2025-11-29 15:30:46 +01:00
|
|
|
# Default values for barycenter Helm chart
|
|
|
|
|
|
|
|
|
|
replicaCount: 1
|
|
|
|
|
|
|
|
|
|
image:
|
|
|
|
|
repository: barycenter
|
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
tag: "latest"
|
|
|
|
|
|
|
|
|
|
imagePullSecrets: []
|
|
|
|
|
nameOverride: ""
|
|
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
|
|
|
|
serviceAccount:
|
|
|
|
|
create: true
|
|
|
|
|
annotations: {}
|
|
|
|
|
name: ""
|
|
|
|
|
|
|
|
|
|
podAnnotations: {}
|
|
|
|
|
|
|
|
|
|
podSecurityContext:
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
runAsUser: 1000
|
|
|
|
|
fsGroup: 1000
|
|
|
|
|
seccompProfile:
|
|
|
|
|
type: RuntimeDefault
|
|
|
|
|
|
|
|
|
|
securityContext:
|
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
|
readOnlyRootFilesystem: false
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
runAsUser: 1000
|
|
|
|
|
capabilities:
|
|
|
|
|
drop:
|
|
|
|
|
- ALL
|
|
|
|
|
|
|
|
|
|
service:
|
|
|
|
|
type: ClusterIP
|
|
|
|
|
port: 8080
|
|
|
|
|
annotations: {}
|
|
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: false
|
|
|
|
|
className: "nginx"
|
|
|
|
|
annotations: {}
|
|
|
|
|
# cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
|
|
|
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
|
|
|
hosts:
|
|
|
|
|
- host: idp.example.com
|
|
|
|
|
paths:
|
|
|
|
|
- path: /
|
|
|
|
|
pathType: Prefix
|
|
|
|
|
tls: []
|
|
|
|
|
# - secretName: barycenter-tls
|
|
|
|
|
# hosts:
|
|
|
|
|
# - idp.example.com
|
|
|
|
|
|
refactor: update crabidp references to barycenter and add Gateway API support
Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)
Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md
Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities
The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 15:38:07 +01:00
|
|
|
# Kubernetes Gateway API support (alternative to Ingress)
|
|
|
|
|
# Requires Gateway API CRDs to be installed in the cluster
|
|
|
|
|
gatewayAPI:
|
|
|
|
|
enabled: false
|
|
|
|
|
annotations: {}
|
|
|
|
|
# Reference to the Gateway resource
|
|
|
|
|
parentRefs:
|
|
|
|
|
- name: gateway
|
|
|
|
|
namespace: gateway-system
|
|
|
|
|
# Optional: specify listener name
|
|
|
|
|
# sectionName: https
|
|
|
|
|
# Hostnames for the HTTPRoute
|
|
|
|
|
hostnames:
|
|
|
|
|
- idp.example.com
|
|
|
|
|
# Optional: backend weight for traffic splitting
|
|
|
|
|
# backendWeight: 100
|
|
|
|
|
# Optional: filters for request/response modification
|
|
|
|
|
filters: []
|
|
|
|
|
# - type: RequestHeaderModifier
|
|
|
|
|
# requestHeaderModifier:
|
|
|
|
|
# add:
|
|
|
|
|
# - name: X-Custom-Header
|
|
|
|
|
# value: custom-value
|
|
|
|
|
|
2025-11-29 15:30:46 +01:00
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 1000m
|
|
|
|
|
memory: 512Mi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 100m
|
|
|
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
|
|
autoscaling:
|
|
|
|
|
enabled: false
|
|
|
|
|
minReplicas: 1
|
|
|
|
|
maxReplicas: 10
|
|
|
|
|
targetCPUUtilizationPercentage: 80
|
|
|
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
|
|
|
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
|
|
tolerations: []
|
|
|
|
|
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
|
|
# Barycenter-specific configuration
|
|
|
|
|
config:
|
|
|
|
|
server:
|
|
|
|
|
host: "0.0.0.0"
|
|
|
|
|
port: 8080
|
|
|
|
|
# publicBaseUrl: "https://idp.example.com"
|
|
|
|
|
|
|
|
|
|
database:
|
refactor: update crabidp references to barycenter and add Gateway API support
Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)
Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md
Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities
The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 15:38:07 +01:00
|
|
|
url: "sqlite:///app/data/barycenter.db?mode=rwc"
|
2025-11-29 15:30:46 +01:00
|
|
|
|
|
|
|
|
keys:
|
|
|
|
|
jwksPath: "/app/data/jwks.json"
|
|
|
|
|
privateKeyPath: "/app/data/private_key.pem"
|
|
|
|
|
alg: "RS256"
|
|
|
|
|
|
|
|
|
|
federation:
|
|
|
|
|
trustAnchors: []
|
|
|
|
|
|
2025-12-02 21:42:37 +01:00
|
|
|
# Environment variables for main container
|
|
|
|
|
# Supports full Kubernetes env var specification including valueFrom
|
2025-11-29 15:30:46 +01:00
|
|
|
env:
|
|
|
|
|
- name: RUST_LOG
|
|
|
|
|
value: "info"
|
2025-12-02 21:42:37 +01:00
|
|
|
# Simple value example:
|
refactor: update crabidp references to barycenter and add Gateway API support
Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)
Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md
Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities
The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 15:38:07 +01:00
|
|
|
# - name: BARYCENTER__SERVER__PUBLIC_BASE_URL
|
2025-11-29 15:30:46 +01:00
|
|
|
# value: "https://idp.example.com"
|
2025-12-02 21:42:37 +01:00
|
|
|
#
|
|
|
|
|
# ValueFrom secret example:
|
|
|
|
|
# - name: BARYCENTER__DATABASE__URL
|
|
|
|
|
# valueFrom:
|
|
|
|
|
# secretKeyRef:
|
|
|
|
|
# name: barycenter-db-secret
|
|
|
|
|
# key: database-url
|
|
|
|
|
#
|
|
|
|
|
# ValueFrom configMap example:
|
|
|
|
|
# - name: CONFIG_VALUE
|
|
|
|
|
# valueFrom:
|
|
|
|
|
# configMapKeyRef:
|
|
|
|
|
# name: app-config
|
|
|
|
|
# key: some-value
|
|
|
|
|
#
|
|
|
|
|
# Field reference example:
|
|
|
|
|
# - name: POD_NAME
|
|
|
|
|
# valueFrom:
|
|
|
|
|
# fieldRef:
|
|
|
|
|
# fieldPath: metadata.name
|
|
|
|
|
#
|
|
|
|
|
# Resource limits example:
|
|
|
|
|
# - name: MEMORY_LIMIT
|
|
|
|
|
# valueFrom:
|
|
|
|
|
# resourceFieldRef:
|
|
|
|
|
# containerName: barycenter
|
|
|
|
|
# resource: limits.memory
|
2025-11-29 15:30:46 +01:00
|
|
|
|
|
|
|
|
# Persistence for database and keys
|
|
|
|
|
persistence:
|
|
|
|
|
enabled: true
|
|
|
|
|
# storageClass: ""
|
|
|
|
|
accessMode: ReadWriteOnce
|
|
|
|
|
size: 10Gi
|
|
|
|
|
annotations: {}
|
|
|
|
|
|
|
|
|
|
# Liveness probe configuration
|
|
|
|
|
livenessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /.well-known/openid-configuration
|
|
|
|
|
port: http
|
|
|
|
|
initialDelaySeconds: 10
|
|
|
|
|
periodSeconds: 30
|
|
|
|
|
timeoutSeconds: 3
|
|
|
|
|
failureThreshold: 3
|
|
|
|
|
|
|
|
|
|
# Readiness probe configuration
|
|
|
|
|
readinessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /.well-known/openid-configuration
|
|
|
|
|
port: http
|
|
|
|
|
initialDelaySeconds: 5
|
|
|
|
|
periodSeconds: 10
|
|
|
|
|
timeoutSeconds: 3
|
|
|
|
|
failureThreshold: 3
|
2025-11-30 18:44:18 +01:00
|
|
|
|
|
|
|
|
# User synchronization from JSON file
|
|
|
|
|
userSync:
|
|
|
|
|
# Enable user sync init container
|
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
|
|
# Name of existing secret containing users.json
|
|
|
|
|
existingSecret: ""
|
|
|
|
|
# Example: barycenter-users
|
|
|
|
|
|
|
|
|
|
# Secret key containing the users.json file
|
|
|
|
|
secretKey: "users.json"
|
|
|
|
|
|
2025-12-02 21:42:37 +01:00
|
|
|
# Additional environment variables for user-sync init container
|
|
|
|
|
# Supports full Kubernetes env var specification (same as main container)
|
|
|
|
|
# RUST_LOG is already set to "info" by default
|
|
|
|
|
env: []
|
|
|
|
|
# Examples:
|
|
|
|
|
# - name: CUSTOM_VAR
|
|
|
|
|
# value: "custom-value"
|
|
|
|
|
# - name: SECRET_VALUE
|
|
|
|
|
# valueFrom:
|
|
|
|
|
# secretKeyRef:
|
|
|
|
|
# name: my-secret
|
|
|
|
|
# key: secret-key
|
|
|
|
|
|
2025-11-30 18:44:18 +01:00
|
|
|
# Init container resources
|
|
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: 200m
|
|
|
|
|
memory: 256Mi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 100m
|
|
|
|
|
memory: 128Mi
|