matrix-authentication-service
matrix-authentication-service
OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
Maintainers
| Name | Url | |
|---|---|---|
| WrenIX | https://wrenix.eu |
Usage
Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm’s documentation to get started. Once Helm has been set up correctly, fetch the charts as follows:
helm pull oci://codeberg.org/wrenix/helm-charts/matrix-authentication-serviceYou can install a chart release using the following command:
helm install matrix-authentication-service-release oci://codeberg.org/wrenix/helm-charts/matrix-authentication-service --values values.yamlTo uninstall a chart release use helm’s delete command:
helm uninstall matrix-authentication-service-releaseValues
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} | |
| autoscaling.enabled | bool | false | |
| autoscaling.maxReplicas | int | 100 | |
| autoscaling.minReplicas | int | 1 | |
| autoscaling.targetCPUUtilizationPercentage | int | 80 | |
| config.branding.imprint | string | nil | |
| config.branding.logo_uri | string | nil | |
| config.branding.policy_uri | string | nil | |
| config.branding.service_name | string | nil | |
| config.branding.tos_uri | string | nil | |
| config.clients | list | [] | |
| config.database.connect_timeout | int | 30 | |
| config.database.database | string | "sliding_sync" | |
| config.database.host | string | "localhost" | |
| config.database.idle_timeout | int | 600 | |
| config.database.max_connections | int | 10 | |
| config.database.max_lifetime | int | 1800 | |
| config.database.min_connections | int | 0 | |
| config.database.password | string | "secret" | |
| config.database.port | int | 5432 | |
| config.database.username | string | "sliding_sync" | |
| config.email.from | string | "\"Authentication Service\" <root@localhost>" | |
| config.email.reply_to | string | "\"Authentication Service\" <root@localhost>" | |
| config.email.transport | string | "blackhole" | |
| config.experimental.access_token_ttl | int | 300 | |
| config.experimental.compat_token_ttl | int | 300 | |
| config.http.issuer | string | "http://[::]:8080/" | |
| config.http.listeners[0].binds[0].address | string | "[::]:8080" | |
| config.http.listeners[0].name | string | "http" | |
| config.http.listeners[0].proxy_protocol | bool | false | |
| config.http.listeners[0].resources[0].name | string | "discovery" | |
| config.http.listeners[0].resources[1].name | string | "human" | |
| config.http.listeners[0].resources[2].name | string | "oauth" | |
| config.http.listeners[0].resources[3].name | string | "compat" | |
| config.http.listeners[0].resources[4].name | string | "graphql" | |
| config.http.listeners[0].resources[4].playground | bool | true | |
| config.http.listeners[0].resources[5].name | string | "assets" | |
| config.http.listeners[0].resources[5].path | string | "/usr/local/share/mas-cli/assets/" | |
| config.http.listeners[1].binds[0].address | string | "[::]:8081" | |
| config.http.listeners[1].name | string | "internal" | |
| config.http.listeners[1].resources[0].name | string | "health" | |
| config.http.listeners[2].binds[0].address | string | "[::]:9100" | |
| config.http.listeners[2].name | string | "metrics" | |
| config.http.listeners[2].resources[0].name | string | "prometheus" | |
| config.http.public_base | string | "http://[::]:8080/" | |
| config.http.trusted_proxies[0] | string | "192.128.0.0/16" | |
| config.http.trusted_proxies[1] | string | "172.16.0.0/12" | |
| config.http.trusted_proxies[2] | string | "10.0.0.0/10" | |
| config.http.trusted_proxies[3] | string | "127.0.0.1/8" | |
| config.http.trusted_proxies[4] | string | "fd00::/8" | |
| config.http.trusted_proxies[5] | string | "::1/128" | |
| config.matrix.endpoint | string | "http://localhost:8008/" | |
| config.matrix.homeserver | string | "localhost:8008" | |
| config.matrix.secret | string | "kPnqGbK9hmSRK41DZTgVJxfKVAiLrY6G" | |
| config.passwords.enabled | bool | true | |
| config.passwords.schemes[0].algorithm | string | "argon2id" | |
| config.passwords.schemes[0].version | int | 1 | |
| config.policy.authorization_grant_entrypoint | string | "authorization_grant/violation" | |
| config.policy.client_registration_entrypoint | string | "client_registration/violation" | |
| config.policy.data | string | nil | |
| config.policy.email_entrypoint | string | "email/violation" | |
| config.policy.password_entrypoint | string | "password/violation" | |
| config.policy.register_entrypoint | string | "register/violation" | |
| config.policy.wasm_module | string | "/usr/local/share/mas-cli/policy.wasm" | |
| config.secrets.encryption | string | nil | |
| config.secrets.keys | list | [] | |
| config.telemetry.metrics.exporter | string | "prometheus" | |
| config.telemetry.sentry.dsn | string | nil | |
| config.telemetry.tracing.exporter | string | "none" | |
| config.telemetry.tracing.propagators | list | [] | |
| config.templates.assets_manifest | string | "/usr/local/share/mas-cli/manifest.json" | |
| config.templates.path | string | "/usr/local/share/mas-cli/templates/" | |
| config.templates.translations_path | string | "/usr/local/share/mas-cli/translations/" | |
| config.upstream_oauth2.providers | list | [] | |
| fullnameOverride | string | "" | |
| global.image.pullPolicy | string | nil | if set it will overwrite all pullPolicy |
| global.image.registry | string | nil | if set it will overwrite all registry entries |
| image.pullPolicy | string | "IfNotPresent" | |
| image.registry | string | "ghcr.io" | |
| image.repository | string | "matrix-org/matrix-authentication-service" | |
| image.tag | string | nil | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | [] | |
| ingress.annotations | object | {} | |
| ingress.className | string | "" | |
| ingress.enabled | bool | false | |
| ingress.hosts[0].host | string | "auth.matrix.chart-example.local" | |
| ingress.hosts[0].paths[0].path | string | "/l" | |
| ingress.hosts[0].paths[0].pathType | string | "Prefix" | |
| ingress.hosts[1].host | string | "matrix.chart-example.local" | |
| ingress.hosts[1].paths[0].path | string | "/_matrix/client/v3/login" | |
| ingress.hosts[1].paths[0].pathType | string | "Exact" | |
| ingress.hosts[1].paths[1].path | string | "/_matrix/client/v3/logout" | |
| ingress.hosts[1].paths[1].pathType | string | "Exact" | |
| ingress.hosts[1].paths[2].path | string | "/_matrix/client/v3/refresh" | |
| ingress.hosts[1].paths[2].pathType | string | "Exact" | |
| ingress.tls | list | [] | |
| livenessProbe.httpGet.path | string | "/health" | |
| livenessProbe.httpGet.port | string | "internal" | |
| nameOverride | string | "" | |
| nodeSelector | object | {} | |
| podAnnotations | object | {} | |
| podLabels | object | {} | |
| podSecurityContext.fsGroup | int | 1000 | |
| prometheus.servicemonitor.enabled | bool | false | |
| prometheus.servicemonitor.labels | object | {} | |
| readinessProbe.httpGet.path | string | "/health" | |
| readinessProbe.httpGet.port | string | "internal" | |
| replicaCount | int | 1 | |
| resources | object | {} | |
| securityContext.capabilities.drop[0] | string | "ALL" | |
| securityContext.readOnlyRootFilesystem | bool | true | |
| securityContext.runAsNonRoot | bool | true | |
| securityContext.runAsUser | int | 1000 | |
| service.port.http | int | 8080 | |
| service.port.metrics | int | 9100 | |
| service.type | string | "ClusterIP" | |
| serviceAccount.annotations | object | {} | |
| serviceAccount.automount | bool | true | |
| serviceAccount.create | bool | true | |
| serviceAccount.name | string | "" | |
| tolerations | list | [] | |
| volumeMounts | list | [] | |
| volumes | list | [] |
Autogenerated from chart metadata using helm-docs