Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2023-11-09 18:46:04 +00:00
parent d28d4a8fdb
commit 9e864a91e6
17 changed files with 4386 additions and 0 deletions

View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [authentik-15.0.17](https://github.com/truecharts/charts/compare/authentik-15.0.16...authentik-15.0.17) (2023-11-09)
### Chore
- update authentik to v2023.10.3 (patch) ([#14495](https://github.com/truecharts/charts/issues/14495))
## [authentik-15.0.16](https://github.com/truecharts/charts/compare/authentik-15.0.15...authentik-15.0.16) (2023-11-09)
### Chore
- update helm general non-major ([#14467](https://github.com/truecharts/charts/issues/14467))
## [authentik-15.0.15](https://github.com/truecharts/charts/compare/authentik-15.0.14...authentik-15.0.15) (2023-11-08)
### Chore
- update helm general non-major ([#14465](https://github.com/truecharts/charts/issues/14465))
## [authentik-15.0.14](https://github.com/truecharts/charts/compare/authentik-15.0.13...authentik-15.0.14) (2023-11-08)
### Chore
- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454))
## [authentik-15.0.13](https://github.com/truecharts/charts/compare/authentik-15.0.12...authentik-15.0.13) (2023-11-05)
### Chore
- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365))
## [authentik-15.0.12](https://github.com/truecharts/charts/compare/authentik-15.0.11...authentik-15.0.12) (2023-11-03)
### Chore
- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287))
## [authentik-15.0.11](https://github.com/truecharts/charts/compare/authentik-15.0.10...authentik-15.0.11) (2023-10-29)
### Chore
- update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094))
## [authentik-15.0.10](https://github.com/truecharts/charts/compare/authentik-15.0.9...authentik-15.0.10) (2023-10-29)
### Chore
- update authentik to v2023.10.2 (patch) ([#14072](https://github.com/truecharts/charts/issues/14072))
## [authentik-15.0.9](https://github.com/truecharts/charts/compare/authentik-15.0.8...authentik-15.0.9) (2023-10-28)
### Chore
- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693))
- update container image tccr.io/truecharts/authentik-ldap to v2023.10.2 ([#14070](https://github.com/truecharts/charts/issues/14070))
## [authentik-15.0.8](https://github.com/truecharts/charts/compare/authentik-15.0.7...authentik-15.0.8) (2023-10-26)
### Chore
- update authentik to v2023.10.1 (minor) ([#14009](https://github.com/truecharts/charts/issues/14009))
- run precocmit ([#13387](https://github.com/truecharts/charts/issues/13387))
## [authentik-15.0.7](https://github.com/truecharts/charts/compare/authentik-15.0.6...authentik-15.0.7) (2023-10-07)

View File

@ -0,0 +1,29 @@
apiVersion: v2
appVersion: "2023.10.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 14.3.5
- condition: redis.enabled
name: redis
repository: https://deps.truecharts.org
version: 8.0.44
description: Authentik is an open-source Identity Provider focused on flexibility and versatility.
home: https://truecharts.org/charts/stable/authentik
icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png
keywords:
- authentik
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: authentik
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/authentik
- https://github.com/goauthentik/authentik
- https://goauthentik.io/docs/
version: 15.0.17
annotations:
truecharts.org/category: authentication
truecharts.org/SCALE-support: "true"

View File

@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Blocky" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.

View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@ -0,0 +1,9 @@
## [authentik-15.0.17](https://github.com/truecharts/charts/compare/authentik-15.0.16...authentik-15.0.17) (2023-11-09)
### Chore
- update authentik to v2023.10.3 (patch) ([#14495](https://github.com/truecharts/charts/issues/14495))

View File

@ -0,0 +1,8 @@
Authentik is an open-source Identity Provider focused on flexibility and versatility.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/authentik](https://truecharts.org/charts/stable/authentik)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,513 @@
image:
repository: tccr.io/truecharts/authentik
tag: v2023.10.2@sha256:6c1bec5507c44dd204b87c6bdba65823f2b214b3a5635ef41680748fddf73fc9
pullPolicy: IfNotPresent
geoipImage:
repository: tccr.io/truecharts/geoipupdate
tag: v6.0.0@sha256:e057484036265c5bde379556463eed605f68f72016f328404202fb293f02a76a
pullPolicy: IfNotPresent
ldapImage:
repository: tccr.io/truecharts/authentik-ldap
tag: v2023.10.3@sha256:aae476ded2b470fcdf81cb7b0c63e338ee60a8260aedf631d7bd9715720f3d32
pullPolicy: IfNotPresent
radiusImage:
repository: tccr.io/truecharts/authentik-radius
tag: v2023.10.3@sha256:a13a2ff2d56b927ddea7adb04ce3e766a075e744ea4b920e9828da8c8eab1a23
pullPolicy: IfNotPresent
proxyImage:
repository: tccr.io/truecharts/authentik-proxy
tag: v2023.10.3@sha256:1c5c10c8c1f7383cf870c633a9fdd622c9ed83858eee977489de8181da7a98b0
pullPolicy: IfNotPresent
authentik:
credentials:
# Only works on initial install
email: my-mail@example.com
password: my-password
# Optional, only set if you want to use it
bootstrapToken: ""
general:
disableUpdateCheck: false
disableStartupAnalytics: true
allowUserChangeName: true
allowUserChangeEmail: true
allowUserChangeUsername: true
overwriteDefaultBlueprints: false
gdprCompliance: true
tokenLength: 128
impersonation: true
avatars:
- gravatar
- initials
footerLinks:
- name: Authentik
href: https://goauthentik.io
email:
host: ""
port: 587
username:
password:
useTLS: true
useSSL: false
timeout: 10
from: ""
ldap:
tlsCiphers: "null"
taskTimeoutHours: 2
logging:
# info, debug, warning, error, trace
logLevel: info
errorReporting:
enabled: false
sendPII: false
environment: customer
sentryDSN: ""
geoip:
enabled: false
# Ignored if enabled is true
# If enabled is false, and this is true, the
# built-in GeoIP database will be wiped
wipeBuiltInDb: false
editionID: GeoLite2-City
frequency: 8
accountID: ""
licenseKey: ""
outposts:
proxy:
enabled: false
token: ""
radius:
enabled: false
token: ""
ldap:
enabled: false
token: ""
# ===== DO NOT EDIT BELOW THIS LINE =====
workload:
# ===== Server =====
main:
enabled: true
type: Deployment
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1000
runAsGroup: 1000
# readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: server
- secretRef:
name: server-worker
- configMapRef:
name: server-worker
args:
- server
probes:
liveness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
readiness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
startup:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
# ===== Worker =====
worker:
enabled: true
type: Deployment
podSpec:
containers:
worker:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1000
runAsGroup: 1000
# readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: server-worker
- configMapRef:
name: server-worker
args:
- worker
probes:
liveness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
readiness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
startup:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
# ===== PROXY =====
proxy:
enabled: true
type: Deployment
podSpec:
containers:
proxy:
enabled: true
primary: true
imageSelector: proxyImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: proxy
- secretRef:
name: proxy
probes:
liveness:
enabled: true
type: exec
command:
- /proxy
- healthcheck
readiness:
enabled: true
type: exec
command:
- /proxy
- healthcheck
startup:
enabled: true
type: exec
command:
- /proxy
- healthcheck
# ===== RADIUS =====
radius:
enabled: true
type: Deployment
podSpec:
containers:
radius:
enabled: true
primary: true
imageSelector: radiusImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: radius
- secretRef:
name: radius
probes:
liveness:
enabled: true
type: exec
command:
- /radius
- healthcheck
readiness:
enabled: true
type: exec
command:
- /radius
- healthcheck
startup:
enabled: true
type: exec
command:
- /radius
- healthcheck
# ===== LDAP =====
ldap:
enabled: true
type: Deployment
podSpec:
containers:
ldap:
enabled: true
primary: true
imageSelector: ldapImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: ldap
- secretRef:
name: ldap
probes:
liveness:
enabled: true
type: exec
command:
- /ldap
- healthcheck
readiness:
enabled: true
type: exec
command:
- /ldap
- healthcheck
startup:
enabled: true
type: exec
command:
- /ldap
- healthcheck
# ===== GeoIP Updater =====
geoip:
enabled: true
type: Deployment
podSpec:
containers:
geoip:
enabled: true
primary: true
imageSelector: geoipImage
securityContext:
runAsUser: 0
runAsGroup: 0
capabilities:
disableS6Caps: true
envFrom:
- configMapRef:
name: geoip
- secretRef:
name: geoip
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
service:
# Server HTTPS
main:
ports:
main:
protocol: https
port: 10229
# Server HTTP
http:
enabled: true
type: ClusterIP
ports:
http:
enabled: true
protocol: http
port: 10230
# Proxy
proxy:
enabled: true
targetSelector: proxy
ports:
http:
enabled: true
protocol: http
port: 10227
targetSelector: proxy
https:
enabled: true
protocol: https
port: 10228
targetSelector: proxy
# Radius
radius:
enabled: true
targetSelector: radius
ports:
radius:
enabled: true
protocol: udp
targetSelector: radius
port: 1812
# LDAP
ldap:
enabled: true
targetSelector: ldap
ports:
ldap:
enabled: true
port: 389
targetSelector: ldap
# LDAPS
ldaps:
enabled: true
targetSelector: ldap
ports:
ldaps:
enabled: true
port: 636
targetSelector: ldap
# Server Metrics
servermetrics:
enabled: true
type: ClusterIP
ports:
servermetrics:
enabled: true
protocol: http
port: 10231
# Radius Metrics
radiusmetrics:
enabled: true
type: ClusterIP
targetSelector: radius
ports:
radiusmetrics:
enabled: true
protocol: http
port: 10232
targetSelector: radius
# LDAP Metrics
ldapmetrics:
enabled: true
type: ClusterIP
targetSelector: ldap
ports:
ldapmetrics:
enabled: true
protocol: http
port: 10233
targetSelector: ldap
# Proxy Metrics
proxymetrics:
enabled: true
type: ClusterIP
targetSelector: proxy
ports:
proxymetrics:
enabled: true
protocol: http
port: 10234
targetSelector: proxy
persistence:
media:
enabled: true
targetSelector:
main:
main:
mountPath: /media
worker:
worker:
mountPath: /media
templates:
enabled: true
targetSelector:
main:
main:
mountPath: /templates
worker:
worker:
mountPath: /templates
blueprints:
enabled: true
targetSelector:
worker:
worker:
# This will automatically change to `/blueprints`
# if `overwriteDefaultBlueprints` is set to `true
# Otherwise it will respect the value specified here
mountPath: /blueprints/custom
certs:
enabled: true
mountPath: /certs
targetSelector:
worker:
worker:
mountPath: /certs
geoip:
enabled: true
targetSelector:
main:
main:
mountPath: /geoip
worker:
worker:
mountPath: /geoip
geoip:
geoip:
mountPath: /usr/share/GeoIP
cnpg:
main:
enabled: true
user: authentik
database: authentik
redis:
enabled: true
portal:
open:
enabled: true
metrics:
# FIXME: Metrics do not work yet
servermetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.servermetrics.ports.servermetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
radiusmetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.radiusmetrics.ports.radiusmetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
ldapmetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.ldapmetrics.ports.ldapmetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
proxymetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.proxymetrics.ports.proxymetrics.port }}"
path: /metrics
prometheusRule:
enabled: false

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

View File

@ -0,0 +1,128 @@
{{/* Define the configmaps */}}
{{- define "authentik.configmaps" -}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
{{- $serverHost := printf "https://%v:%v" $fullname .Values.service.main.ports.main.port -}}
{{- $host := .Values.chartContext.APPURL }}
server:
enabled: true
data:
AUTHENTIK_LISTEN__HTTPS: {{ printf "0.0.0.0:%v" .Values.service.main.ports.main.port | quote }}
AUTHENTIK_LISTEN__HTTP: {{ printf "0.0.0.0:%v" .Values.service.http.ports.http.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.servermetrics.ports.servermetrics.port | quote }}
server-worker:
enabled: true
data:
{{/* Dependencies */}}
AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }}
AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }}
AUTHENTIK_POSTGRESQL__HOST: {{ .Values.cnpg.main.creds.host }}
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_REDIS__HOST: {{ .Values.redis.creds.plain }}
AUTHENTIK_REDIS__PORT: "6379"
{{/* Outposts */}}
AUTHENTIK_OUTPOSTS__DISCOVER: "false"
{{/* GeoIP */}}
{{- $geoipPath := (printf "/geoip/%v.mmdb" .Values.authentik.geoip.editionID) -}}
{{- if not .Values.authentik.geoip.enabled -}}
{{- $geoipPath = "/tmp/non-existent-file" -}}
{{- end -}}
{{- if or .Values.authentik.geoip.enabled .Values.authentik.geoip.wipeBuiltInDb }}
AUTHENTIK_GEOIP: {{ $geoipPath }}
{{- end }}
{{/* Mail */}}
AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.email.useTLS | quote }}
AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.email.useSSL | quote }}
{{- with .Values.authentik.email.port }}
AUTHENTIK_EMAIL__PORT: {{ . | quote }}
{{- end -}}
{{- with .Values.authentik.email.timeout }}
AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
{{- end }}
{{/* LDAP */}}
AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS: {{ .Values.authentik.ldap.taskTimeoutHours | quote }}
AUTHENTIK_LDAP__TLS__CIPHERS: {{ .Values.authentik.ldap.tlsCiphers | quote }}
{{/* Logging */}}
AUTHENTIK_LOG_LEVEL: {{ .Values.authentik.logging.logLevel }}
{{/* Error Reporting */}}
AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.errorReporting.enabled | quote }}
AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.errorReporting.sendPII | quote }}
{{- with .Values.authentik.errorReporting.environment }}
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . | quote }}
{{- end -}}
{{- with .Values.authentik.errorReporting.sentryDSN }}
AUTHENTIK_ERROR_REPORTING__SENTRY_DSN: {{ . | quote }}
{{- end -}}
{{- with .Values.authentik.general.avatars }}
AUTHENTIK_AVATARS: {{ join "," . }}
{{- end -}}
{{- with .Values.authentik.general.footerLinks }}
AUTHENTIK_FOOTER_LINKS: {{ toJson . | squote }}
{{- end }}
{{/* General */}}
AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disableUpdateCheck | quote }}
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disableStartupAnalytics | quote }}
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allowUserChangeName | quote }}
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allowUserChangeEmail | quote }}
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allowUserChangeUsername | quote }}
AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdprCompliance | quote }}
AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.tokenLength | quote }}
AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
{{- if .Values.authentik.outposts.proxy.enabled }}
proxy:
enabled: true
data:
AUTHENTIK_LISTEN__HTTP: {{ printf "0.0.0.0:%v" .Values.service.proxy.ports.http.port | quote }}
AUTHENTIK_LISTEN__HTTPS: {{ printf "0.0.0.0:%v" .Values.service.proxy.ports.https.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.proxymetrics.ports.proxymetrics.port | quote }}
AUTHENTIK_HOST: {{ $serverHost }}
AUTHENTIK_INSECURE: "true"
# TODO: node ip or ingress host
AUTHENTIK_HOST_BROWSER: {{ $host }}
{{- end -}}
{{- if .Values.authentik.outposts.radius.enabled }}
radius:
enabled: true
data:
AUTHENTIK_LISTEN__RADIUS: {{ printf "0.0.0.0:%v" .Values.service.radius.ports.radius.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.radiusmetrics.ports.radiusmetrics.port | quote }}
AUTHENTIK_HOST: {{ $serverHost }}
AUTHENTIK_INSECURE: "true"
# TODO: node ip or ingress host
AUTHENTIK_HOST_BROWSER: {{ $host }}
{{- end -}}
{{- if .Values.authentik.outposts.ldap.enabled }}
ldap:
enabled: true
data:
AUTHENTIK_LISTEN__LDAP: {{ printf "0.0.0.0:%v" .Values.service.ldap.ports.ldap.port | quote }}
AUTHENTIK_LISTEN__LDAPS: {{ printf "0.0.0.0:%v" .Values.service.ldaps.ports.ldaps.port | quote }}
AUTHENTIK_LISTEN__METRICS: {{ printf "0.0.0.0:%v" .Values.service.ldapmetrics.ports.ldapmetrics.port | quote }}
AUTHENTIK_HOST: {{ $serverHost }}
AUTHENTIK_INSECURE: "true"
# TODO: node ip or ingress host
AUTHENTIK_HOST_BROWSER: {{ $host }}
{{- end -}}
{{- if .Values.authentik.geoip.enabled }}
geoip:
enabled: true
data:
GEOIPUPDATE_EDITION_IDS: {{ .Values.authentik.geoip.editionID }}
GEOIPUPDATE_FREQUENCY: {{ .Values.authentik.geoip.frequency | quote }}
GEOIPUPDATE_DB_DIR: {{ .Values.persistence.geoip.targetSelector.geoip.geoip.mountPath | quote }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,74 @@
{{/* Define the secrets */}}
{{- define "authentik.secrets" -}}
{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" $ -}}
{{- $fetchname := printf "%v-server-worker" $fullname -}}
{{- $secretKey := randAlphaNum 32 -}}
{{- with (lookup "v1" "Secret" .Release.Namespace $fetchname) -}}
{{- $secretKey = index .data "AUTHENTIK_SECRET_KEY" | b64dec -}}
{{- end }}
server-worker:
enabled: true
data:
{{/* Dependencies */}}
AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
{{/* Secret Key */}}
AUTHENTIK_SECRET_KEY: {{ $secretKey }}
{{/* Initial credentials */}}
AUTHENTIK_BOOTSTRAP_EMAIL: {{ .Values.authentik.credentials.email | quote }}
AUTHENTIK_BOOTSTRAP_PASSWORD: {{ .Values.authentik.credentials.password | quote }}
{{- with .Values.authentik.credentials.bootstrapToken }}
AUTHENTIK_BOOTSTRAP_TOKEN: {{ . }}
{{- end }}
{{/* Mail */}}
{{- with .Values.authentik.email.host }}
AUTHENTIK_EMAIL__HOST: {{ . }}
{{- end -}}
{{- with .Values.authentik.email.username }}
AUTHENTIK_EMAIL__USERNAME: {{ . }}
{{- end -}}
{{- with .Values.authentik.email.password }}
AUTHENTIK_EMAIL__PASSWORD: {{ . }}
{{- end -}}
{{- with .Values.authentik.email.from }}
AUTHENTIK_EMAIL__FROM: {{ . }}
{{- end -}}
{{- if .Values.authentik.geoip.enabled }}
geoip:
enabled: true
data:
GEOIPUPDATE_VERBOSE: "0"
GEOIPUPDATE_PRESERVE_FILE_TIMES: "1"
GEOIPUPDATE_ACCOUNT_ID: {{ .Values.authentik.geoip.accountID | quote }}
GEOIPUPDATE_LICENSE_KEY: {{ .Values.authentik.geoip.licenseKey | quote }}
{{- end -}}
{{- if .Values.authentik.outposts.proxy.enabled }}
proxy:
enabled: true
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.proxy.token | quote }}
{{- end -}}
{{- if .Values.authentik.outposts.radius.enabled }}
radius:
enabled: true
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.radius.token | quote }}
{{- end -}}
{{- if .Values.authentik.outposts.ldap.enabled }}
ldap:
enabled: true
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.ldap.token | quote }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,23 @@
{{- define "authentik.validation" -}}
{{- range $outpost, $values := .Values.authentik.outposts -}}
{{- if (kindIs "dict" $values) -}}
{{- if and $values.enabled (not $values.token) -}}
{{- fail (printf "Authentik - Outpost [%v] is enabled, but [token] was not provided" ($outpost | upper)) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.authentik.geoip.enabled -}}
{{- if not .Values.authentik.geoip.accountID -}}
{{- fail "Authentik - GeoIP is enabled but [accountID] was not provided" -}}
{{- end -}}
{{- if not .Values.authentik.geoip.licenseKey -}}
{{- fail "Authentik - GeoIP is enabled but [licenseKey] was not provided" -}}
{{- end -}}
{{- if contains " " .Values.authentik.geoip.editionID -}}
{{- fail "Authentik - GeoIP is enabled but [editionID] cannot contain spaces" -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,20 @@
{{- define "authentik.wait.server" -}}
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- $serverUrl := printf "https://%v:%v/-/health/ready/" $fullname .Values.service.main.ports.main.port }}
enabled: true
type: init
imageSelector: alpineImage
command: /bin/sh
args:
- -c
- |
echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
until wget --no-check-certificate --spider --quiet "{{ $serverUrl }}";
do
echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
sleep 3
done
echo "Authentik [{{ $serverUrl }}] is ready..."
echo "Starting Outpost..."
{{- end -}}

View File

@ -0,0 +1,97 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.v1.common.loader.init" . }}
{{- include "authentik.validation" $ -}}
{{/* Render secrets for authentik and friends */}}
{{- $secrets := include "authentik.secrets" . | fromYaml -}}
{{- if $secrets -}}
{{ $secrets := (mustMergeOverwrite .Values.secret $secrets) }}
{{- $_ := set .Values "secret" $secrets -}}
{{- end -}}
{{/* Render configmaps for authentik and friends */}}
{{- $configmaps := include "authentik.configmaps" . | fromYaml -}}
{{- if $configmaps -}}
{{ $configmaps := (mustMergeOverwrite .Values.configmap $configmaps) }}
{{- $_ := set .Values "configmap" $configmaps -}}
{{- end -}}
{{- if .Values.authentik.general.overwriteDefaultBlueprints -}}
{{- $_ := set .Values.persistence.blueprints.targetSelector.worker.worker "mountPath" "/blueprints" -}}
{{- end -}}
{{- if .Values.authentik.geoip.enabled -}}
{{- $_ := set .Values.workload.geoip "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.geoip "enabled" false -}}
{{- $_ := set .Values.persistence.geoip "enabled" false -}}
{{- end -}}
{{- if or .Values.authentik.geoip.enabled .Values.authentik.geoip.wipeBuiltInDb -}}
{{- $_ := set .Values.persistence.geoip "enabled" true -}}
{{- end -}}
{{- if .Values.authentik.outposts.proxy.enabled -}}
{{- $_ := set .Values.workload.proxy "enabled" true -}}
{{- if not .Values.workload.proxy.podSpec.initContainers -}}
{{- $_ := set .Values.workload.proxy.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.proxy.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.proxy "enabled" true -}}
{{- $_ := set .Values.service.proxymetrics "enabled" true -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.proxy "enabled" false -}}
{{- $_ := set .Values.service.proxy "enabled" false -}}
{{- $_ := set .Values.service.proxymetrics "enabled" false -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" false -}}
{{- end -}}
{{- if .Values.authentik.outposts.radius.enabled -}}
{{- $_ := set .Values.workload.radius "enabled" true -}}
{{- if not .Values.workload.radius.podSpec.initContainers -}}
{{- $_ := set .Values.workload.radius.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.radius.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.radius "enabled" true -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" true -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.radius "enabled" false -}}
{{- $_ := set .Values.service.radius "enabled" false -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" false -}}
{{- end -}}
{{- if .Values.authentik.outposts.ldap.enabled -}}
{{- $_ := set .Values.workload.ldap "enabled" true -}}
{{- if not .Values.workload.ldap.podSpec.initContainers -}}
{{- $_ := set .Values.workload.ldap.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.ldap.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.ldap "enabled" true -}}
{{- $_ := set .Values.service.ldaps "enabled" true -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" true -}}
{{- $_ := set .Values.metrics.ldapmetrics "enabled" true -}}
{{- else -}}
{{- $_ := set .Values.workload.ldap "enabled" false -}}
{{- $_ := set .Values.service.ldap "enabled" false -}}
{{- $_ := set .Values.service.ldaps "enabled" false -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.ldapmetrics "enabled" false -}}
{{- end -}}
{{/* FIXME: See values.yaml */}}
{{- $_ := set .Values.service.servermetrics "enabled" false -}}
{{- $_ := set .Values.service.proxymetrics "enabled" false -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" false -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.servermetrics "enabled" false -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" false -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" false -}}
{{- $_ := set .Values.metrics.ldapmetrics "enabled" false -}}
{{/* Render the templates */}}
{{ include "tc.v1.common.loader.apply" . }}

View File