-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathconfigmap.yaml
More file actions
135 lines (135 loc) · 7.01 KB
/
configmap.yaml
File metadata and controls
135 lines (135 loc) · 7.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config
labels:
{{- include "sentrius.labels" . | nindent 4 }}
data:
agent-application.properties: |
keystore.file=sso.jceks
keystore.password=${KEYSTORE_PASSWORD}
keystore.alias=KEYBOX-ENCRYPTION_KEY
keystore.algorithm=AES
spring.main.web-application-type=servlet
spring.thymeleaf.enabled=true
spring.freemarker.enabled=false
#flyway configuration
spring.flyway.enabled=true
spring.datasource.url=jdbc:postgresql://sentrius-postgres:5432/sentrius
spring.datasource.username=${SPRING_DATASOURCE_USERNAME}
spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# Connection pool settings
spring.datasource.hikari.maximum-pool-size=10
spring.datasource.hikari.minimum-idle=5
spring.datasource.hikari.idle-timeout=30000
spring.datasource.hikari.max-lifetime=1800000
# Hibernate settings (optional, for JPA)
spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
# Disable automatic schema generation in production
spring.jpa.hibernate.ddl-auto=none
# Ensure this path matches your project structure
#spring.flyway.locations=classpath:db/migration/
spring.flyway.baseline-on-migrate=true
# Thymeleaf settings
spring.thymeleaf.prefix=classpath:/templates/
spring.thymeleaf.suffix=.html
#spring.datasource.url=jdbc:h2:mem:testdb
logging.level.org.springframework.web=INFO
logging.level.org.springframework.security=INFO
logging.level.io.sentrius=DEBUG
logging.level.org.thymeleaf=INFO
spring.thymeleaf.servlet.produce-partial-output-while-processing=false
spring.servlet.multipart.enabled=true
spring.servlet.multipart.max-file-size=10MB
spring.servlet.multipart.max-request-size=10MB
server.error.whitelabel.enabled=false
dynamic.properties.path=/config/dynamic.properties
keycloak.realm=sentrius
# Keycloak configuration
spring.security.oauth2.client.registration.keycloak.client-id="{{ .Values.sentrius.oauth2.client_id }}"
spring.security.oauth2.client.registration.keycloak.client-secret="{{ .Values.sentrius.oauth2.client_secret }}"
spring.security.oauth2.client.registration.keycloak.authorization-grant-type="{{ .Values.sentrius.oauth2.authorization_grant_type }}"
spring.security.oauth2.client.registration.keycloak.redirect-uri=https://{{ .Values.subdomain }}/login/oauth2/code/keycloak
spring.security.oauth2.client.registration.keycloak.scope="{{ .Values.sentrius.oauth2.scope }}"
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.{{ .Values.subdomain }}/realms/sentrius
spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.{{ .Values.tenant }}.sentrius.cloud/realms/sentrius
agents.session-analytics.enabled=true
api-application.properties: |
keystore.file=sso.jceks
keystore.password=${KEYSTORE_PASSWORD}
keystore.alias=KEYBOX-ENCRYPTION_KEY
keystore.algorithm=AES
spring.main.web-application-type=servlet
spring.thymeleaf.enabled=true
spring.freemarker.enabled=false
#flyway configuration
spring.flyway.enabled=true
spring.datasource.url=jdbc:postgresql://sentrius-postgres:5432/sentrius
spring.datasource.username=${SPRING_DATASOURCE_USERNAME}
spring.datasource.password=${SPRING_DATASOURCE_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# Connection pool settings
spring.datasource.hikari.maximum-pool-size=10
spring.datasource.hikari.minimum-idle=5
spring.datasource.hikari.idle-timeout=30000
spring.datasource.hikari.max-lifetime=1800000
# Hibernate settings (optional, for JPA)
spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
# Disable automatic schema generation in production
spring.jpa.hibernate.ddl-auto=none
# Ensure this path matches your project structure
#spring.flyway.locations=classpath:db/migration/
spring.flyway.baseline-on-migrate=true
# Thymeleaf settings
spring.thymeleaf.prefix=classpath:/templates/
spring.thymeleaf.suffix=.html
#spring.datasource.url=jdbc:h2:mem:testdb
logging.level.org.springframework.web=INFO
logging.level.org.springframework.security=INFO
logging.level.io.sentrius=DEBUG
logging.level.org.thymeleaf=INFO
spring.thymeleaf.servlet.produce-partial-output-while-processing=false
spring.servlet.multipart.enabled=true
spring.servlet.multipart.max-file-size=10MB
spring.servlet.multipart.max-request-size=10MB
server.error.whitelabel.enabled=false
dynamic.properties.path=/config/dynamic.properties
keycloak.realm=sentrius
management.endpoints.web.exposure.include=health
management.endpoint.health.show-details=always
# Keycloak configuration
spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.sentrius.oauth2.client_id }}
spring.security.oauth2.client.registration.keycloak.client-secret={{ .Values.sentrius.oauth2.client_secret }}
spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentrius.oauth2.authorization_grant_type }}
spring.security.oauth2.client.registration.keycloak.redirect-uri=https://{{ .Values.subdomain }}/login/oauth2/code/keycloak
spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentrius.oauth2.scope }}
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.{{ .Values.subdomain }}/realms/sentrius
spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.{{ .Values.tenant }}.sentrius.cloud/realms/sentrius
server.forward-headers-strategy=framework
https.redirect.enabled=true
https.required=true
dynamic.properties: |
auditorClass=io.sentrius.sso.automation.auditing.AccessTokenAuditor
twopartyapproval.option.LOCKING_SYSTEMS=true
requireProfileForLogin=true
maxJitDurationMs=1440000
sshEnabled=true
systemLogoName=Sentrius
AccessTokenAuditor.rule.4=io.sentrius.sso.automation.auditing.rules.OpenAISessionRule;Malicious AI Monitoring
AccessTokenAuditor.rule.5=io.sentrius.sso.automation.auditing.rules.TwoPartyAIMonitor;AI Second Party Monitor
allowProxies=true
AccessTokenAuditor.rule.2=io.sentrius.sso.automation.auditing.rules.DeletePrevention;Delete Prevention
AccessTokenAuditor.rule.3=io.sentrius.sso.automation.auditing.rules.TwoPartySessionRule;Require Second Party Monitoring
AccessTokenAuditor.rule.0=io.sentrius.sso.automation.auditing.rules.CommandEvaluator;Restricted Commands
terminalsInNewTab=false
auditFlushIntervalMs=5000
AccessTokenAuditor.rule.1=io.sentrius.sso.automation.auditing.rules.AllowedCommandsRule;Approved Commands
knownHostsPath=/home/marc/.ssh/known_hosts
systemLogoPathLarge=/images/sentrius_large.jpg
maxJitUses=1
systemLogoPathSmall=/images/sentrius_small.png
enableInternalAudit=true
twopartyapproval.require.explanation.LOCKING_SYSTEMS=false
canApproveOwnJITs=false
yamlConfiguration=/app/exampleInstallWithTypes.yml