fullnameOverride: netbird management: configmap: |- { "Stuns": [ { "Proto": "udp", "URI": "{{ .STUN_SERVER }}", "Username": "", "Password": "" } ], "TURNConfig": { "TimeBasedCredentials": false, "CredentialsTTL": "12h0m0s", "Secret": "secret", "Turns": [ { "Proto": "udp", "URI": "{{ .TURN_SERVER }}", "Username": "{{ .TURN_SERVER_USER }}", "Password": "{{ .TURN_SERVER_PASSWORD }}" } ] }, "Relay": { "Addresses": ["rels://vpn.dogar.dev:443/relay"], "CredentialsTTL": "24h", "Secret": "{{ .RELAY_PASSWORD }}" }, "Signal": { "Proto": "https", "URI": "vpn.dogar.dev:443", "Username": "", "Password": "" }, "Datadir": "/var/lib/netbird/", "DataStoreEncryptionKey": "{{ .DATASTORE_ENCRYPTION_KEY }}", "HttpConfig": { "LetsEncryptDomain": "", "CertFile": "", "CertKey": "", "AuthAudience": "{{ .IDP_CLIENT_ID }}", "AuthIssuer": "https://auth.dogar.dev/application/o/netbird/", "AuthUserIDClaim": "", "AuthKeysLocation": "https://auth.dogar.dev/application/o/netbird/jwks/", "OIDCConfigEndpoint": "https://auth.dogar.dev/application/o/netbird/.well-known/openid-configuration", "IdpSignKeyRefreshEnabled": false }, "IdpManagerConfig": { "ManagerType": "authentik", "ClientConfig": { "Issuer": "https://auth.dogar.dev/application/o/netbird", "TokenEndpoint": "https://auth.dogar.dev/application/o/token/", "ClientID": "{{ .IDP_CLIENT_ID }}", "ClientSecret": "", "GrantType": "client_credentials" }, "ExtraConfig": { "Password": "{{ .IDP_SERVICE_ACCOUNT_PASSWORD }}", "Username": "{{ .IDP_SERVICE_ACCOUNT_USER }}" }, "Auth0ClientCredentials": null, "AzureClientCredentials": null, "KeycloakClientCredentials": null, "ZitadelClientCredentials": null }, "DeviceAuthorizationFlow": { "Provider": "hosted", "ProviderConfig": { "ClientID": "{{ .IDP_CLIENT_ID }}", "ClientSecret": "", "Domain": "auth.dogar.dev", "Audience": "{{ .IDP_CLIENT_ID }}", "TokenEndpoint": "https://auth.dogar.dev/application/o/token/", "DeviceAuthEndpoint": "https://auth.dogar.dev/application/o/device/", "AuthorizationEndpoint": "", "Scope": "openid", "UseIDToken": false, "RedirectURLs": null } }, "PKCEAuthorizationFlow": { "ProviderConfig": { "ClientID": "{{ .IDP_CLIENT_ID }}", "ClientSecret": "", "Domain": "", "Audience": "{{ .IDP_CLIENT_ID }}", "TokenEndpoint": "https://auth.dogar.dev/application/o/token/", "DeviceAuthEndpoint": "", "AuthorizationEndpoint": "https://auth.dogar.dev/application/o/authorize/", "Scope": "openid profile email offline_access api", "UseIDToken": false, "RedirectURLs": ["http://localhost:53000"] } }, "StoreConfig": { "Engine": "postgres" }, "ReverseProxy": { "TrustedHTTPProxies": null, "TrustedHTTPProxiesCount": 0, "TrustedPeers": null } } persistentVolume: enabled: true storageClass: longhorn size: 1Gi envFromSecret: NETBIRD_STORE_ENGINE_POSTGRES_DSN: netbird/postgresDSN STUN_SERVER: netbird/stunServer TURN_SERVER: netbird/turnServer TURN_SERVER_USER: netbird/turnServerUser TURN_SERVER_PASSWORD: netbird/turnServerPassword RELAY_PASSWORD: netbird/relayPassword IDP_CLIENT_ID: netbird/idpClientID IDP_SERVICE_ACCOUNT_USER: netbird/idpServiceAccountUser IDP_SERVICE_ACCOUNT_PASSWORD: netbird/idpServiceAccountPassword DATASTORE_ENCRYPTION_KEY: netbird/datastoreEncryptionKey livenessProbe: failureThreshold: 3 initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 tcpSocket: port: http volumes: - name: postgres-ssl-bundle secret: secretName: netbird-postgres-ssl-bundle volumeMounts: - name: postgres-ssl-bundle mountPath: /etc/ssl/certs/postgres-ssl-bundle readOnly: true signal: enabled: true relay: envFromSecret: NB_AUTH_SECRET: netbird/relayPassword env: NB_LOG_LEVEL: info NB_LISTEN_ADDRESS: ":33080" NB_EXPOSED_ADDRESS: rels://vpn.dogar.dev:443/relay dashboard: enabled: true env: # Endpoints NETBIRD_MGMT_API_ENDPOINT: https://vpn.dogar.dev:443 NETBIRD_MGMT_GRPC_API_ENDPOINT: https://vpn.dogar.dev:443 # OIDC AUTH_CLIENT_SECRET: AUTH_AUTHORITY: https://auth.dogar.dev/application/o/netbird/ USE_AUTH0: false AUTH_SUPPORTED_SCOPES: openid profile email offline_access api AUTH_REDIRECT_URI: AUTH_SILENT_REDIRECT_URI: NETBIRD_TOKEN_SOURCE: accessToken NGINX_SSL_PORT: LETSENCRYPT_DOMAIN: LETSENCRYPT_EMAIL: envFromSecret: AUTH_CLIENT_ID: netbird/idpClientID AUTH_AUDIENCE: netbird/idpClientID extraManifests: - apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: netbird namespace: netbird spec: entryPoints: - websecure routes: - kind: Rule match: Host(`vpn.dogar.dev`) && !PathPrefix(`/api`) && !PathPrefix(`/management`) && !PathPrefix(`/signalexchange`) && !PathPrefix(`/relay`) services: - name: netbird-dashboard namespace: netbird passHostHeader: true port: 80 - kind: Rule match: Host(`vpn.dogar.dev`) && PathPrefix(`/api`) services: - name: netbird-management namespace: netbird passHostHeader: true port: 80 - kind: Rule match: Host(`vpn.dogar.dev`) && PathPrefix(`/relay`) services: - name: netbird-relay namespace: netbird passHostHeader: true port: 33080 - kind: Rule match: Host(`vpn.dogar.dev`) && PathPrefix(`/management`) services: - name: netbird-management namespace: netbird passHostHeader: true port: 80 scheme: h2c - kind: Rule match: Host(`vpn.dogar.dev`) && PathPrefix(`/signalexchange`) services: - name: netbird-signal namespace: netbird passHostHeader: true port: 80 scheme: h2c tls: secretName: netbird-tls