
|
|
| `"fd00::/8"`
|
|
|
|
|
|
|
| config.http.trusted_proxies[5]
|
|
| string
|
|
| `"::1/128"`
|
|
|
|
|
|
|
| config.matrix.endpoint
|
|
| string
|
|
| `"http://localhost:8008/"`
|
|
|
|
|
|
|
| config.matrix.homeserver
|
|
| string
|
|
| `"localhost:8008"`
|
|
|
|
|
|
|
| config.matrix.secret
|
|
| string
|
|
| `"kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G"`
|
|
|
|
|
|
|
| config.passwords.enabled
|
|
| bool
|
|
| `true`
|
|
|
|
|
|
|
| config.passwords.schemes[0].algorithm
|
|
| string
|
|
| `"argon2id"`
|
|
|
|
|
|
|
| config.passwords.schemes[0].version
|
|
| int
|
|
| `1`
|
|
|
|
|
|
|
| config.policy.authorization_grant_entrypoint
|
|
| string
|
|
| `"authorization_grant/violation"`
|
|
|
|
|
|
|
| config.policy.client_registration_entrypoint
|
|
| string
|
|
| `"client_registration/violation"`
|
|
|
|
|
|
|
| config.policy.data
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.policy.email_entrypoint
|
|
| string
|
|
| `"email/violation"`
|
|
|
|
|
|
|
| config.policy.password_entrypoint
|
|
| string
|
|
| `"password/violation"`
|
|
|
|
|
|
|
| config.policy.register_entrypoint
|
|
| string
|
|
| `"register/violation"`
|
|
|
|
|
|
|
| config.policy.wasm_module
|
|
| string
|
|
| `"/usr/local/share/mas-cli/policy.wasm"`
|
|
|
|
|
|
|
| config.secrets.encryption
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.secrets.keys
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| config.telemetry.metrics.exporter
|
|
| string
|
|
| `"prometheus"`
|
|
|
|
|
|
|
| config.telemetry.sentry.dsn
|
|
| string
|
|
| `nil`
|
|
|
|
|
|
|
| config.telemetry.tracing.exporter
|
|
| string
|
|
| `"none"`
|
|
|
|
|
|
|
| config.telemetry.tracing.propagators
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| config.templates.assets_manifest
|
|
| string
|
|
| `"/usr/local/share/mas-cli/manifest.json"`
|
|
|
|
|
|
|
| config.templates.path
|
|
| string
|
|
| `"/usr/local/share/mas-cli/templates/"`
|
|
|
|
|
|
|
| config.templates.translations_path
|
|
| string
|
|
| `"/usr/local/share/mas-cli/translations/"`
|
|
|
|
|
|
|
| config.upstream_oauth2.providers
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| fullnameOverride
|
|
| string
|
|
| `""`
|
|
|
|
|
|
|
| global.image.pullPolicy
|
|
| string
|
|
| `nil`
|
|
| if set it will overwrite all pullPolicy
|
|
|
|
| global.image.registry
|
|
| string
|
|
| `nil`
|
|
| if set it will overwrite all registry entries
|
|
|
|
| image.pullPolicy
|
|
| string
|
|
| `"IfNotPresent"`
|
|
|
|
|
|
|
| image.registry
|
|
| string
|
|
| `"ghcr.io"`
|
|
|
|
|
|
|
| image.repository
|
|
| string
|
|
| `"matrix-org/matrix-authentication-service"`
|
|
|
|
|
|
|
| image.tag
|
|
| string
|
|
| `nil`
|
|
| Overrides the image tag whose default is the chart appVersion.
|
|
|
|
| imagePullSecrets
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| ingress.annotations
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| ingress.className
|
|
| string
|
|
| `""`
|
|
|
|
|
|
|
| ingress.enabled
|
|
| bool
|
|
| `false`
|
|
|
|
|
|
|
| ingress.hosts[0].host
|
|
| string
|
|
| `"auth.matrix.chart-example.local"`
|
|
|
|
|
|
|
| ingress.hosts[0].paths[0].path
|
|
| string
|
|
| `"/l"`
|
|
|
|
|
|
|
| ingress.hosts[0].paths[0].pathType
|
|
| string
|
|
| `"Prefix"`
|
|
|
|
|
|
|
| ingress.hosts[1].host
|
|
| string
|
|
| `"matrix.chart-example.local"`
|
|
|
|
|
|
|
| ingress.hosts[1].paths[0].path
|
|
| string
|
|
| `"/_matrix/client/v3/login"`
|
|
|
|
|
|
|
| ingress.hosts[1].paths[0].pathType
|
|
| string
|
|
| `"Exact"`
|
|
|
|
|
|
|
| ingress.hosts[1].paths[1].path
|
|
| string
|
|
| `"/_matrix/client/v3/logout"`
|
|
|
|
|
|
|
| ingress.hosts[1].paths[1].pathType
|
|
| string
|
|
| `"Exact"`
|
|
|
|
|
|
|
| ingress.hosts[1].paths[2].path
|
|
| string
|
|
| `"/_matrix/client/v3/refresh"`
|
|
|
|
|
|
|
| ingress.hosts[1].paths[2].pathType
|
|
| string
|
|
| `"Exact"`
|
|
|
|
|
|
|
| ingress.tls
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| livenessProbe.httpGet.path
|
|
| string
|
|
| `"/health"`
|
|
|
|
|
|
|
| livenessProbe.httpGet.port
|
|
| string
|
|
| `"internal"`
|
|
|
|
|
|
|
| nameOverride
|
|
| string
|
|
| `""`
|
|
|
|
|
|
|
| nodeSelector
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| podAnnotations
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| podLabels
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| podSecurityContext.fsGroup
|
|
| int
|
|
| `1000`
|
|
|
|
|
|
|
| prometheus.servicemonitor.enabled
|
|
| bool
|
|
| `false`
|
|
|
|
|
|
|
| prometheus.servicemonitor.labels
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| readinessProbe.httpGet.path
|
|
| string
|
|
| `"/health"`
|
|
|
|
|
|
|
| readinessProbe.httpGet.port
|
|
| string
|
|
| `"internal"`
|
|
|
|
|
|
|
| replicaCount
|
|
| int
|
|
| `1`
|
|
|
|
|
|
|
| resources
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| securityContext.capabilities.drop[0]
|
|
| string
|
|
| `"ALL"`
|
|
|
|
|
|
|
| securityContext.readOnlyRootFilesystem
|
|
| bool
|
|
| `true`
|
|
|
|
|
|
|
| securityContext.runAsNonRoot
|
|
| bool
|
|
| `true`
|
|
|
|
|
|
|
| securityContext.runAsUser
|
|
| int
|
|
| `1000`
|
|
|
|
|
|
|
| service.port
|
|
| int
|
|
| `80`
|
|
|
|
|
|
|
| service.type
|
|
| string
|
|
| `"ClusterIP"`
|
|
|
|
|
|
|
| serviceAccount.annotations
|
|
| object
|
|
| `{}`
|
|
|
|
|
|
|
| serviceAccount.automount
|
|
| bool
|
|
| `true`
|
|
|
|
|
|
|
| serviceAccount.create
|
|
| bool
|
|
| `true`
|
|
|
|
|
|
|
| serviceAccount.name
|
|
| string
|
|
| `""`
|
|
|
|
|
|
|
| tolerations
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| volumeMounts
|
|
| list
|
|
| `[]`
|
|
|
|
|
|
|
| volumes
|
|
| list
|
|
| `[]`
|
|
|
|
|
|===
|
|
|
|
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
|