image: repository: tccr.io/truecharts/authentik tag: 2023.4.1@sha256:7d60414d9d5f2395b703228193e8b03c616d7fed6c3cee620940845dd0b725cb pullPolicy: IfNotPresent geoipImage: repository: tccr.io/truecharts/geoipupdate tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce pullPolicy: IfNotPresent ldapImage: repository: tccr.io/truecharts/authentik-ldap tag: 2023.4.1@sha256:f737b534c6f3a022b002bb5d635ef491273fd40f8c0b6dd64efa7f5f6265d8cf pullPolicy: IfNotPresent proxyImage: repository: tccr.io/truecharts/authentik-proxy tag: 2023.4.1@sha256:b6e40435836333bdc53afde38f4c4bfb342005b0636d769c641c79348ce1aae4 pullPolicy: IfNotPresent securityContext: container: runAsUser: 1000 runAsGroup: 1000 readOnlyRootFilesystem: false workload: main: replicas: 1 strategy: RollingUpdate podSpec: containers: main: args: ["server"] envFrom: - secretRef: name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret' - configMapRef: name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config' - configMapRef: name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-server-config' probes: liveness: type: https path: /-/health/live/ port: "{{ .Values.service.main.ports.main.targetPort }}" readiness: type: https path: /-/health/ready/ port: "{{ .Values.service.main.ports.main.targetPort }}" startup: type: https path: /-/health/ready/ port: "{{ .Values.service.main.ports.main.targetPort }}" service: main: ports: main: protocol: https port: 10229 targetPort: 9443 http: enabled: true type: ClusterIP ports: http: enabled: true protocol: http port: 10230 targetPort: 9000 # LDAP Outpost Services ldapldaps: enabled: true ports: ldapldaps: enabled: true port: 636 targetPort: 6636 ldapldap: enabled: true ports: ldapldap: enabled: true port: 389 targetPort: 3389 # Proxy Outpost Services proxyhttps: enabled: true ports: proxyhttps: enabled: true port: 10233 protocol: https targetPort: 9444 proxyhttp: enabled: true type: ClusterIP ports: proxyhttp: enabled: true port: 10234 protocol: http targetPort: 9001 # Metrics Services metrics: enabled: true type: ClusterIP ports: metrics: enabled: true protocol: http port: 10231 targetPort: 9301 ldapmetrics: enabled: true type: ClusterIP ports: ldapmetrics: enabled: true port: 10232 protocol: http targetPort: 9302 proxymetrics: enabled: true type: ClusterIP ports: proxymetrics: enabled: true port: 10235 protocol: http targetPort: 9303 metrics: # TODO main: # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. # @default -- See values.yaml enabled: false type: "servicemonitor" endpoints: - port: main path: /metrics interval: 1m scrapeTimeout: 30s # -- Enable and configure Prometheus Rules for the chart under this key. # @default -- See values.yaml prometheusRule: enabled: false labels: {} # -- Configure additionial rules for the chart under this key. # @default -- See prometheusrules.yaml rules: [] # - alert: UnifiPollerAbsent # annotations: # description: Unifi Poller has disappeared from Prometheus service discovery. # summary: Unifi Poller is down. # expr: | # absent(up{job=~".*unifi-poller.*"} == 1) # for: 5m # labels: # severity: critical ingress: proxyhttps: autoLink: true # Target selectors taken from authentik's compose file: # See https://github.com/goauthentik/authentik/blob/main/docker-compose.yml persistence: media: enabled: true mountPath: "/media" targetSelector: main: main: {} worker: {} templates: enabled: true mountPath: "/templates" targetSelector: main: main: {} worker: {} certs: enabled: true mountPath: "/certs" targetSelector: main: worker: {} geoip: enabled: true mountPath: "/usr/share/GeoIP" targetSelector: main: geoip: {} cnpg: main: enabled: true user: authentik database: authentik cnpgProvider: port: 5432 # Enabled redis # ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis redis: enabled: true redisProvider: port: 6379 workerContainer: enabled: true authentik: credentials: password: "supersecret" general: disable_update_check: false disable_startup_analytics: true allow_user_name_change: true allow_user_mail_change: true allow_user_username_change: true gdpr_compliance: true impersonation: true avatars: "gravatar,initials" token_length: 128 # Use single quotes for footer_links footer_links: '[{"name": "Link Name", "href": "https://mylink.com"}]' mail: host: "" port: 25 tls: false ssl: false timeout: 10 user: "" pass: "" from: "" error_reporting: enabled: false send_pii: false environment: "customer" logging: log_level: "info" ldap: tls_ciphers: "null" geoip: enabled: false account_id: "" license_key: "" proxy: "" proxy_user_pass: "" edition_ids: "GeoLite2-City" frequency: 8 host_server: "updates.maxmind.com" preserve_file_times: false verbose: false outposts: ldap: # -- First you have to create an Outpost in the GUI. Applications > Outposts enabled: false # -- Host Browser by default is set to the first ingress host you set # host_browser: "" # -- Host should not need to be overridden. Defaults to https://localhost:9443 # host: "" # -- As we use https://localhost:9443 it's an unsecure connection # insecure: false # -- Token is only needed if you accidentally deleted the token within the UI # token: "" proxy: # -- First you have to create an Outpost in the GUI. Applications > Outposts enabled: false # -- Host Browser by default is set to the first ingress host you set # host_browser: "" # -- As we use https://localhost:9443 it's an unsecure connection # insecure: false # -- Host should not need to be overridden. Defaults to https://localhost:9443 # host: "" # -- Token is only needed if you accidentally deleted the token within the UI # token: "" portal: open: enabled: true