diff options
Diffstat (limited to 'chart/values.yaml')
-rw-r--r-- | chart/values.yaml | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/chart/values.yaml b/chart/values.yaml index dc476b1c5..54627854d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -27,6 +27,9 @@ mastodon: # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 locale: en local_domain: mastodon.local + # Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation + # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described + # web_domain: mastodon.example.com persistence: assets: # ReadWriteOnce is more widely supported than ReadWriteMany, but limits @@ -49,6 +52,8 @@ mastodon: endpoint: https://us-east-1.linodeobjects.com hostname: us-east-1.linodeobjects.com region: "" + # If you have a caching proxy, enter its base URL here. + alias_host: "" # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" @@ -136,6 +141,105 @@ service: type: ClusterIP port: 80 +externalAuth: + oidc: + # OpenID Connect support is proposed in PR #16221 and awaiting merge. + enabled: false + # display_name: "example-label" + # issuer: https://login.example.space/auth/realms/example-space + # discovery: true + # scope: "openid,profile" + # uid_field: uid + # client_id: mastodon + # client_secret: SECRETKEY + # redirect_uri: https://example.com/auth/auth/openid_connect/callback + # assume_email_is_verified: true + # client_auth_method: + # response_type: + # response_mode: + # display: + # prompt: + # send_nonce: + # send_scope_to_token_endpoint: + # idp_logout_redirect_uri: + # http_scheme: + # host: + # port: + # jwks_uri: + # auth_endpoint: + # token_endpoint: + # user_info_endpoint: + # end_session_endpoint: + saml: + enabled: false + # acs_url: http://mastodon.example.com/auth/auth/saml/callback + # issuer: mastodon + # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml + # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' + # idp_cert_fingerprint: + # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + # cert: + # private_key: + # want_assertion_signed: true + # want_assertion_encrypted: true + # assume_email_is_verified: true + # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" + # attributes_statements: + # uid: "urn:oid:0.9.2342.19200300.100.1.1" + # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" + # full_name: "urn:oid:2.16.840.1.113730.3.1.241" + # first_name: "urn:oid:2.5.4.42" + # last_name: "urn:oid:2.5.4.4" + # verified: + # verified_email: + oauth_global: + # Force redirect local login to CAS. Does not function with SAML or LDAP. + oauth_redirect_at_sign_in: false + cas: + enabled: false + # url: https://sso.myserver.com + # host: sso.myserver.com + # port: 443 + # ssl: true + # validate_url: + # callback_url: + # logout_url: + # login_url: + # uid_field: 'user' + # ca_path: + # disable_ssl_verification: false + # assume_email_is_verified: true + # keys: + # uid: 'user' + # name: 'name' + # email: 'email' + # nickname: 'nickname' + # first_name: 'firstname' + # last_name: 'lastname' + # location: 'location' + # image: 'image' + # phone: 'phone' + pam: + enabled: false + # email_domain: example.com + # default_service: rpam + # controlled_service: rpam + ldap: + enabled: false + # host: myservice.namespace.svc + # port: 389 + # method: simple_tls + # base: + # bind_on: + # password: + # uid: cn + # mail: mail + # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" + # uid_conversion: + # enabled: true + # search: "., -" + # replace: _ + # https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 # # if you manually change the UID/GID environment variables, ensure these values |