Sienna Meridian Satterwhite
886c4221b2
- Remove base/mesh from local overlay (Linkerd installed via CLI in local-up.sh) - Fix LiveKit namespace: chart doesn't set .Release.Namespace, add explicit patches - Fix release names: livekit-server and cloudnative-pg match chart names (avoid double-prefix) - Disable hydra-maester (not needed for local dev) - Add memory limits for cloudnative-pg operator and livekit-server deployments - Remove non-functional values-ory.yaml patch (DOMAIN_SUFFIX handled by sed in local-up.sh) - Gitignore **/charts/ (kustomize helm cache, generated artifact)
51 lines
1.2 KiB
YAML
51 lines
1.2 KiB
YAML
# Base Ory Hydra Helm values.
|
|
# DOMAIN_SUFFIX is replaced by overlay patches.
|
|
# DSN and system secrets come from the overlay-specific Secret.
|
|
|
|
# Disable the maester controller — it manages OAuth2Client CRDs which we don't use locally.
|
|
# OAuth2 clients are registered directly via the Hydra admin API.
|
|
maester:
|
|
enabled: false
|
|
|
|
hydra:
|
|
config:
|
|
dsn: "postgresql://hydra:$(HYDRA_DB_PASSWORD)@postgres-rw.data.svc.cluster.local:5432/hydra_db"
|
|
|
|
urls:
|
|
self:
|
|
issuer: https://auth.DOMAIN_SUFFIX/
|
|
consent: https://auth.DOMAIN_SUFFIX/consent
|
|
login: https://auth.DOMAIN_SUFFIX/login
|
|
logout: https://auth.DOMAIN_SUFFIX/logout
|
|
error: https://auth.DOMAIN_SUFFIX/error
|
|
|
|
secrets:
|
|
system:
|
|
- $(HYDRA_SYSTEM_SECRET)
|
|
cookie:
|
|
- $(HYDRA_COOKIE_SECRET)
|
|
|
|
oidc:
|
|
subject_identifiers:
|
|
supported_types:
|
|
- public
|
|
pairwise:
|
|
salt: $(HYDRA_PAIRWISE_SALT)
|
|
|
|
serve:
|
|
cookies:
|
|
same_site_mode: Lax
|
|
public:
|
|
cors:
|
|
enabled: true
|
|
allowed_origins:
|
|
- https://*.DOMAIN_SUFFIX
|
|
|
|
deployment:
|
|
resources:
|
|
limits:
|
|
memory: 64Mi
|
|
requests:
|
|
memory: 32Mi
|
|
cpu: 25m
|