Add authentik
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
495a7a54d4
commit
12ce715710
GPG Key ID:
03B27509E17EFDC8
|
|
@ -0,0 +1,285 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: authentik
|
||||
namespace: authentik-ns
|
||||
annotations:
|
||||
force-recreate: true
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: authentik
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: authentik
|
||||
namespace: flux-system
|
||||
interval: 15m0s
|
||||
timeout: 5m
|
||||
releaseName: authentik
|
||||
values:
|
||||
# -- Server replicas
|
||||
replicas: 1
|
||||
# -- Custom priority class for different treatment by the scheduler
|
||||
priorityClassName:
|
||||
# -- server securityContext
|
||||
securityContext: {}
|
||||
# -- server containerSecurityContext
|
||||
containerSecurityContext: {}
|
||||
|
||||
worker:
|
||||
# -- worker replicas
|
||||
replicas: 1
|
||||
# -- Custom priority class for different treatment by the scheduler
|
||||
priorityClassName:
|
||||
# -- worker securityContext
|
||||
securityContext: {}
|
||||
# -- server containerSecurityContext
|
||||
containerSecurityContext: {}
|
||||
env:
|
||||
- name: AUTHENTIK_REDIS__DB
|
||||
value: "1"
|
||||
|
||||
image:
|
||||
repository: ghcr.io/goauthentik/server
|
||||
tag: 2024.2.2
|
||||
#tag: latest
|
||||
# -- optional container image digest
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
pullSecrets: []
|
||||
|
||||
# -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. The dictionary item key will determine the order. Helm templates can be used
|
||||
initContainers: {}
|
||||
|
||||
# -- Specify any additional containers here as dictionary items. Each additional container should have its own key. Helm templates can be used.
|
||||
additionalContainers: {}
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
ingressClassName: ""
|
||||
annotations: {}
|
||||
labels: {}
|
||||
hosts:
|
||||
- host: authentik.domain.tld
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
|
||||
# -- Annotations to add to the server and worker deployments
|
||||
annotations: {}
|
||||
|
||||
# -- Annotations to add to the server and worker pods
|
||||
podAnnotations: {}
|
||||
|
||||
authentik:
|
||||
# -- Log level for server and worker
|
||||
log_level: info
|
||||
# -- Secret key used for cookie singing and unique user IDs,
|
||||
# don't change this after the first install
|
||||
#secret_key: ""
|
||||
# -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
|
||||
geoip: /geoip/GeoLite2-City.mmdb
|
||||
email:
|
||||
# -- SMTP Server emails are sent from, fully optional
|
||||
host: ""
|
||||
port: 587
|
||||
# -- SMTP credentials, when left empty, not authentication will be done
|
||||
username: ""
|
||||
# -- SMTP credentials, when left empty, not authentication will be done
|
||||
password: ""
|
||||
# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
|
||||
use_tls: false
|
||||
# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
|
||||
use_ssl: false
|
||||
# -- Connection timeout
|
||||
timeout: 30
|
||||
# -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
|
||||
from: ""
|
||||
outposts:
|
||||
# -- Template used for managed outposts. The following placeholders can be used
|
||||
# %(type)s - the type of the outpost
|
||||
# %(version)s - version of your authentik install
|
||||
# %(build_hash)s - only for beta versions, the build hash of the image
|
||||
container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
|
||||
error_reporting:
|
||||
# -- This sends anonymous usage-data, stack traces on errors and
|
||||
# performance data to sentry.beryju.org, and is fully opt-in
|
||||
enabled: false
|
||||
# -- This is a string that is sent to sentry with your error reports
|
||||
environment: "k8s"
|
||||
# -- Send PII (Personally identifiable information) data to sentry
|
||||
send_pii: false
|
||||
postgresql:
|
||||
# -- set the postgresql hostname to talk to
|
||||
# if unset and .Values.postgresql.enabled == true, will generate the default
|
||||
# @default -- `{{ .Release.Name }}-postgresql`
|
||||
host: "postgresql.postgresql-system.svc.cluster.local"
|
||||
# -- postgresql Database name
|
||||
# @default -- `authentik`
|
||||
name: "authentik"
|
||||
# -- postgresql Username
|
||||
# @default -- `authentik`
|
||||
user: "authentik"
|
||||
#password: ""
|
||||
port: 5432
|
||||
redis:
|
||||
# -- set the redis hostname to talk to
|
||||
# @default -- `{{ .Release.Name }}-redis-master`
|
||||
host: "redis-master.redis-system.svc.cluster.local"
|
||||
#password: ""
|
||||
|
||||
# -- List of config maps to mount blueprints from. Only keys in the
|
||||
# configmap ending with ".yaml" wil be discovered and applied
|
||||
blueprints: []
|
||||
|
||||
# -- see configuration options at https://goauthentik.io/docs/installation/configuration/
|
||||
env:
|
||||
- name: AUTHENTIK_REDIS__DB
|
||||
value: "1"
|
||||
# AUTHENTIK_VAR_NAME: VALUE
|
||||
|
||||
envFrom: []
|
||||
# - configMapRef:
|
||||
# name: special-config
|
||||
|
||||
envValueFrom:
|
||||
AUTHENTIK_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: authentik-secret
|
||||
key: secret-key
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||
secretKeyRef:
|
||||
name: authentik-secret
|
||||
key: postgres-password
|
||||
AUTHENTIK_REDIS__PASSWORD:
|
||||
secretKeyRef:
|
||||
name: authentik-secret
|
||||
key: redis-password
|
||||
|
||||
service:
|
||||
# -- Service that is created to access authentik
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
port: 80
|
||||
name: http
|
||||
protocol: TCP
|
||||
labels: {}
|
||||
annotations: {}
|
||||
|
||||
volumes: []
|
||||
|
||||
volumeMounts: []
|
||||
|
||||
# -- affinity applied to the deployments
|
||||
affinity: {}
|
||||
|
||||
# -- tolerations applied to the deployments
|
||||
tolerations: []
|
||||
|
||||
# -- nodeSelector applied to the deployments
|
||||
nodeSelector: {}
|
||||
|
||||
resources:
|
||||
server: {}
|
||||
worker: {}
|
||||
|
||||
autoscaling:
|
||||
server:
|
||||
# -- Create a HPA for the server deployment
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 5
|
||||
targetCPUUtilizationPercentage: 50
|
||||
worker:
|
||||
# -- Create a HPA for the worker deployment
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 5
|
||||
targetCPUUtilizationPercentage: 80
|
||||
|
||||
livenessProbe:
|
||||
# -- enables or disables the livenessProbe
|
||||
enabled: true
|
||||
httpGet:
|
||||
# -- liveness probe url path
|
||||
path: /-/health/live/
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
|
||||
startupProbe:
|
||||
# -- enables or disables the livenessProbe
|
||||
enabled: true
|
||||
httpGet:
|
||||
# -- liveness probe url path
|
||||
path: /-/health/live/
|
||||
port: http
|
||||
failureThreshold: 60
|
||||
periodSeconds: 5
|
||||
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
httpGet:
|
||||
path: /-/health/ready/
|
||||
port: http
|
||||
periodSeconds: 10
|
||||
|
||||
serviceAccount:
|
||||
# -- Service account is needed for managed outposts
|
||||
create: true
|
||||
annotations: {}
|
||||
serviceAccountSecret:
|
||||
# -- As we use the authentik-remote-cluster chart as subchart, and that chart
|
||||
# creates a service account secret by default which we don't need here, disable its creation
|
||||
enabled: false
|
||||
fullnameOverride: authentik
|
||||
nameOverride: authentik
|
||||
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
create: false
|
||||
interval: 30s
|
||||
scrapeTimeout: 3s
|
||||
# -- labels additional on ServiceMonitor
|
||||
labels: {}
|
||||
rules:
|
||||
create: false
|
||||
# -- labels additional on PrometheusRule
|
||||
labels: {}
|
||||
|
||||
geoip:
|
||||
# -- optional GeoIP, deploys a cronjob to download the maxmind database
|
||||
enabled: false
|
||||
# -- sign up under https://www.maxmind.com/en/geolite2/signup
|
||||
accountId: ""
|
||||
# -- sign up under https://www.maxmind.com/en/geolite2/signup
|
||||
licenseKey: ""
|
||||
editionIds: "GeoLite2-City"
|
||||
image: maxmindinc/geoipupdate:v4.8
|
||||
# -- number of hours between update runs
|
||||
updateInterval: 8
|
||||
# -- server containerSecurityContext
|
||||
containerSecurityContext: {}
|
||||
postgresql:
|
||||
# -- enable the bundled bitnami postgresql chart
|
||||
enabled: false
|
||||
postgresqlMaxConnections: 500
|
||||
postgresqlUsername: "authentik"
|
||||
# postgresqlPassword: ""
|
||||
postgresqlDatabase: "authentik"
|
||||
# persistence:
|
||||
# enabled: true
|
||||
# storageClass:
|
||||
# accessModes:
|
||||
# - ReadWriteOnce
|
||||
image:
|
||||
tag: 15.4.0-debian-11-r0
|
||||
redis:
|
||||
# -- enable the bundled bitnami redis chart
|
||||
enabled: false
|
||||
architecture: standalone
|
||||
auth:
|
||||
enabled: false
|
||||
image:
|
||||
tag: 6.2.10-debian-11-r13
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: authentik-secret
|
||||
namespace: authentik-ns
|
||||
spec:
|
||||
encryptedData:
|
||||
postgres-password: AgBigFPSosBY6PGUxR4zdIntM+oGMyaDY9mHZBwL5xbjEEvmzNKCuCfQFuiE07WqV3fjWEp6D3o23fIMomPC3SNLWySfti8o5pyBrPGDZLR1dVYWLmkyMCj0pzbDmPgAArBuzGmQG6P+Kn4lqlkSU6F50ev/W8yHUPkrlp+iJsGM9wYNlboaZmDMowIK5ny8sQ5vIb+QakS3ybRa3DfX/T3yNvuhOeCt+367/3oV0yNmCEBK4qKpTsAkWctxXooX1wcAkOwMesqfE42I5Mt+s/UnbU5fXJdzM0YI7WZreEy5oaG1shDxp1PhXoc12yCt5KobTj0xlttUVFVb8IaOY7r4oSI74vrL8KGuZdny0oeWvVbiwA/SvOt7S05RdryYWf66jN71/Aku5LnKJwRoa7veGeX9S5pUe1wZyVSDN6trkJcG5ZJRmEerr4MOZ4YX9cB2FktEmd+estjIlm/UhEIRN8Qv4qd54t6j2Ajhk6EJ3Ky6mI9xiun+0ti9880rIHQiW5MpiZVB+nQlAosTVQu4wRjdnP6Z0ndP83e2rPkHJ/jF2iawXOBoS0Eh11UaXvRQyNQOt3ReIba7E0aSbynpULViOg/lVNLA2qgyp+37Veb44Mi2k7sHg7I8e6MOMVjBhfmv3HvMpdHHBIHSq2vaDlF/0i5o5OT0F1O+06OngfQAaQQc1SdpLeoPKget5fbNF9zgmfKxPodjayq+h6n3vm5QOc4TagtcG1PV38LsiQ==
|
||||
redis-password: AgCWDT6n+wmF9+Qk4+bu1byc7TFmRwPGqrhBIdVvZrTMRh6jt43E8urutTAlqKO6JPbRw+gw7zA40uOOHYzU3UaIXdAueQtCRMhHAzKWMwvTuzKGqLmmKcxVF452wilyhMjLBgRuBvX43VK4kynIthM3LZmw9a/HAlbQqn624N3wvdOYXyrWG0YKisXJunEFPgQyygWozdFD/N+b2loBq5YvH3mLuOuJDcuAC+Ti7URRbHigZXOhpZK6ilycAcJxJlOE9FVDRXMYSophjDWtD/Wb7WNLU7iakdXjNMFNVlE89mzrLxOskI918l6hrMG+Tk9FrhwKZx9ZuVwoUOdLBhF7I0jjYWKnJ1gEIMKXNBcrQWcnqX392VTu4RG0YNIIzasYkJ4/i3bjDnIH9zpSnRn6VSL2ZRhikJBOGJRXlXamd93XcCC+wg7gLu9XGi6g7ddC9UksxFzfIoMvj6aZ5EzERwJ7Td/qH1mWcfm5iesXKP1Y7PUSElIXIVmx9ifLgzIfbreb5VJDj2v+gTD44zxy+zHhSgdyefR2FcXT2eZv9CFO/VS8WB/F8+edJai0wHmJv0ooYVNS0PtIkyD8DEUC3Egt97SmWlQlEn1rfX1hj7jpN7HTpW19l9kV3r9n84ZzVJf62qybHElKOQWoqdz2Xxv6gPannZ8XQbk3nR0dG99jrUhvTpqjLFaWV+27PE0bRuV6w1G5Zm7X6Jdr/y3p8UvH2UonA2/8xjPANci/tA==
|
||||
secret-key: AgBGLb8gPEET4udFwIMlgqWz5nIvu0/Tq6AhkCvxYTF4z2Gl4I7uOA4QtsnqDfOeQXJStpJ02ndc+q5l1uoP+hVgwhX1yWdeAtlQgubCpGraCQqofqVrwQwt9DoZqre+8rCp3llEugTP72Vekx9s9/8nDs+JqfBtfgLSdYqaJDO7fd3P4DDvA+DPhRTuT8j1YkX9mejxaWxd9lDss2OXWgZ/HDvGrm61FS3ByVqAo0uuayBcC8TtVrcjA6o2bfCFzz7g1uwzDC10bE7RNuJzpErulrOv/QzgxB/yTmQ4JlJmbgonAC3ZUBBc5hAl7m7hKuq6CFyHD1kZCWJ/cZkg9AagI0u9f96+y5kYh+KZK8/WuPHF3LhM9dam9KYKVJRqWE4nq5/QYcpbkQtKBqKlGPZZCyEmH/ylL6r3djMHNjKTpdCwlMqNFetDPLDMNFB1i2Nqg7PAzqOE3Dq5AHShSBG//losKiTfoNF3uYwbrA3cQhxCOAM/1EiLEvz1KerHaJrlcV5Y32ZaOj6P4aQeBAzEpmS8sRr0yooYmA1iJce+wYMsvI1VlNKP4HU+wLm5xKNca1SRvZaOmz1RUp3l+Q+jckhHmRFubLOR6RpmdiGtTAyvjfMRkRtzDfnyu+xGvCqlontPIPWh7yl8jsqrjhr5/tXVtSs+yZhdfn1M7oiDbv7xa4o2jAxt+MpP1XtMaoH/Rnt3x2JprDrSU+1YICE9Ibzo6xjJYFs5I/fM7auUvF3cmX40zafRHw5DYehWCBU3mA==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: authentik-secret
|
||||
namespace: authentik-ns
|
||||
Loading…
Reference in New Issue