-
Notifications
You must be signed in to change notification settings - Fork 139
/
op-scim-config.yaml
86 lines (68 loc) · 4.75 KB
/
op-scim-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
apiVersion: v1
kind: ConfigMap
metadata:
name: op-scim-configmap
data:
# These environment variables can be can used to customize your 1Password SCIM Bridge deployment. Learn about how to
# use these environment variables to configure your SCIM bridge deployment in the README.md document included with
# this deployment example.
# To enable the CertificateManager component to terminate TLS-encrypted traffic at the https port of the
# op-scim-bridge container, set OP_TLS_DOMAIN to the fully qualified domain name of a public DNS record that points
# to the external IP address of the op-scim-bridge Service. If not set, CertificateManager is disabled; the SCIM
# bridge container can receive cluster-internal, plain-text HTTP traffic on the http port.
OP_TLS_DOMAIN: ""
# To connect SCIM bridge to an external Redis server, set OP_REDIS_URL to its Redis connection URI. Leave this set to
# redis://op-scim-redis:6379 to connect to the op-scim-redis Service included with this deployment example. If this
# value is no set, SCIM bridge will use the default value of redis://localhost:6379. If SCIM bridge is unable to
# connect to Redis, it will fail to load. See below for additional Redis configuration options.
OP_REDIS_URL: "redis://op-scim-redis:6379"
# ADVANCED REDIS OPTIONS
# If you are connecting SCIM bridge to an external Redis server, you can use the following environment variables in
# place of OP_REDIS_URL. OP_REDIS_URL must be unset. If OP_REDIS_URL has any value, the environment variables below
# are ignored.
# Set the Redis hostname. Can be either hostname of IP address (default: `redis`)
# OP_REDIS_HOST: "hostname"
# Set the redis port (default: "6379")
# OP_REDIS_PORT: "6379"
# Sets a username, if any, for the redis connection (default: `(null)`).
# OP_REDIS_USERNAME: "admin"
# Set the password, if any, required to connect to redis (defult: `(null)`)
# OP_REDIS_PASSWORD: "apv.zbu8wva8gwd1EFC-fake.password"
# Optionally enforce SSL on redis server connections (default: `false`). (Boolean `0` or `1`)
# OP_REDIS_ENABLE_SSL: "0"
# Set whether to allow insecure SSL on redis server connections when `OP_REDIS_ENABLE_SSL` is
# set to `1`. This may be useful for testing or self-signed
# environments (default: `false`) (Boolean `0` or `1`).
# OP_REDIS_INSECURE_SSL: "0"
# Set OP_PRETTY_LOGS to 1 colorize container logs. If not set, or set to 0, container logs are output in
# monochrome.
# OP_PRETTY_LOGS: "1"
# Set OP_JSON_LOGS to 1 to output log entries as newline-delimited JSON objects. If not set, or set to 0, container
# logs are output in a human-readable format. If set to 1, OP_PRETTY_LOGS is ignored.
# OP_JSON_LOGS: "1"
# Set OP_DEBUG to 1 to enable debug level logging, which can be useful during troubleshooting. If not set, or set to
# 0, info level logging is enabled.
# OP_DEBUG: "1"
# Set OP_TRACE to 1 to enable trace level logging, primarily used to debug Let's Encrypt integration errors. If not
# set, or set to 0, trace level logging is suppressed. If set to 1, OP_DEBUG is ignored.
# OP_TRACE: "1"
# To enable the optional PingServer component serving a /ping endpoint on port 8080, set OP_PING_SERVER to 1. If
# unset or set to 0, the /ping endpoint is not available on port 8080.
# OP_PING_SERVER: "1"
# Use OP_CONFIRMATION_INTERVAL to set how often the ConfirmationWatcher component runs in seconds. The minimum
# interval is 30 seconds. If not set, the default value of 300 seconds (5 minutes) is used.
# OP_CONFIRMATION_INTERVAL: "30"
# Set OP_DNS_CHALLENGE_CONFIG_FILE to the path of a valid configuration file mounted in the container filesystem to
# enable CertificateManager to automatically the DNS-01 challenge with Let's Encrypt and automatically create the
# required DNS record using a supported DNS provider.
# OP_DNS_CHALLENGE_CONFIG_FILE: "/secrets/dns01-config"
# To use your own TLS certificate with CertificateManager, set OP_TLS_KEY_FILE to the path of a valid private TLS
# certificate key file that is paired to the public key specified in OP_TLS_CERT_FILE, and set OP_TLS_CERT_FILE
# respectively. If only one of the two is set, CertificateManager will fail to load. If CertificateManager is enabled
# and neither value is set, it will use Let's Encrypt to issue TLS certificates.
# OP_TLS_KEY_FILE: "/secrets/tls.key"
# OP_TLS_CERT_FILE: "/secrets/tls.crt"
# Use OP_LETSENCRYPT_EMAIL to supply the email address required by Let's Encrypt. If this value is not set, SCIM
# bridge interpolates an email address using 1pw as the local-part and the value of OP_TLS_DOMAIN as the domain (for
# example, 1pw@scim.example.com). If not using Let's Encrypt with CertificateManager, this value is not used.
# OP_LETSENCRYPT_EMAIL=eggs.ample@example.com