-
Notifications
You must be signed in to change notification settings - Fork 0
/
gangplank.yml
79 lines (78 loc) · 3.6 KB
/
gangplank.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# The address to listen on. Defaults to 0.0.0.0 to listen on all interfaces.
# Env var: GANGPLANK_CONFIG_HOST
# host: 0.0.0.0
# The port to listen on. Defaults to 8080.
# Env var: GANGPLANK_CONFIG_PORT
# port: 8080
# Should Gangplank serve TLS vs. plain HTTP? Default: false
# Env var: GANGPLANK_CONFIG_SERVE_TLS
# serveTLS: false
# The public cert file (including root and intermediates) to use when serving
# TLS.
# Env var: GANGPLANK_CONFIG_CERT_FILE
# certFile: /etc/gangplank/tls/tls.crt
# The private key file when serving TLS.
# Env var: GANGPLANK_CONFIG_KEY_FILE
# keyFile: /etc/gangplank/tls/tls.key
# The cluster name. Used in UI and kubectl config instructions.
# Env var: GANGPLANK_CONFIG_CLUSTER_NAME
clusterName: "${GANGPLANK_CONFIG_CLUSTER_NAME}"
# OAuth2 URL to start authorization flow.
# Env var: GANGPLANK_CONFIG_AUTHORIZE_URL
authorizeURL: "https://${DNS_NAME}/authorize"
# OAuth2 URL to obtain access tokens.
# Env var: GANGPLANK_CONFIG_TOKEN_URL
tokenURL: "https://${DNS_NAME}/oauth/token"
# Endpoint that provides user profile information [optional]. Not all providers
# will require this.
# Env var: GANGPLANK_CONFIG_AUDIENCE
audience: "https://${DNS_NAME}/userinfo"
# Used to specify the scope of the requested Oauth authorization.
# scopes: ["openid", "profile", "email", "offline_access"]
# Where to redirect back to. This should be a URL where gangplank is reachable.
# Typically this also needs to be registered as part of the oauth application
# with the oAuth provider.
# Env var: GANGPLANK_CONFIG_REDIRECT_URL
redirectURL: "https://${GANGPLANK_CONFIG_REDIRECT_URL}/callback"
# API client ID as indicated by the identity provider
# Env var: GANGPLANK_CONFIG_CLIENT_ID
clientID: "${GANGPLANK_CONFIG_CLIENT_ID}"
# API client secret as indicated by the identity provider
# Env var: GANGPLANK_CONFIG_CLIENT_SECRET
clientSecret: "${GANGPLANK_CONFIG_CLIENT_SECRET}"
# Some identity providers accept an empty client secret, this
# is not generally considered a good idea. If you have to use an
# empty secret and accept the risks that come with that then you can
# set this to true.
#allowEmptyClientSecret: false
# The JWT claim to use as the username. This is used in UI.
# Default is "nickname". This is combined with the clusterName
# for the "user" portion of the kubeconfig.
# Env var: GANGPLANK_CONFIG_USERNAME_CLAIM
usernameClaim: "sub"
# The API server endpoint used to configure kubectl
# Env var: GANGPLANK_CONFIG_APISERVER_URL
apiServerURL: "https://${GANGPLANK_CONFIG_APISERVER_URL}"
# The path to find the CA bundle for the API server. Used to configure kubectl.
# This is typically mounted into the default location for workloads running on
# a Kubernetes cluster and doesn't need to be set.
# Env var: GANGPLANK_CONFIG_CLUSTER_CA_PATH
# clusterCAPath: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
# The path to a root CA to trust for self signed certificates at the Oauth2 URLs
# Env var: GANGPLANK_CONFIG_TRUSTED_CA_PATH
#trustedCAPath: /cacerts/rootca.crt
# The path gangplank uses to create urls (defaults to "")
# Env var: GANGPLANK_CONFIG_HTTP_PATH
#httpPath: "https://${GANGPLANK_CONFIG_HTTP_PATH}"
# The path to find custom HTML templates
# Env var: GANGPLANK_CONFIG_CUSTOM_HTTP_TEMPLATES_DIR
customHTMLTemplatesDir: /custom-templates
# Flag to remove the CA from the kubeconfig.
# Env var: GANGPLANK_CONFIG_REMOVE_CA_FROM_KUBECONFIG
# removeCAFromKubeconfig: false
# Namespace to use in the kubeconfig.
# Env var: GANGPLANK_CONFIG_NAMESPACE
# namespace: "default"