Configuration Options¶
Shared Options¶
Please set the following environment variables in your config file as required
| Key | Description |
|---|---|
global.env.API_GATEWAY |
Fully qualified URL of the API in the format https://[API_URL] |
user.env.JWT_SECRET |
Recommended: A random string of at least 32 characters to use as the signing secret for Boards sessions. |
webfront.env.DEFAULT_TEAM |
Name of the team users will primarily login with.This will be shown on the login page.Optional: Only set if you are authenticating with multiple providers. |
licence.env.LICENCE |
Licence key obtained from the Huddo Store |
events.env.NOTIFIER_EMAIL_HOST |
SMTP gateway hostname, e.g. smtp.ethereal.com |
events.env.NOTIFIER_EMAIL_PORT |
Optional: SMTP gateway port. Default: 25 (OR 587 if NOTIFIER_EMAIL_USERNAME is set) |
events.env.NOTIFIER_EMAIL_USERNAME |
Optional: SMTP gateway authentication. Setting a value will enable auth and use the default port of 587 |
events.env.NOTIFIER_EMAIL_PASSWORD |
Optional: SMTP gateway authentication password |
events.env.NOTIFIER_EMAIL_FROM_NAME |
Optional: Emails are sent from this name. Default: Huddo Boards |
events.env.NOTIFIER_EMAIL_FROM_EMAIL |
Optional: Emails are sent from this email address. Default: no-reply@huddo.com |
events.env.NOTIFIER_EMAIL_SUPPORT_EMAIL |
Optional: Support link shown in emails. Default: support@huddo.com |
events.env.NOTIFIER_EMAIL_HELP_URL |
Optional: Help link shown in new user welcome email. Default: https://docs.huddo.com/boards/howto/knowledgebase/ |
events.env.NOTIFIER_EMAIL_OPTIONS |
Optional: Custom NodeMailer email options (insecure tls etc). For example: "{\"ignoreTLS\": true,\"tls\":{\"rejectUnauthorized\":false}}" |
user.env.DISABLE_WELCOME_EMAIL |
Optional: Set to disable welcome emails for users |
app.env.BANNED_LINK_URL_EXPRESSION |
Optional: A JavaScript regular expression string where matching link (Bookmark) URLs will be denied creation. Existing links that match will cause errors when updating any links on a node, unless all matching links are deleted. Default: ^javascript: |
Secrets & Certificates¶
These options control the secrets the chart can create or mount. All are optional — the chart behaves exactly as before when they are left unset.
Image pull secret¶
When registry, username and password are all set, the chart creates the image pull secret automatically, named after global.imagePullSecret so the deployments reference it with no further configuration. Leave them empty to manage the secret yourself. Supply the password via --set or an encrypted values file rather than committing it.
| Key | Description |
|---|---|
imageCredentials.registry |
Container registry hostname, e.g. quay.io or hclcr.io |
imageCredentials.username |
Registry username |
imageCredentials.password |
Registry password / token |
Internal CA bundle¶
Mounts a CA bundle into every service and sets NODE_EXTRA_CA_CERTS so the apps trust internal TLS endpoints (the Connections reverse proxy, MongoDB, S3, etc). Provide either existingSecret (you manage the secret) or pem (the chart creates it) — not both.
| Key | Description | Default |
|---|---|---|
global.internalCa.existingSecret |
Name of an existing secret holding the CA bundle to mount. The chart does not create or own it. | — |
global.internalCa.pem |
Alternatively, the CA bundle (PEM) itself — the chart creates the secret named secretName from it. |
— |
global.internalCa.key |
Filename/key within the secret. NODE_EXTRA_CA_CERTS is set to <mountPath>/<key>. |
cert.pem |
global.internalCa.secretName |
Name of the secret to create when pem is set. |
internal-ca |
global.internalCa.mountPath |
Directory the bundle is mounted at in every service. | /etc/ssl/internal-ca |
See the SSL guide for setup examples — mounting an existing secret, or having the chart create it from a PEM.
Additional resources¶
| Key | Description |
|---|---|
extraObjects |
List of additional Kubernetes resource manifests to create alongside the chart (e.g. ConfigMaps, Secrets). |
Provider Specific Options¶
HCL Connections¶
Tip
Optional: These settings are only required if you are using HCL Connections as your authentication provider.
| Key | Description |
|---|---|
provider.env.WIDGET_ID |
Optional: ID of the Community widget configured in this step |
user.env.CONNECTIONS_NAME |
Optional: If you refer to 'Connections' by another name, set it here |
user.env.CONNECTIONS_CLIENT_ID |
oAuth client-id, usually huddoboards |
user.env.CONNECTIONS_CLIENT_SECRET |
oAuth client-secret as configured in this step |
user.env.CONNECTIONS_URL |
HCL Connections URL, e.g. https://connections.example.com |
user.env.CONNECTIONS_ADMINS |
Emails or GUIDs of users to grant admin permissions. e.g. "[\"admin1@company.example.com\", \"PROF_GUID_2\"]" |
user.env.CONNECTIONS_KEYCLOAK_URL |
Optional: See keycloak authentication for more information |
user.env.CONNECTIONS_KEYCLOAK_REALM |
Optional: See keycloak authentication for more information |
user.env.CONNECTIONS_KEYCLOAK_PATH |
Optional: Keycloak pathDefault: /auth/realmsCustomise this to /realms as of Keycloak v22 |
HCL Domino¶
Tip
Optional: These settings are only required if you are using HCL Domino as your authentication provider.
| Key | Description |
|---|---|
user.env.DOMINO_AUTH_URL |
HCL Domino REST API URL. See domino authentication for more information |
user.env.DOMINO_CLIENT_ID |
oAuth client-id, see domino authentication for more information |
user.env.DOMINO_CLIENT_SECRET |
oAuth client-secret, see domino authentication for more information |
user.env.DOMINO_ADMINS |
Optional: Emails or GUIDs of users to grant admin permissions. See domino authentication for more information |
user.env.DOMINO_USE_PROFILE_IMAGE_ATTACHMENTS |
Optional: set true to enable using profile imagesSee domino authentication for more information |
user.env.DOMINO_PROFILE_IMAGE_NAME |
Optional: file name of profile images. Uses first image attached if not set See domino authentication for more information |
user.env.DOMINO_AUTH_SCOPE |
Optional: defaults to $DATASee domino authentication for more information |
user.env.DOMINO_REST_SCOPE |
Optional: defaults to directorylookupSee domino authentication for more information |
HCL Digital Experience (DX)¶
Tip
Optional: These settings are only required if you are using HCL DX as your authentication provider.
| Key | Description |
|---|---|
user.env.DX_URL |
HCL DX URL, e.g. https://dx.company.com |
user.env.DX_CLIENT_ID |
oAuth client-id, see dx authentication for more information |
user.env.DX_CLIENT_SECRET |
oAuth client-secret, see dx authentication for more information |
user.env.DX_ADMINS |
Optional: Emails or GUIDs of users to grant admin permissions. |
user.env.DX_AUTH_PROVIDER_NAME |
Optional: name of the OAuth Service Provider. Defaults to OAuthConfig |
Microsoft Active Directory (AD)¶
Tip
Optional: These settings are only required if you are using Microsoft Active Directory (AD) as your authentication provider.
Please follow the steps in the Microsoft Active Directory Federation Service guide to configure your AD FS server, and the Huddo Boards application group.
| Key | Description | Example / Default |
|---|---|---|
user.env.MSAD_NAME |
Name on the login button | Microsoft AD |
user.env.MSAD_ADMINS |
Email/ID of users to grant admin access | ["admin@example.com", "admin2@example.com"] |
user.env.MSAD_FS_URL |
AD FS server URL | https://adfs.example.com |
user.env.MSAD_CLIENT_ID |
AD FS client id | |
user.env.MSAD_CLIENT_SECRET |
AD FS client secret | |
user.env.MSAD_LDAP_URL |
URL of LDAP server | ldap://ad.example.com |
user.env.MSAD_LDAP_BASE_DN |
Base DN for LDAP search | DC=example,DC=com |
user.env.MSAD_LDAP_BIND_DN |
Bind DN for LDAP search | CN=Boards,OU=Service Accounts,DC=example,DC=com |
user.env.MSAD_LDAP_BIND_PASSWORD |
Bind password for LDAP search |