ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kanidm: bump to 1.8.5, helm chart 0.2.7

Browse Source
This commit is contained in:
ace
2026-01-03 22:34:31 +03:00
parent 77dedad608
commit 5f8e183286
3 changed files with 39 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kanidm/Chart.yaml
View File

@@ -15,10 +15,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.4 version: 0.2.7
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes. # It is recommended to use it with quotes.
appVersion: "1.7.4" appVersion: "1.8.5"

51
kanidm/templates/configmap.yaml
View File

@@ -10,18 +10,22 @@ data:
version = "2" version = "2"
# The webserver bind address. Requires TLS certificates. # The webserver bind address. Requires TLS certificates.
# If the port is set to 443 you may require the # If the port is set to 443 you may require the
# NET_BIND_SERVICE capability. # NET_BIND_SERVICE capability. This accepts a single address
# or an array of addresses to listen on.
# Defaults to "127.0.0.1:8443" # Defaults to "127.0.0.1:8443"
bindaddress = "{{ tpl .Values.kanidm.bindaddress $ }}" bindaddress = "{{ tpl .Values.kanidm.bindaddress $ }}"
# bindaddress = ["[::]:443", "0.0.0.0:443"]
# #
# The read-only ldap server bind address. Requires # The read-only ldap server bind address. Requires
# TLS certificates. If set to 636 you may require # TLS certificates. If set to 636 you may require the
# the NET_BIND_SERVICE capability. # NET_BIND_SERVICE capability. This accepts a single address
# or an array of addresses to listen on.
# Defaults to "" (disabled) # Defaults to "" (disabled)
{{- if .Values.kanidmLdap.enabled }} {{- if .Values.kanidmLdap.enabled }}
dapbindaddress = "{{ tpl .Values.kanidmLdap.dapbindaddress $ }}" dapbindaddress = "{{ tpl .Values.kanidmLdap.dapbindaddress $ }}"
{{- else }} {{- else }}
# ldapbindaddress = "{{ tpl .Values.kanidmLdap.dapbindaddress $ }}" # ldapbindaddress = "[::]:636"
# ldapbindaddress = ["[::]:636", "0.0.0.0:636"]
{{- end }} {{- end }}
# #
# The path to the kanidm database. # The path to the kanidm database.
@@ -94,30 +98,47 @@ data:
# not consistent, the server WILL refuse to start! # not consistent, the server WILL refuse to start!
# origin = "https://idm.example.com" # origin = "https://idm.example.com"
origin = "https://{{ tpl .Values.kanidm.domain $ }}:{{ .Values.service.port }}" origin = "https://{{ tpl .Values.kanidm.domain $ }}:{{ .Values.service.port }}"
#
# HTTPS requests can be reverse proxied by a loadbalancer. # HTTPS requests can be reverse proxied by a loadbalancer.
# To preserve the original IP of the caller, these systems # To preserve the original IP of the caller, these systems
# will often add a header such as "Forwarded" or # will often add a header such as "Forwarded" or
# "X-Forwarded-For". Some other proxies can use the PROXY # "X-Forwarded-For". Some other proxies can use the PROXY
# protocol v2 header. # protocol v2 header. While we support the PROXY protocol
# This setting allows configuration of the range of trusted # v1 header, we STRONGLY discourage it's use as it has
# IPs which can supply this header information, and which # significantly greater overheads compared to v2 during
# format the information is provided in. # processing.
# This setting allows configuration of the list of trusted
# IPs or IP ranges which can supply this header information,
# and which format the information is provided in.
# Defaults to "none" (no trusted sources) # Defaults to "none" (no trusted sources)
# Only one option can be used at a time. # Only one option can be used at a time.
# [http_client_address_info] # [http_client_address_info]
# proxy-v2 = ["127.0.0.1"] # proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
# # OR # # OR
# x-forward-for = ["127.0.0.1"] # [http_client_address_info]
# x-forward-for = ["127.0.0.1", "127.0.0.0/8"]
# # OR
# [http_client_address_info]
# # AVOID IF POSSIBLE!!!
# proxy-v1 = ["127.0.0.1", "127.0.0.0/8"]
# LDAPS requests can be reverse proxied by a loadbalancer. # LDAPS requests can be reverse proxied by a loadbalancer.
# To preserve the original IP of the caller, these systems # To preserve the original IP of the caller, these systems
# can add a header such as the PROXY protocol v2 header. # can add a header such as the PROXY protocol v2 header.
# This setting allows configuration of the range of trusted # While we support the PROXY protocol v1 header, we STRONGLY
# IPs which can supply this header information, and which # discourage it's use as it has significantly greater
# format the information is provided in. # overheads compared to v2 during processing.
# This setting allows configuration of the list of trusted
# IPs or IP ranges which can supply this header information,
# and which format the information is provided in.
# Defaults to "none" (no trusted sources) # Defaults to "none" (no trusted sources)
# [ldap_client_address_info] # [ldap_client_address_info]
# proxy-v2 = ["127.0.0.1"] # proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
# # OR
# [ldap_client_address_info]
# # AVOID IF POSSIBLE!!!
# proxy-v1 = ["127.0.0.1", "127.0.0.0/8"]
{{- if .Values.kanidmOnlineBackup.enabled }} {{- if .Values.kanidmOnlineBackup.enabled }}
[online_backup] [online_backup]
# The path to the output folder for online backups # The path to the output folder for online backups

2
kanidm/values.yaml
View File

@@ -11,7 +11,7 @@ image:
repository: gitea.geekhome.org/ghp/kanidm repository: gitea.geekhome.org/ghp/kanidm
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: "1.7.4-1" tag: "1.8.5-1"
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""