33 lines
1.6 KiB
Markdown
33 lines
1.6 KiB
Markdown
|
This deployment is parameterized for use with `envsubst(1)`.
|
||
|
|
||
|
You will need to set up the secret values and environment variables (see below).
|
||
|
|
||
|
```shell
|
||
|
bash -c 'for f in *.yaml; do envsubst < $f | kubectl apply -f -; done'
|
||
|
```
|
||
|
|
||
|
## Supported environment variables
|
||
|
|
||
|
Set these environment variables in your shell before running the above command to apply the Kubernetes spec.
|
||
|
|
||
|
- `COREID_DOMAIN` - domain name where CoreID is accessed (e.g. `coreid.mydomain.com`)
|
||
|
- `DOCKER_REGISTRY` - host of the docker registry to pull the image from (e.g. `registry.mydomain.com`)
|
||
|
- this is the same registry that is used by `yarn docker:build` and `yarn docker:push`
|
||
|
- `COREID_DATABASE_HOST` - MongoDB host (e.g. `mongo.mylan.net`)
|
||
|
- `COREID_DATABASE_NAME` - MongoDB database name to use (e.g. `coreid_p1`)
|
||
|
- `COREID_LDAP_BASE_DC` - base DC to use for LDAP tree (e.g. `dc=platform,dc=local`)
|
||
|
- `COREID_REDIS_HOST` - Redis host (e.g. `redis.mylan.net`)
|
||
|
- `COREID_SMTP_HOST` - SMTP server host (e.g. `smtp.mymail.com`)
|
||
|
|
||
|
## Secret values
|
||
|
|
||
|
The spec expects there to be a `coreid-secrets` secret in the `starship` namespace with the following values:
|
||
|
|
||
|
- `SECRET` - hash seed used by CoreID (e.g. `df8db5a2-429b-4597-a013-18efee2465e0`)
|
||
|
- `SMTP_USER` - username used to log-into SMTP server (e.g. `user@mymail.com`)
|
||
|
- `SMTP_DEFAULT_SENDER` - email to use as FROM address. Usually same as `SMTP_USER` (e.g. `user@mymail.com`)
|
||
|
- `SMTP_PASS` - password for `SMTP_USER`
|
||
|
- `REDIS_PASS` - password for the Redis service
|
||
|
- `X509_CERT` - contents of the x509 certificate to be used for SAML/LDAP/RADIUS
|
||
|
- `X509_KEY` - contents of the x509 certificate key to be used for SAML/LDAP/RADIUS
|