kubernetes/platform/components/oauth2-proxy/values.yaml

   1 onap-oauth2-proxy:
   2   # Oauth client configuration specifics
   3   config:
   4     cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA="
   5     configFile: |-
   6       email_domains = [ "*" ]        # Restrict to these E-Mail Domains, a wildcard "*" allows any email
   7
   8   alphaConfig:
   9     enabled: true
  10     configData:
  11       providers:
  12       - clientID: "oauth2-proxy"
  13         clientSecret: "5YSOkJz99WHv8enDZPknzJuGqVSerELp"
  14         id: oidc-istio
  15         provider: oidc   # We use the generic 'oidc' provider
  16         loginURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/auth
  17         #redeemURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/token
  18         redeemURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/token
  19         profileURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
  20         validateURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
  21         scope: "openid email profile groups"
  22         #allowedGroups:
  23         # - admins # List all groups managed at our your IdP which should be allowed access
  24         # - infrateam
  25         # - anothergroup
  26         oidcConfig:
  27           emailClaim: email  # Name of the clain in JWT containing the E-Mail
  28           groupsClaim: groups # Name of the claim in JWT containing the Groups
  29           userIDClaim: email  # Name of the claim in JWT containing the User ID
  30           audienceClaims: ["aud"]
  31           insecureAllowUnverifiedEmail: true
  32           insecureSkipIssuerVerification: true
  33           skipDiscovery: true # You can try using the well-knwon endpoint directly for auto discovery, here we won't use it
  34           issuerURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP
  35           jwksURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/certs
  36       upstreamConfig:
  37         upstreams:
  38           - id: static_200
  39             path: /
  40             static: true
  41             staticCode: 200
  42       # Headers that should be added to responses from the proxy
  43       injectResponseHeaders: # Send this headers in responses from oauth2-proxy
  44         - name: X-Auth-Request-Preferred-Username
  45           values:
  46             - claim: preferred_username
  47         - name: X-Auth-Request-Email
  48           values:
  49             - claim: email
  50
  51   extraArgs:
  52     cookie-secure: "false"
  53     cookie-domain: ".simpledemo.onap.org"    # Replace with your base domain
  54     cookie-samesite: lax
  55     cookie-expire: 12h               # How long our Cookie is valid
  56     auth-logging: true               # Enable / Disable auth logs
  57     request-logging: true            # Enable / Disable request logs
  58     standard-logging: true           # Enable / Disable the standart logs
  59     show-debug-on-error: true        # Disable in production setups
  60     skip-provider-button: true       # We only have one provider configured (Keycloak)
  61     silence-ping-logging: true       # Keeps our logs clean
  62     whitelist-domain: ".simpledemo.onap.org" # Replace with your base domain
  63
  64   # Enables and configure the automatic deployment of the redis subchart
  65   redis:
  66     # provision an instance of the redis sub-chart
  67     enabled: false
  68
  69
  70 serviceAccount:
  71   nameOverride: oauth2-proxy
  72   roles:
  73     - read
  74