using config file
This commit is contained in:
@@ -12,10 +12,13 @@
|
||||
# 2. Create Application linked to this provider
|
||||
# 3. Create secret with OIDC credentials:
|
||||
# kubectl create secret generic opengist-oidc \
|
||||
# --from-literal=client-id=YOUR_CLIENT_ID \
|
||||
# --from-literal=client-secret=YOUR_CLIENT_SECRET \
|
||||
# --from-literal=client-key=YOUR_CLIENT_ID \
|
||||
# --from-literal=secret=YOUR_CLIENT_SECRET \
|
||||
# -n opengist-system
|
||||
#
|
||||
# IMPORTANT: If migrating from broken config, delete the old PVC first:
|
||||
# kubectl delete pvc opengist-data -n opengist-system
|
||||
#
|
||||
# Features:
|
||||
# - Anyone can VIEW public gists (no login required)
|
||||
# - Only authenticated users can CREATE gists
|
||||
@@ -30,6 +33,31 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: opengist
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: opengist-config
|
||||
namespace: opengist-system
|
||||
labels:
|
||||
app.kubernetes.io/name: opengist
|
||||
data:
|
||||
config.yaml: |
|
||||
log-level: info
|
||||
external-url: https://paste.dooplex.hu
|
||||
|
||||
# Security - OIDC only, no local accounts
|
||||
disable-signup: true
|
||||
disable-login-form: true
|
||||
|
||||
# Allow anonymous viewing of public gists
|
||||
require-login: false
|
||||
|
||||
# Branding
|
||||
custom.name: Dooplex Paste
|
||||
|
||||
# Features
|
||||
disable-gravatar: false
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@@ -56,36 +84,22 @@ spec:
|
||||
- name: opengist
|
||||
image: ghcr.io/thomiceli/opengist:1.11.1
|
||||
env:
|
||||
# Base configuration
|
||||
- name: OG_EXTERNAL_URL
|
||||
value: "https://paste.dooplex.hu"
|
||||
- name: OG_LOG_LEVEL
|
||||
value: "info"
|
||||
# Security settings
|
||||
- name: OG_DISABLE_SIGNUP
|
||||
value: "true" # No local registration - OIDC only
|
||||
- name: OG_REQUIRE_LOGIN
|
||||
value: "false" # Anyone can VIEW gists
|
||||
- name: OG_DISABLE_LOGIN_FORM
|
||||
value: "true" # Hide local login, show only OIDC
|
||||
- name: OG_DISABLE_GRAVATAR
|
||||
value: "false"
|
||||
# OIDC Configuration (Authentik)
|
||||
# Point to config file
|
||||
- name: OG_CONFIG
|
||||
value: "/config/config.yaml"
|
||||
# OIDC credentials from secret (these override config file)
|
||||
- name: OG_OIDC_CLIENT_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: opengist-oidc
|
||||
key: client-id
|
||||
key: client-key
|
||||
- name: OG_OIDC_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: opengist-oidc
|
||||
key: client-secret
|
||||
key: secret
|
||||
- name: OG_OIDC_DISCOVERY_URL
|
||||
value: "https://authentik.dooplex.hu/application/o/opengist/.well-known/openid-configuration"
|
||||
# Custom branding
|
||||
- name: OG_CUSTOM_NAME
|
||||
value: "Dooplex Paste"
|
||||
ports:
|
||||
- containerPort: 6157
|
||||
name: http
|
||||
@@ -101,6 +115,9 @@ spec:
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /opengist
|
||||
- name: config
|
||||
mountPath: /config
|
||||
readOnly: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthcheck
|
||||
@@ -117,6 +134,9 @@ spec:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: opengist-data
|
||||
- name: config
|
||||
configMap:
|
||||
name: opengist-config
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
Reference in New Issue
Block a user