-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathvalues.yaml
85 lines (76 loc) · 1.84 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
serviceAccount:
create: true
containers:
image: kuberos
tag: latest
pullPolicy: IfNotPresent
sidecar:
image: krb_sidecar
tag: latest
pullPolicy: IfNotPresent
client:
secret_name: "krb5-keytab"
krb5:
default_realm: example.com
lookup_realm: false
lookup_kdc: true
rdns: false
ticket_lifetime: 24h
forwardable: true
default_ccache_path: /tmp/ccache
default_ccache_file: krb5kdc_ccache
enc_types: >-
aes256-cts-hmac-sha1-96
aes256-cts-hmac-sha384-192
camellia256-cts-cmac
aes128-cts-hmac-sha1-96
aes128-cts-hmac-sha256-128
camellia128-cts-cmac
realms:
example.com:
master_key_type: aes256-cts
max_life: 7d
max_renew_life: 14d
acl_file: /var/kerberos/krb5kdc/kadm5.acl
acls:
- princ: "*/admin"
perms: "*"
kdc_extra_configs: |-
; default_principal_flags = +preauth
; admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
; pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.crt,/var/kerberos/krb5kdc/kdc.key
; pkinit_anchors = FILE:/var/kerberos/krb5kdc/kdc.crt
; pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
; pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
krb5_extra_configs: |-
; pkinit_anchors = FILE:/path/to/kdc-ca-bundle.pem
; pkinit_pool = FILE:/path/to/ca-bundle.pem
extra_domains: []
kdc:
service: NodePort
udp:
port: 88
name: kdc-udp
tcp:
port: 88
name: kdc-tcp
restrict_anonymous: true
preauth_challenge: edwards25519
persistence:
enabled: false
name: kerberos-db
storageClass: standard
size: 1Gi
# Explicitly define kdc db master password, else 40 char random string generated
password: password123
kadmin:
service: NodePort
udp:
port: 749
name: kadmin-udp
tcp:
port: 749
name: kadmin-tcp
admin_princ:
name: ""
password: ""