CoreID/deploy/README.md

1.6 KiB

This deployment is parameterized for use with envsubst(1).

You will need to set up the secret values and environment variables (see below).

bash -c 'for f in *.yaml; do envsubst < $f | kubectl apply -f -; done'

Supported environment variables

Set these environment variables in your shell before running the above command to apply the Kubernetes spec.

  • COREID_DOMAIN - domain name where CoreID is accessed (e.g. coreid.mydomain.com)
  • DOCKER_REGISTRY - host of the docker registry to pull the image from (e.g. registry.mydomain.com)
    • this is the same registry that is used by yarn docker:build and yarn docker:push
  • COREID_DATABASE_HOST - MongoDB host (e.g. mongo.mylan.net)
  • COREID_DATABASE_NAME - MongoDB database name to use (e.g. coreid_p1)
  • COREID_LDAP_BASE_DC - base DC to use for LDAP tree (e.g. dc=platform,dc=local)
  • COREID_REDIS_HOST - Redis host (e.g. redis.mylan.net)
  • COREID_SMTP_HOST - SMTP server host (e.g. smtp.mymail.com)

Secret values

The spec expects there to be a coreid-secrets secret in the starship namespace with the following values:

  • SECRET - hash seed used by CoreID (e.g. df8db5a2-429b-4597-a013-18efee2465e0)
  • SMTP_USER - username used to log-into SMTP server (e.g. user@mymail.com)
  • SMTP_DEFAULT_SENDER - email to use as FROM address. Usually same as SMTP_USER (e.g. user@mymail.com)
  • SMTP_PASS - password for SMTP_USER
  • REDIS_PASS - password for the Redis service
  • X509_CERT - contents of the x509 certificate to be used for SAML/LDAP/RADIUS
  • X509_KEY - contents of the x509 certificate key to be used for SAML/LDAP/RADIUS