feat: integrate tuwunel with Ory SSO, rename chat to messages subdomain
- Add matrix to hydra-maester enabledNamespaces for OAuth2Client CRD - Update allowed_return_urls and selfservice URLs: chat→messages - Add Kratos verification flow, employee/external identity schemas - Extend session lifespan to 30 days with persistent cookies - Route messages.* to tuwunel via Pingora with WebSocket support - Replace login-ui with kratos-admin-ui as unified auth frontend - Update TLS certificate SANs: chat→messages, add monitoring subdomains - Add tuwunel + La Suite images to production overlay - Switch DDoS/scanner detection to compiled-in ensemble models (observe_only)
This commit is contained in:
@@ -25,12 +25,18 @@ spec:
|
||||
value: "http://kratos-public.ory.svc.cluster.local:80"
|
||||
- name: KRATOS_ADMIN_URL
|
||||
value: "http://kratos-admin.ory.svc.cluster.local:80"
|
||||
- name: HYDRA_ADMIN_URL
|
||||
value: "http://hydra-admin.ory.svc.cluster.local:4445"
|
||||
- name: PUBLIC_URL
|
||||
value: "https://admin.DOMAIN_SUFFIX"
|
||||
value: "https://auth.DOMAIN_SUFFIX"
|
||||
- name: CUNNINGHAM_THEME
|
||||
value: "dsfr-light"
|
||||
- name: PORT
|
||||
value: "3000"
|
||||
- name: TRUSTED_CLIENT_IDS
|
||||
value: ""
|
||||
- name: SEAWEEDFS_S3_URL
|
||||
value: "http://seaweedfs-filer.storage.svc.cluster.local:8333"
|
||||
- name: ADMIN_IDENTITY_IDS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -46,9 +52,19 @@ spec:
|
||||
secretKeyRef:
|
||||
name: kratos-admin-ui-secrets
|
||||
key: csrf-cookie-secret
|
||||
- name: SEAWEEDFS_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kratos-admin-ui-secrets
|
||||
key: s3-access-key
|
||||
- name: SEAWEEDFS_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kratos-admin-ui-secrets
|
||||
key: s3-secret-key
|
||||
resources:
|
||||
limits:
|
||||
memory: 256Mi
|
||||
memory: 384Mi
|
||||
requests:
|
||||
memory: 64Mi
|
||||
cpu: 25m
|
||||
|
||||
Reference in New Issue
Block a user