-
Notifications
You must be signed in to change notification settings - Fork 2
/
values.radiant.yaml
117 lines (98 loc) · 3.54 KB
/
values.radiant.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Custom base values for NCSA Radiant Openstack (V2 Workbench).
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
ingress:
api:
annotations:
cert-manager.io/cluster-issuer: "acmedns-issuer-staging"
tls:
- hosts:
- changeme.ndslabs.org
- "*.changeme.ndslabs.org"
secretName: ndslabs-tls
config:
frontend:
domain: "changeme.ndslabs.org"
signin_url: "https://changeme.ndslabs.org/oauth2/start?rd=https%3A%2F%2Fchangeme.ndslabs.org%2Fmy-apps"
signout_url: "https://changeme.ndslabs.org/oauth2/sign_out?rd=https%3A%2F%2Fchangeme.ndslabs.org%2F"
backend:
domain: "changeme.ndslabs.org"
insecure_ssl_verify: "true"
oauth:
userinfoUrl: https://changeme.ndslabs.org/oauth2/userinfo
mongo:
uri: "mongodb://workbench:[email protected]:27017/ndslabs?authSource=admin"
# Point at shared Keycloak instance + realm
keycloak:
hostname: "https://keycloak.workbench.ndslabs.org/auth"
realmName: "changeme"
# Define parameters about the created userapp
userapps:
home_storage:
enabled: true
storage_class: "nfs-taiga"
shared_storage:
enabled: false
ingress:
annotations:
ingress.kubernetes.io/auth-type: forward
ingress.kubernetes.io/auth-url: "https://changeme.ndslabs.org/oauth2/auth"
ingress.kubernetes.io/signin-url: "https://changeme.ndslabs.org/oauth2/start?rd=https%3A%2F%2Fchangeme.ndslabs.org%2Fmy-apps"
ingress.kubernetes.io/auth-response-headers: "x-auth-request-user, x-auth-request-email, x-auth-request-access-token, x-auth-request-redirect, x-auth-request-preferred-username"
tls:
- hosts:
- changeme.ndslabs.org
- "*.changeme.ndslabs.org"
secretName: ndslabs-tls
### Optional dependency subcharts
mongodb:
enabled: true
global:
storageClass: "csi-cinder-sc-retain"
updateStrategy:
type: Recreate
auth:
rootUser: workbench
rootPassword: changeme
# Disable local Ingress controller (use shared instance)
ingress-nginx:
enabled: false
# Disable NFS client (use cluster built-in)
nfs-subdir-external-provisioner:
enabled: false
# Disable local NFS server
nfs-server-provisioner:
enabled: false
# Disable local Keycloak instance (use shared instance)
keycloak:
enabled: false
oauth2-proxy:
global:
storageClass: "csi-cinder-sc-retain"
ingress:
hostname: changeme.ndslabs.org
tls:
- hosts:
- changeme.ndslabs.org
- "*.changeme.ndslabs.org"
secretName: ndslabs-tls
extraArgs:
# Keycloak OIDC config:
- --provider=keycloak-oidc # "oidc" works as well, but this gives us roles too
- --provider-display-name=Workbench Login
- --redirect-url=https://changeme.ndslabs.org/oauth2/callback
- --oidc-issuer-url=https://keycloak.workbench.ndslabs.org/auth/realms/changeme
- --client-id=cilogon
- --client-secret=changeme
# Authorization config:
#- --email-domain=illinois.edu
- --whitelist-domain=.changeme.ndslabs.org # needed to use the "rd" query string parameter
- --cookie-domain=.ndslabs.org # forward your cookie automatically to subdomains
#- --cookie-samesite=lax
- --scope=email profile openid
- --allowed-role=workbench-user
# Local Development Only:
- --insecure-oidc-allow-unverified-email=true
#- --ssl-insecure-skip-verify=true
#- --ssl-upstream-insecure-skip-verify=true
- --force-json-errors=true