taiga: controllers: front: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: front: image: repository: ghcr.io/alexlebens/taiga-front-docker-oidc tag: 6.8.1 pullPolicy: IfNotPresent env: - name: TAIGA_URL value: https://taiga-cl01tl.boreal-beaufort.ts.net - name: PUBLIC_REGISTER_ENABLED value: false - name: ENABLE_GITHUB_AUTH value: false - name: ENABLE_GITLAB_AUTH value: false - name: ENABLE_OIDC value: true - name: ENABLE_SLACK value: false - name: ENABLE_GITHUB_IMPORTER value: false - name: ENABLE_JIRA_IMPORTER value: false - name: ENABLE_TRELLO_IMPORTER value: false resources: requests: cpu: 100m memory: 128Mi back: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: back: image: repository: ghcr.io/alexlebens/taiga-back-docker-oidc tag: 6.8.1 pullPolicy: IfNotPresent env: - name: TAIGA_SECRET_KEY valueFrom: secretKeyRef: name: taiga-key-secret key: key - name: ENABLE_TELEMETRY value: false - name: PUBLIC_REGISTER_ENABLED value: false - name: POSTGRES_USER valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: password - name: POSTGRES_DB valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: dbname - name: POSTGRES_HOST valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: host - name: OIDC_ENABLED value: "True" - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: taiga-oidc-secret key: client - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: taiga-oidc-secret key: secret - name: OIDC_SCOPES value: openid profile email - name: OIDC_SIGN_ALGO value: RS256 - name: OIDC_BASE_URL value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - name: OIDC_JWKS_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/taiga/jwks/ - name: OIDC_AUTHORIZATION_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - name: OIDC_TOKEN_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - name: OIDC_USER_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - name: ENABLE_GITHUB_AUTH value: "false" - name: ENABLE_GITLAB_AUTH value: "false" - name: ENABLE_SLACK value: "false" - name: ENABLE_GITHUB_IMPORTER value: "False" - name: ENABLE_JIRA_IMPORTER value: "False" - name: RABBITMQ_USER value: taiga - name: RABBITMQ_PASS valueFrom: secretKeyRef: name: taiga-async-rabbitmq-secret key: password - name: TAIGA_SITES_DOMAIN value: taiga-cl01tl.boreal-beaufort.ts.net - name: TAIGA_SITES_SCHEME value: https - name: SESSION_COOKIE_SECURE value: "True" - name: CSRF_COOKIE_SECURE value: "True" resources: requests: cpu: 100m memory: 512Mi async: image: repository: ghcr.io/alexlebens/taiga-back-docker-oidc tag: 6.8.1 pullPolicy: IfNotPresent command: - /taiga-back/docker/async_entrypoint.sh env: - name: TAIGA_SECRET_KEY valueFrom: secretKeyRef: name: taiga-key-secret key: key - name: ENABLE_TELEMETRY value: false - name: PUBLIC_REGISTER_ENABLED value: false - name: POSTGRES_USER valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: password - name: POSTGRES_DB valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: dbname - name: POSTGRES_HOST valueFrom: secretKeyRef: name: taiga-postgresql-16-cluster-app key: host - name: OIDC_ENABLED value: "True" - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: taiga-oidc-secret key: client - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: taiga-oidc-secret key: secret - name: OIDC_SCOPES value: openid profile email - name: OIDC_SIGN_ALGO value: RS256 - name: OIDC_BASE_URL value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - name: OIDC_JWKS_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/taiga/jwks/ - name: OIDC_AUTHORIZATION_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - name: OIDC_TOKEN_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - name: OIDC_USER_ENDPOINT value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - name: ENABLE_GITHUB_AUTH value: "false" - name: ENABLE_GITLAB_AUTH value: "false" - name: ENABLE_SLACK value: "false" - name: ENABLE_GITHUB_IMPORTER value: "False" - name: ENABLE_JIRA_IMPORTER value: "False" - name: RABBITMQ_USER value: taiga - name: RABBITMQ_PASS valueFrom: secretKeyRef: name: taiga-async-rabbitmq-secret key: password - name: TAIGA_SITES_DOMAIN value: taiga-cl01tl.boreal-beaufort.ts.net - name: TAIGA_SITES_SCHEME value: https - name: SESSION_COOKIE_SECURE value: "True" - name: CSRF_COOKIE_SECURE value: "True" resources: requests: cpu: 100m memory: 512Mi events: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: events: image: repository: taigaio/taiga-events tag: 6.7.0 pullPolicy: IfNotPresent env: - name: TAIGA_SECRET_KEY valueFrom: secretKeyRef: name: taiga-key-secret key: key - name: RABBITMQ_USER value: taiga - name: RABBITMQ_PASS valueFrom: secretKeyRef: name: taiga-events-rabbitmq-secret key: password - name: APP_PORT value: 3023 resources: requests: cpu: 100m memory: 128Mi protected: type: deployment replicas: 1 strategy: Recreate revisionHistoryLimit: 3 containers: main: image: repository: taigaio/taiga-protected tag: 6.8.1 pullPolicy: IfNotPresent env: - name: SECRET_KEY valueFrom: secretKeyRef: name: taiga-key-secret key: key - name: MAX_AGE value: 360 resources: requests: cpu: 100m memory: 256Mi serviceAccount: create: true service: front: controller: front ports: front: port: 80 targetPort: 80 protocol: HTTP back: controller: back ports: back: port: 8000 targetPort: 8000 protocol: HTTP events: controller: events ports: events: port: 8888 targetPort: 8888 protocol: HTTP app: port: 3023 targetPort: 3023 protocol: HTTP protected: controller: protected ports: protected: port: 8003 targetPort: 8003 protocol: HTTP ingress: tailscale: enabled: true className: tailscale hosts: - host: taiga-cl01tl paths: - path: / pathType: Prefix service: name: taiga-front port: 80 - path: /api pathType: Prefix service: name: taiga-back port: 8000 pathType: ImplementationSpecific - path: /admin pathType: Prefix service: name: taiga-back port: 8000 pathType: ImplementationSpecific - path: /oidc pathType: Prefix service: name: taiga-back port: 8000 pathType: ImplementationSpecific - path: /events pathType: Prefix service: name: taiga-events port: 8888 pathType: ImplementationSpecific - path: /media pathType: Prefix service: name: taiga-protected port: 8003 pathType: ImplementationSpecific tls: - hosts: - taiga-cl01tl persistence: static: existingClaim: taiga-static advancedMounts: back: back: - path: /taiga-back/static readOnly: false back: async: - path: /taiga-back/static readOnly: false media: existingClaim: taiga-media advancedMounts: back: back: - path: /taiga-back/media readOnly: false back: async: - path: /taiga-back/media readOnly: false async-rabbitmq: auth: username: taiga existingPasswordSecret: taiga-async-rabbitmq-secret existingSecretPasswordKey: password existingErlangSecret: taiga-async-rabbitmq-secret existingSecretErlangKey: erlang extraConfiguration: |- default_vhost = taiga default_permissions.configure = .* default_permissions.read = .* default_permissions.write = .* events-rabbitmq: auth: username: taiga existingPasswordSecret: taiga-events-rabbitmq-secret existingSecretPasswordKey: password existingErlangSecret: taiga-events-rabbitmq-secret existingSecretErlangKey: erlang extraConfiguration: |- default_vhost = taiga default_permissions.configure = .* default_permissions.read = .* default_permissions.write = .* postgres-16-cluster: mode: standalone cluster: walStorage: storageClass: local-path storage: storageClass: local-path monitoring: enabled: true prometheusRule: enabled: false backup: enabled: true endpointURL: https://s3.us-east-2.amazonaws.com destinationPath: s3://cl01tl-postgresql-backups/taiga endpointCredentials: taiga-postgresql-16-cluster-backup-secret backupIndex: 1 retentionPolicy: 14d