diff --git a/incubator/authentik/12.0.0/CHANGELOG.md b/incubator/authentik/12.0.0/CHANGELOG.md new file mode 100644 index 00000000000..afad8b4f66c --- /dev/null +++ b/incubator/authentik/12.0.0/CHANGELOG.md @@ -0,0 +1,88 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [authentik-12.0.0](https://github.com/truecharts/charts/compare/authentik-11.0.0...authentik-12.0.0) (2023-06-10) + +### Feat + +- hide advanced ingress options behind checbox ([#9203](https://github.com/truecharts/charts/issues/9203)) + - BREAKING CHANGE Port to new common ([#9426](https://github.com/truecharts/charts/issues/9426)) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + + + + +## [authentik-11.0.0](https://github.com/truecharts/charts/compare/authentik-10.0.46...authentik-11.0.0) (2023-05-24) + diff --git a/incubator/authentik/12.0.0/Chart.yaml b/incubator/authentik/12.0.0/Chart.yaml new file mode 100644 index 00000000000..52fcc61588f --- /dev/null +++ b/incubator/authentik/12.0.0/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "2023.4.1" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 12.10.4 + - condition: redis.enabled + name: redis + repository: https://deps.truecharts.org + version: 6.0.46 +description: authentik is an open-source Identity Provider focused on flexibility and versatility. +home: https://truecharts.org/charts/incubator/authentik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png +keywords: + - authentik +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: authentik +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/authentik + - https://github.com/goauthentik/authentik + - https://goauthentik.io/docs/ +version: 12.0.0 +annotations: + truecharts.org/catagories: | + - authentication + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/incubator/authentik/12.0.0/LICENSE b/incubator/authentik/12.0.0/LICENSE new file mode 100644 index 00000000000..33a8cbb23f0 --- /dev/null +++ b/incubator/authentik/12.0.0/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Blocky" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/incubator/authentik/12.0.0/README.md b/incubator/authentik/12.0.0/README.md new file mode 100644 index 00000000000..63d5d2c8fdc --- /dev/null +++ b/incubator/authentik/12.0.0/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/incubator/authentik/12.0.0/app-changelog.md b/incubator/authentik/12.0.0/app-changelog.md new file mode 100644 index 00000000000..37669c43d0f --- /dev/null +++ b/incubator/authentik/12.0.0/app-changelog.md @@ -0,0 +1,10 @@ + + +## [authentik-12.0.0](https://github.com/truecharts/charts/compare/authentik-11.0.0...authentik-12.0.0) (2023-06-10) + +### Feat + +- hide advanced ingress options behind checbox ([#9203](https://github.com/truecharts/charts/issues/9203)) + - BREAKING CHANGE Port to new common ([#9426](https://github.com/truecharts/charts/issues/9426)) + + \ No newline at end of file diff --git a/incubator/authentik/12.0.0/app-readme.md b/incubator/authentik/12.0.0/app-readme.md new file mode 100644 index 00000000000..bfae7a30d27 --- /dev/null +++ b/incubator/authentik/12.0.0/app-readme.md @@ -0,0 +1,8 @@ +authentik is an open-source Identity Provider focused on flexibility and versatility. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/incubator/authentik](https://truecharts.org/charts/incubator/authentik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/incubator/authentik/12.0.0/charts/common-12.10.4.tgz b/incubator/authentik/12.0.0/charts/common-12.10.4.tgz new file mode 100644 index 00000000000..66771bb2ec5 Binary files /dev/null and b/incubator/authentik/12.0.0/charts/common-12.10.4.tgz differ diff --git a/incubator/authentik/12.0.0/charts/redis-6.0.46.tgz b/incubator/authentik/12.0.0/charts/redis-6.0.46.tgz new file mode 100644 index 00000000000..89e115de475 Binary files /dev/null and b/incubator/authentik/12.0.0/charts/redis-6.0.46.tgz differ diff --git a/incubator/authentik/12.0.0/ix_values.yaml b/incubator/authentik/12.0.0/ix_values.yaml new file mode 100644 index 00000000000..f30ddc863e0 --- /dev/null +++ b/incubator/authentik/12.0.0/ix_values.yaml @@ -0,0 +1,290 @@ +image: + repository: tccr.io/truecharts/authentik + tag: 2023.4.1@sha256:7d60414d9d5f2395b703228193e8b03c616d7fed6c3cee620940845dd0b725cb + pullPolicy: IfNotPresent + +geoipImage: + repository: tccr.io/truecharts/geoipupdate + tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce + pullPolicy: IfNotPresent + +ldapImage: + repository: tccr.io/truecharts/authentik-ldap + tag: 2023.4.1@sha256:f737b534c6f3a022b002bb5d635ef491273fd40f8c0b6dd64efa7f5f6265d8cf + pullPolicy: IfNotPresent + +proxyImage: + repository: tccr.io/truecharts/authentik-proxy + tag: 2023.4.1@sha256:b6e40435836333bdc53afde38f4c4bfb342005b0636d769c641c79348ce1aae4 + pullPolicy: IfNotPresent + +securityContext: + container: + runAsUser: 1000 + runAsGroup: 1000 + readOnlyRootFilesystem: false + +workload: + main: + replicas: 1 + strategy: RollingUpdate + podSpec: + containers: + main: + args: ["server"] + envFrom: + - secretRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret' + - configMapRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config' + - configMapRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-server-config' + probes: + liveness: + type: https + path: /-/health/live/ + port: "{{ .Values.service.main.ports.main.targetPort }}" + readiness: + type: https + path: /-/health/ready/ + port: "{{ .Values.service.main.ports.main.targetPort }}" + startup: + type: https + path: /-/health/ready/ + port: "{{ .Values.service.main.ports.main.targetPort }}" + +service: + main: + ports: + main: + protocol: https + port: 10229 + targetPort: 9443 + http: + enabled: true + type: ClusterIP + ports: + http: + enabled: true + protocol: http + port: 10230 + targetPort: 9000 + # LDAP Outpost Services + ldapldaps: + enabled: true + ports: + ldapldaps: + enabled: true + port: 636 + targetPort: 6636 + ldapldap: + enabled: true + ports: + ldapldap: + enabled: true + port: 389 + targetPort: 3389 + # Proxy Outpost Services + proxyhttps: + enabled: true + ports: + proxyhttps: + enabled: true + port: 10233 + protocol: https + targetPort: 9444 + proxyhttp: + enabled: true + type: ClusterIP + ports: + proxyhttp: + enabled: true + port: 10234 + protocol: http + targetPort: 9001 + # Metrics Services + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + protocol: http + port: 10231 + targetPort: 9301 + ldapmetrics: + enabled: true + type: ClusterIP + ports: + ldapmetrics: + enabled: true + port: 10232 + protocol: http + targetPort: 9302 + proxymetrics: + enabled: true + type: ClusterIP + ports: + proxymetrics: + enabled: true + port: 10235 + protocol: http + targetPort: 9303 + +metrics: + # TODO + main: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: false + type: "servicemonitor" + endpoints: + - port: main + path: /metrics + interval: 1m + scrapeTimeout: 30s + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: + [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical + +ingress: + proxyhttps: + autoLink: true + +# Target selectors taken from authentik's compose file: +# See https://github.com/goauthentik/authentik/blob/main/docker-compose.yml +persistence: + media: + enabled: true + mountPath: "/media" + targetSelector: + main: + main: {} + worker: {} + templates: + enabled: true + mountPath: "/templates" + targetSelector: + main: + main: {} + worker: {} + certs: + enabled: true + mountPath: "/certs" + targetSelector: + main: + worker: {} + geoip: + enabled: true + mountPath: "/usr/share/GeoIP" + targetSelector: + main: + geoip: {} + +cnpg: + main: + enabled: true + user: authentik + database: authentik + +cnpgProvider: + port: 5432 + +# Enabled redis +# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis +redis: + enabled: true + +redisProvider: + port: 6379 + +workerContainer: + enabled: true + +authentik: + credentials: + password: "supersecret" + general: + disable_update_check: false + disable_startup_analytics: true + allow_user_name_change: true + allow_user_mail_change: true + allow_user_username_change: true + gdpr_compliance: true + impersonation: true + avatars: "gravatar,initials" + token_length: 128 + # Use single quotes for footer_links + footer_links: '[{"name": "Link Name", "href": "https://mylink.com"}]' + mail: + host: "" + port: 25 + tls: false + ssl: false + timeout: 10 + user: "" + pass: "" + from: "" + error_reporting: + enabled: false + send_pii: false + environment: "customer" + logging: + log_level: "info" + ldap: + tls_ciphers: "null" + +geoip: + enabled: false + account_id: "" + license_key: "" + proxy: "" + proxy_user_pass: "" + edition_ids: "GeoLite2-City" + frequency: 8 + host_server: "updates.maxmind.com" + preserve_file_times: false + verbose: false + +outposts: + ldap: + # -- First you have to create an Outpost in the GUI. Applications > Outposts + enabled: false + # -- Host Browser by default is set to the first ingress host you set + # host_browser: "" + # -- Host should not need to be overridden. Defaults to https://localhost:9443 + # host: "" + # -- As we use https://localhost:9443 it's an unsecure connection + # insecure: false + # -- Token is only needed if you accidentally deleted the token within the UI + # token: "" + proxy: + # -- First you have to create an Outpost in the GUI. Applications > Outposts + enabled: false + # -- Host Browser by default is set to the first ingress host you set + # host_browser: "" + # -- As we use https://localhost:9443 it's an unsecure connection + # insecure: false + # -- Host should not need to be overridden. Defaults to https://localhost:9443 + # host: "" + # -- Token is only needed if you accidentally deleted the token within the UI + # token: "" + +portal: + open: + enabled: true diff --git a/incubator/authentik/12.0.0/questions.yaml b/incubator/authentik/12.0.0/questions.yaml new file mode 100644 index 00000000000..b23baed1571 --- /dev/null +++ b/incubator/authentik/12.0.0/questions.yaml @@ -0,0 +1,2887 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: authentik + group: App Configuration + label: Authentik Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: credentials + label: Credentials + schema: + additional_attrs: true + type: dict + attrs: + - variable: password + label: Password (Initial install only) + description: Password for user. Can be used for any flow executor + schema: + type: string + private: true + required: true + default: "" + - variable: general + label: General + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_update_check + label: Disable Update Check + description: Disable the inbuilt update-checker + schema: + type: boolean + default: false + - variable: disable_startup_analytics + label: Disable Startup Analytics + description: Disable startup analytics + schema: + type: boolean + default: true + - variable: allow_user_name_change + label: Allow User Name Change + description: Enable the ability for users to change their Name + schema: + type: boolean + default: true + - variable: allow_user_mail_change + label: Allow User Mail Change + description: Enable the ability for users to change their Email address + schema: + type: boolean + default: true + - variable: allow_user_username_change + label: Allow User Username Change + description: Enable the ability for users to change their Usernames + schema: + type: boolean + default: true + - variable: gdpr_compliance + label: GDPR Compliance + description: When enabled, all the events caused by a user will be deleted upon the user's deletion + schema: + type: boolean + default: true + - variable: impersonation + label: Impersonation + description: Globally enable / disable impersonation + schema: + type: boolean + default: true + - variable: avatars + label: Avatars + description: Configure how authentik should show avatars for users + schema: + type: string + default: gravatar,initials + - variable: token_length + label: Token Length + description: Configure the length of generated tokens + schema: + type: int + default: 128 + - variable: footer_links + label: Footer Links + description: This option configures the footer links on the flow executor pages + schema: + type: string + default: "" + - variable: mail + label: e-Mail + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: Mail Server Host + description: Sets host of mail server + schema: + type: string + default: "" + - variable: port + label: Mail Server Port + description: Sets port of mail server + schema: + type: int + default: 25 + - variable: tls + label: Use TLS for authentication + description: Sets tls for mail server authentication + schema: + type: boolean + default: false + - variable: ssl + label: Use SSL for authentication + description: Sets ssl for mail server authentication + schema: + type: boolean + default: false + - variable: timeout + label: Timeout of authentication + description: Sets timeout for mail server authentication + schema: + type: int + default: 10 + - variable: user + label: Username + description: Sets username of mail server + schema: + type: string + default: "" + - variable: pass + label: Password + description: Sets password of mail server + schema: + type: string + private: true + default: "" + - variable: from + label: From Address + description: Email address authentik will send from + schema: + type: string + default: "" + - variable: error_reporting + label: Error Reporting + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Reporting + description: Enables error reporting + schema: + type: boolean + default: false + show_subquestions_if: + subquestions: + - variable: send_pii + label: Send Personal Data + description: Whether or not to send personal data, like usernames + schema: + type: boolean + default: false + - variable: environment + label: Environment + description: Unique environment that is attached to your error reports, should be set to your email address for example. + schema: + type: string + default: customer + - variable: logging + label: Logging + schema: + additional_attrs: true + type: dict + attrs: + - variable: log_level + label: Log Level + description: Log level for the server and worker containers + schema: + type: string + default: info + enum: + - value: trace + description: trace + - value: debug + description: debug + - value: info + description: info + - value: warning + description: warning + - value: error + description: error + - variable: ldap + label: LDAP + schema: + additional_attrs: true + type: dict + attrs: + - variable: tls_ciphers + label: TLS Ciphers + description: Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources + schema: + type: string + default: "null" + - variable: outposts + group: App Configuration + label: Outpost Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: ldap + label: LDAP + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable LDAP outpost + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: overrideHost + label: Override Host + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: Authentik Host + description: "URL of your Authentik server. (e.g. https://auth.domain.com)" + schema: + type: string + # TODO: Make them required again once Scale stable supports nested subquestions + # required: true + default: "" + - variable: insecure + label: Insecure + description: Check only if you accessing Authentik in an unsecure way + schema: + type: boolean + default: false + - variable: overrideToken + label: Override Token + description: Overrides the random generated token to provide your own + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: token + label: API Token + description: You can get this from Applications > Outposts > View Deployment Info + schema: + type: string + private: true + # TODO: Make them required again once Scale stable supports nested subquestions + # required: true + default: "" + - variable: overrideBrowserHost + label: Override Host Browser + description: Overrides the Browser Host, by default the first ingress host is used + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host_browser + label: Host Browser + description: URL to use in the browser, when it differs from << host >> + schema: + type: string + # TODO: Make them required again once Scale stable supports nested subquestions + # required: true + default: "" + - variable: proxy + label: Proxy + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Proxy outpost + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: overrideHost + label: Override Host + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: Authentik Host + description: "URL of your Authentik server. (e.g. https://auth.domain.com)" + schema: + type: string + # TODO: Make them required again once Scale stable supports nested subquestions + # required: true + default: "" + - variable: insecure + label: Insecure + description: Check only if you accessing Authentik in an unsecure way + schema: + type: boolean + default: false + - variable: overrideToken + label: Override Token + description: Overrides the random generated token to provide your own + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: token + label: API Token + description: You can get this from Applications > Outposts > View Deployment Info + schema: + type: string + private: true + # TODO: Make them required again once Scale stable supports nested subquestions + # required: true + default: "" + - variable: overrideBrowserHost + label: Override Host Browser + description: Overrides the Browser Host, by default the first ingress host is used + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host_browser + label: Host Browser + description: URL to use in the browser, when it differs from << host >> + schema: + type: string + # TODO: Make them required again once Scale stable supports nested subquestions + # required: true + default: "" + - variable: geoip + group: App Configuration + label: GeoIP Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable GeoIP Container + description: Enables GeoIP container + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: account_id + label: Account ID + description: Your MaxMind account ID + schema: + type: string + private: true + required: true + default: "" + - variable: license_key + label: License Key + description: Your case-sensitive MaxMind license key + schema: + type: string + private: true + required: true + default: "" + - variable: edition_ids + label: Edition IDs + description: List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes + schema: + type: string + required: true + default: GeoLite2-City + - variable: frequency + label: Frequency + description: The number of hours between geoipupdate runs + schema: + type: int + min: 1 + default: 8 + - variable: host_server + label: Host Server + description: The host name of the server to use + schema: + type: string + default: updates.maxmind.com + - variable: preserve_file_times + label: Preserve File Times + description: Whether to preserve modification times of files downloaded from the server + schema: + type: boolean + default: false + - variable: verbose + label: Verbose + description: Enable verbose mode. Prints out the steps that geoipupdate takes + schema: + type: boolean + default: false + - variable: proxy + label: Proxy + description: The proxy host name or IP address + schema: + type: string + default: "" + - variable: proxy_user_pass + label: Proxy Pass + description: The proxy user name and password, separated by a colon + schema: + type: string + private: true + default: "" + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 10229 + required: true + - variable: ldapldaps + label: LDAPS Service + description: The LDAPS service. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ldapldaps + label: LDAPS Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 636 + required: true + - variable: ldapldap + label: LDAP Service + description: The LDAPS service. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ldapldap + label: LDAP Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 389 + required: true + - variable: proxyhttps + label: Proxy HTTPS Service + description: The Proxy HTTPS service. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: proxyhttps + label: Proxy HTTPS Service Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 10233 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: media + label: App Media Storage + description: Stores the Application Media. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: templates + label: App Templates Storage + description: Stores the Application Templates. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: certs + label: App Certs Storage + description: Stores the Application Certs. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: geoip + label: App GeoIP Storage + description: Stores the Application GeoIP. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main (HTTPS) Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: proxyhttps + label: Proxy HTTPS Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 1000 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 1000 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/incubator/authentik/12.0.0/templates/NOTES.txt b/incubator/authentik/12.0.0/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/incubator/authentik/12.0.0/templates/_config.tpl b/incubator/authentik/12.0.0/templates/_config.tpl new file mode 100644 index 00000000000..04b8874a8f3 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/_config.tpl @@ -0,0 +1,118 @@ +{{/* Define the configmaps */}} +{{- define "authentik.configmaps" -}} + +{{- $authServerWorkerConfigName := printf "%s-authentik-config" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $authServerConfigName := printf "%s-authentik-server-config" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $ldapConfigName := printf "%s-ldap-config" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $proxyConfigName := printf "%s-proxy-config" (include "tc.v1.common.lib.chart.names.fullname" .) }} + +{{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }} +{{- if .Values.ingress.main.enabled }} + {{ $first := (first .Values.ingress.main.hosts) }} + {{- if $first }} + {{ $host = printf "https://%s" $first.host }} + {{- end }} +{{- end }} + +{{/* This configmap is loaded in both the main authentik container and worker */}} +{{ $authServerWorkerConfigName }}: + enabled: true + data: + {{/* Dependencies */}} + AUTHENTIK_REDIS__HOST: {{ .Values.redis.creds.plain }} + {{- with $redis := .Values.redisProvider }} + AUTHENTIK_REDIS__PORT: {{ default 6379 $redis.port | quote }} + {{- end }} + AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }} + AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }} + AUTHENTIK_POSTGRESQL__HOST: {{ .Values.cnpg.main.creds.host }} + {{- with $cnpg := .Values.cnpgProvider }} + AUTHENTIK_POSTGRESQL__PORT: {{ default 5432 $cnpg.port | quote }} + {{- end }} + {{/* Mail */}} + {{- with .Values.authentik.mail.port }} + AUTHENTIK_EMAIL__PORT: {{ . | quote }} + {{- end }} + AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }} + AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }} + {{- with .Values.authentik.mail.timeout }} + AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }} + {{- end }} + {{/* Logging */}} + {{- with .Values.authentik.logging.log_level }} + AUTHENTIK_LOG_LEVEL: {{ . }} + {{- end }} + {{/* General */}} + AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }} + AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }} + {{- with .Values.authentik.general.avatars }} + AUTHENTIK_AVATARS: {{ . }} + {{- end }} + AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }} + AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }} + AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }} + AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }} + AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }} + AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }} + {{- with .Values.authentik.general.footer_links }} + AUTHENTIK_FOOTER_LINKS: {{ . | squote }} + {{- end }} + {{/* Error Reporting */}} + AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }} + AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }} + {{- with .Values.authentik.error_reporting.environment }} + AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }} + {{- end }} + {{/* LDAP */}} + {{- with .Values.authentik.ldap.tls_ciphers }} + AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }} + {{- end }} + {{/* Outposts */}} + AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }} + +{{/* This configmap is loaded in both the main authentik container and worker */}} +{{ $authServerConfigName }}: + enabled: true + data: + {{/* Listen */}} + AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }} + AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }} + AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }} + +{{/* This configmap is loaded in the geoip container */}} +{{ $geoipConfigName }}: + enabled: {{ .Values.geoip.enabled }} + data: + {{- with .Values.geoip.edition_ids }} + GEOIPUPDATE_EDITION_IDS: {{ . }} + {{- end }} + GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }} + {{- with .Values.geoip.host_server }} + GEOIPUPDATE_HOST: {{ . }} + {{- end }} + GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }} + GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }} + +{{/* This configmap is loaded in the ldap container */}} +{{ $ldapConfigName }}: + enabled: {{ .Values.outposts.ldap.enabled }} + data: + AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }} + AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }} + AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }} + AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }} + AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }} + AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }} + +{{/* This configmap is loaded in the proxy container */}} +{{ $proxyConfigName }}: + enabled: {{ .Values.outposts.proxy.enabled }} + data: + AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }} + AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }} + AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }} + AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }} + AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }} + AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }} +{{- end -}} diff --git a/incubator/authentik/12.0.0/templates/_geoip.tpl b/incubator/authentik/12.0.0/templates/_geoip.tpl new file mode 100644 index 00000000000..aa7032d9e38 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/_geoip.tpl @@ -0,0 +1,23 @@ +{{/* Define the geoip container */}} +{{- define "authentik.geoip.container" -}} +enabled: true +primary: false +imageSelector: geoipImage +securityContext: + runAsUser: 0 + runAsGroup: 0 +envFrom: + - secretRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-geoip-secret' + - configMapRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-geoip-config' +{{/* TODO: Add healthchecks */}} +{{/* TODO: https://github.com/maxmind/geoipupdate/issues/105 */}} +probes: + readiness: + enabled: false + liveness: + enabled: false + startup: + enabled: false +{{- end -}} diff --git a/incubator/authentik/12.0.0/templates/_ldap.tpl b/incubator/authentik/12.0.0/templates/_ldap.tpl new file mode 100644 index 00000000000..b54a71c7674 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/_ldap.tpl @@ -0,0 +1,39 @@ +{{/* Define the ldap container */}} +{{- define "authentik.ldap.container" -}} +enabled: true +primary: false +imageSelector: ldapImage +securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true +envFrom: + - secretRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-ldap-secret' + - configMapRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-ldap-config' +ports: + - containerPort: {{ .Values.service.ldapldaps.ports.ldapldaps.targetPort }} + name: ldapldaps + - containerPort: {{ .Values.service.ldapldap.ports.ldapldap.targetPort }} + name: ldapldap +{{- if .Values.metrics.enabled }} + - containerPort: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} + name: ldapmetrics +{{- end }} +probes: + readiness: + enabled: true + type: {{ .Values.service.ldapmetrics.ports.ldapmetrics.protocol }} + path: /outpost.goauthentik.io/ping + port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} + liveness: + enabled: true + type: {{ .Values.service.ldapmetrics.ports.ldapmetrics.protocol }} + path: /outpost.goauthentik.io/ping + port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} + startup: + enabled: true + type: {{ .Values.service.ldapmetrics.ports.ldapmetrics.protocol }} + path: /outpost.goauthentik.io/ping + port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} +{{- end -}} diff --git a/incubator/authentik/12.0.0/templates/_proxy.tpl b/incubator/authentik/12.0.0/templates/_proxy.tpl new file mode 100644 index 00000000000..911c571403a --- /dev/null +++ b/incubator/authentik/12.0.0/templates/_proxy.tpl @@ -0,0 +1,39 @@ +{{/* Define the proxy container */}} +{{- define "authentik.proxy.container" -}} +enabled: true +primary: false +imageSelector: proxyImage +securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true +envFrom: + - secretRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-proxy-secret' + - configMapRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-proxy-config' +ports: + - containerPort: {{ .Values.service.proxyhttps.ports.proxyhttps.targetPort }} + name: proxyhttps + - containerPort: {{ .Values.service.proxyhttp.ports.proxyhttp.targetPort }} + name: proxyhttp +{{- if .Values.metrics.enabled }} + - containerPort: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} + name: proxymetrics +{{- end }} +probes: + readiness: + enabled: true + type: {{ .Values.service.proxymetrics.ports.proxymetrics.protocol }} + path: /outpost.goauthentik.io/ping + port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} + liveness: + enabled: true + type: {{ .Values.service.proxymetrics.ports.proxymetrics.protocol }} + path: /outpost.goauthentik.io/ping + port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} + startup: + enabled: true + type: {{ .Values.service.proxymetrics.ports.proxymetrics.protocol }} + path: /outpost.goauthentik.io/ping + port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} +{{- end -}} diff --git a/incubator/authentik/12.0.0/templates/_secret.tpl b/incubator/authentik/12.0.0/templates/_secret.tpl new file mode 100644 index 00000000000..3f4b1957b86 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/_secret.tpl @@ -0,0 +1,81 @@ +{{/* Define the secrets */}} +{{- define "authentik.secrets" -}} + +{{- $authentikSecretName := printf "%s-authentik-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $ldapSecretName := printf "%s-ldap-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $proxySecretName := printf "%s-proxy-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }} +{{- $token := randAlphaNum 128 }} + +{{/* This secret is loaded in both the main authentik container and worker */}} +{{ $authentikSecretName }}: + enabled: true + data: + {{/* Secret Key */}} + {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }} + AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" }} + {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" }} + {{- else }} + AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 }} + {{- end }} + AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }} + {{/* Dependencies */}} + AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }} + AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + {{/* Credentials */}} + {{- with .Values.authentik.credentials.password }} + AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . }} + {{- end }} + {{/* Mail */}} + {{- with .Values.authentik.mail.host }} + AUTHENTIK_EMAIL__HOST: {{ . }} + {{- end }} + {{- with .Values.authentik.mail.user }} + AUTHENTIK_EMAIL__USERNAME: {{ . }} + {{- end }} + {{- with .Values.authentik.mail.pass }} + AUTHENTIK_EMAIL__PASSWORD: {{ . }} + {{- end }} + {{- with .Values.authentik.mail.from }} + AUTHENTIK_EMAIL__FROM: {{ . }} + {{- end }} + +{{/* This secret is loaded in the geoip container */}} +{{ $geoipSecretName }}: + enabled: {{ .Values.geoip.enabled }} + data: + {{/* Credentials */}} + {{- with .Values.geoip.account_id }} + GEOIPUPDATE_ACCOUNT_ID: {{ . }} + {{- end }} + {{- with .Values.geoip.license_key }} + GEOIPUPDATE_LICENSE_KEY: {{ . }} + {{- end }} + {{/* Proxy */}} + {{- with .Values.geoip.proxy }} + GEOIPUPDATE_PROXY: {{ . }} + {{- end }} + {{- with .Values.geoip.proxy_user_pass }} + GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . }} + {{- end }} + +{{/* This secret is loaded in the ldap container */}} +{{ $ldapSecretName }}: + enabled: {{ .Values.outposts.ldap.enabled }} + data: + {{- with .Values.outposts.ldap.token }} + AUTHENTIK_TOKEN: {{ . }} + {{- else }} + AUTHENTIK_TOKEN: {{ $token }} + {{- end }} + +{{/* This secret is loaded in the proxy container */}} +{{ $proxySecretName }}: + enabled: {{ .Values.outposts.proxy.enabled }} + data: + {{- with .Values.outposts.proxy.token }} + AUTHENTIK_TOKEN: {{ . }} + {{- else }} + AUTHENTIK_TOKEN: {{ $token }} + {{- end }} +{{- end }} diff --git a/incubator/authentik/12.0.0/templates/_worker.tpl b/incubator/authentik/12.0.0/templates/_worker.tpl new file mode 100644 index 00000000000..28457cb2b33 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/_worker.tpl @@ -0,0 +1,31 @@ +{{/* Define the worker container */}} +{{- define "authentik.worker.container" -}} +enabled: true +primary: false +imageSelector: image +args: ["worker"] +envFrom: + - secretRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret' + - configMapRef: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config' +probes: + readiness: + enabled: true + type: exec + command: + - /lifecycle/ak + - healthcheck + liveness: + enabled: true + type: exec + command: + - /lifecycle/ak + - healthcheck + startup: + enabled: true + type: exec + command: + - /lifecycle/ak + - healthcheck +{{- end -}} diff --git a/incubator/authentik/12.0.0/templates/common.yaml b/incubator/authentik/12.0.0/templates/common.yaml new file mode 100644 index 00000000000..6e93d973082 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/common.yaml @@ -0,0 +1,46 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render secrets for authentik and friends */}} +{{- $authentikSecrets := include "authentik.secrets" . | fromYaml -}} +{{- if $authentikSecrets -}} + {{ $secrets := (mustMerge $.Values.secret $authentikSecrets) }} + {{- $_ := set .Values "secret" $secrets -}} +{{- end -}} + +{{/* Render configmaps for authentik and friends */}} +{{- $authentikConfigmaps := include "authentik.configmaps" . | fromYaml -}} +{{- if $authentikConfigmaps -}} + {{ $configmaps := (mustMerge $.Values.configmap $authentikConfigmaps) }} + {{- $_ := set .Values "configmap" $configmaps -}} +{{- end -}} + + +{{- if .Values.workerContainer.enabled -}} +{{- $_ := set .Values.workload.main.podSpec.containers "worker" (include "authentik.worker.container" . | fromYaml) -}} +{{- end -}} + +{{- if .Values.geoip.enabled -}} +{{- $_ := set .Values.workload.main.podSpec.containers "geoip" (include "authentik.geoip.container" . | fromYaml) -}} +{{- end -}} + +{{- if .Values.outposts.ldap.enabled -}} +{{- $_ := set .Values.workload.main.podSpec.containers "ldap-outpost" (include "authentik.ldap.container" . | fromYaml) -}} +{{/* - if .Values.metrics.enabled - */}} +{{/* https://github.com/prometheus/prometheus/issues/3756 */}} +{{/* TODO: Figure how the pipe works to connect it to prometheus operator */}} +{{/* We can't define multiple ports/endpoints with annotations */}} +{{/* - end - */}} +{{- end -}} + +{{- if .Values.outposts.proxy.enabled -}} +{{- $_ := set .Values.workload.main.podSpec.containers "proxy-outpost" (include "authentik.proxy.container" . | fromYaml) -}} +{{/* - if .Values.metrics.enabled - */}} +{{/* https://github.com/prometheus/prometheus/issues/3756 */}} +{{/* TODO: Figure how the pipe works to connect it to prometheus operator */}} +{{/* We can't define multiple ports/endpoints with annotations */}} +{{/* - end - */}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/incubator/authentik/12.0.0/templates/prometheusrules.yaml b/incubator/authentik/12.0.0/templates/prometheusrules.yaml new file mode 100644 index 00000000000..db0c56cd213 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/prometheusrules.yaml @@ -0,0 +1,160 @@ +{{- if hasKey .Values "metrics" }} +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" . }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "tc.v1.common.lib.chart.names.fullname" . }} + rules: + {{- with .Values.metrics.prometheusRule.rules }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.useDefault }} + - name: authentik Aggregate request counters + rules: + - record: job:django_http_requests_before_middlewares_total:sum_rate30s + expr: sum(rate(django_http_requests_before_middlewares_total[30s])) by (job) + - record: job:django_http_requests_unknown_latency_total:sum_rate30s + expr: sum(rate(django_http_requests_unknown_latency_total[30s])) by (job) + - record: job:django_http_ajax_requests_total:sum_rate30s + expr: sum(rate(django_http_ajax_requests_total[30s])) by (job) + - record: job:django_http_responses_before_middlewares_total:sum_rate30s + expr: sum(rate(django_http_responses_before_middlewares_total[30s])) by (job) + - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s + expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) by (job) + - record: job:django_http_requests_body_total_bytes:sum_rate30s + expr: sum(rate(django_http_requests_body_total_bytes[30s])) by (job) + - record: job:django_http_responses_streaming_total:sum_rate30s + expr: sum(rate(django_http_responses_streaming_total[30s])) by (job) + - record: job:django_http_responses_body_total_bytes:sum_rate30s + expr: sum(rate(django_http_responses_body_total_bytes[30s])) by (job) + - record: job:django_http_requests_total:sum_rate30s + expr: sum(rate(django_http_requests_total_by_method[30s])) by (job) + - record: job:django_http_requests_total_by_method:sum_rate30s + expr: sum(rate(django_http_requests_total_by_method[30s])) by (job,method) + - record: job:django_http_requests_total_by_transport:sum_rate30s + expr: sum(rate(django_http_requests_total_by_transport[30s])) by (job,transport) + - record: job:django_http_requests_total_by_view:sum_rate30s + expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view) + - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s + expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view,transport,method) + - record: job:django_http_responses_total_by_templatename:sum_rate30s + expr: sum(rate(django_http_responses_total_by_templatename[30s])) by (job,templatename) + - record: job:django_http_responses_total_by_status:sum_rate30s + expr: sum(rate(django_http_responses_total_by_status[30s])) by (job,status) + - record: job:django_http_responses_total_by_status_name_method:sum_rate30s + expr: sum(rate(django_http_responses_total_by_status_name_method[30s])) by (job,status,name,method) + - record: job:django_http_responses_total_by_charset:sum_rate30s + expr: sum(rate(django_http_responses_total_by_charset[30s])) by (job,charset) + - record: job:django_http_exceptions_total_by_type:sum_rate30s + expr: sum(rate(django_http_exceptions_total_by_type[30s])) by (job,type) + - record: job:django_http_exceptions_total_by_view:sum_rate30s + expr: sum(rate(django_http_exceptions_total_by_view[30s])) by (job,view) + - name: authentik Aggregate latency histograms + rules: + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "50" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "95" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "99" + - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s + expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "99.9" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "50" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "95" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "99" + - record: job:django_http_requests_latency_seconds:quantile_rate30s + expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) + labels: + quantile: "99.9" + - name: authentik Aggregate model operations + rules: + - record: job:django_model_inserts_total:sum_rate1m + expr: sum(rate(django_model_inserts_total[1m])) by (job, model) + - record: job:django_model_updates_total:sum_rate1m + expr: sum(rate(django_model_updates_total[1m])) by (job, model) + - record: job:django_model_deletes_total:sum_rate1m + expr: sum(rate(django_model_deletes_total[1m])) by (job, model) + - name: authentik Aggregate database operations + rules: + - record: job:django_db_new_connections_total:sum_rate30s + expr: sum(rate(django_db_new_connections_total[30s])) by (alias, vendor) + - record: job:django_db_new_connection_errors_total:sum_rate30s + expr: sum(rate(django_db_new_connection_errors_total[30s])) by (alias, vendor) + - record: job:django_db_execute_total:sum_rate30s + expr: sum(rate(django_db_execute_total[30s])) by (alias, vendor) + - record: job:django_db_execute_many_total:sum_rate30s + expr: sum(rate(django_db_execute_many_total[30s])) by (alias, vendor) + - record: job:django_db_errors_total:sum_rate30s + expr: sum(rate(django_db_errors_total[30s])) by (alias, vendor, type) + - name: authentik Aggregate migrations + rules: + - record: job:django_migrations_applied_total:max + expr: max(django_migrations_applied_total) by (job, connection) + - record: job:django_migrations_unapplied_total:max + expr: max(django_migrations_unapplied_total) by (job, connection) + - name: authentik Alerts + rules: + - alert: NoWorkersConnected + expr: max without (pid) (authentik_admin_workers) < 1 + annotations: + message: | + authentik instance {{ printf "{{ $labels.instance }}" }}'s worker are either not running or not connected. + summary: No workers connected + for: 10m + labels: + severity: critical + - alert: PendingMigrations + expr: max without (pid) (django_migrations_unapplied_total) > 0 + annotations: + message: | + authentik instance {{ printf "{{ $labels.instance }}" }} has pending database migrations + summary: Pending database migrations + for: 10m + labels: + severity: critical + - alert: FailedSystemTasks + expr: sum(increase(authentik_system_tasks{status="TaskResultStatus.ERROR"}[2h])) > 0 + annotations: + message: | + System task {{ printf "{{ $labels.task_name }}" }} has failed + summary: Failed system tasks + for: 2h + labels: + severity: critical + - alert: DisconnectedOutposts + expr: sum by (outpost) (max without (pid) (authentik_outposts_connected{uid!~"specific.*"})) < 1 + annotations: + message: | + Outpost {{ printf "{{ $labels.outpost }}" }} has at least 1 disconnected instance + summary: Disconnected outpost + for: 30m + labels: + severity: critical + {{- end }} +{{- end }} +{{- end }} diff --git a/incubator/authentik/12.0.0/templates/servicemonitor.yaml b/incubator/authentik/12.0.0/templates/servicemonitor.yaml new file mode 100644 index 00000000000..231f1eb5229 --- /dev/null +++ b/incubator/authentik/12.0.0/templates/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if hasKey .Values "metrics" }} +{{- if .Values.metrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" . }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + + - port: ldapmetrics + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + + - port: proxymetrics + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics +{{- end }} +{{- end }} diff --git a/incubator/authentik/12.0.0/values.yaml b/incubator/authentik/12.0.0/values.yaml new file mode 100644 index 00000000000..e69de29bb2d