144 lines
6.1 KiB
Smarty
144 lines
6.1 KiB
Smarty
{{/* Define the configmap */}}
|
|
{{- define "authentik.config" -}}
|
|
|
|
{{- $authServerWorkerConfigName := printf "%s-authentik-config" (include "tc.common.names.fullname" .) }}
|
|
{{- $authServerConfigName := printf "%s-authentik-server-config" (include "tc.common.names.fullname" .) }}
|
|
{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.common.names.fullname" .) }}
|
|
{{- $ldapConfigName := printf "%s-ldap-config" (include "tc.common.names.fullname" .) }}
|
|
{{- $proxyConfigName := printf "%s-proxy-config" (include "tc.common.names.fullname" .) }}
|
|
{{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }}
|
|
{{- if .Values.ingress.main.enabled }}
|
|
{{ $first := (first .Values.ingress.main.hosts) }}
|
|
{{- if $first }}
|
|
{{ $host = printf "https://%s" $first.host }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
---
|
|
|
|
{{/* This configmap are loaded on both main authentik container and worker */}}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ $authServerWorkerConfigName }}
|
|
labels:
|
|
{{- include "tc.common.labels" . | nindent 4 }}
|
|
data:
|
|
{{/* Dependencies */}}
|
|
AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }}
|
|
AUTHENTIK_REDIS__PORT: "6379"
|
|
AUTHENTIK_POSTGRESQL__NAME: {{ .Values.postgresql.postgresqlDatabase }}
|
|
AUTHENTIK_POSTGRESQL__USER: {{ .Values.postgresql.postgresqlUsername }}
|
|
AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
|
|
AUTHENTIK_POSTGRESQL__PORT: "5432"
|
|
{{/* Mail */}}
|
|
{{- with .Values.authentik.mail.port }}
|
|
AUTHENTIK_EMAIL__PORT: {{ . | quote }}
|
|
{{- end }}
|
|
AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }}
|
|
AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }}
|
|
{{- with .Values.authentik.mail.timeout }}
|
|
AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
|
|
{{- end }}
|
|
{{/* Logging */}}
|
|
{{- with .Values.authentik.logging.log_level }}
|
|
AUTHENTIK_LOG_LEVEL: {{ . }}
|
|
{{- end }}
|
|
{{/* General */}}
|
|
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }}
|
|
AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }}
|
|
{{- with .Values.authentik.general.avatars }}
|
|
AUTHENTIK_AVATARS: {{ . }}
|
|
{{- end }}
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }}
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }}
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }}
|
|
AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }}
|
|
AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
|
|
AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }}
|
|
{{- with .Values.authentik.general.footer_links }}
|
|
AUTHENTIK_FOOTER_LINKS: {{ . | squote }}
|
|
{{- end }}
|
|
{{/* Error Reporting */}}
|
|
AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }}
|
|
AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }}
|
|
{{- with .Values.authentik.error_reporting.environment }}
|
|
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }}
|
|
{{- end }}
|
|
{{/* LDAP */}}
|
|
{{- with .Values.authentik.ldap.tls_ciphers }}
|
|
AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }}
|
|
{{- end }}
|
|
{{/* Outposts */}}
|
|
AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }}
|
|
|
|
---
|
|
|
|
{{/* This configmap are loaded on both main authentik container and worker */}}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ $authServerConfigName }}
|
|
labels:
|
|
{{- include "tc.common.labels" . | nindent 4 }}
|
|
data:
|
|
{{/* Listen */}}
|
|
AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }}
|
|
AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }}
|
|
AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }}
|
|
|
|
---
|
|
|
|
{{/* This configmap is loaded on ldap container */}}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ $ldapConfigName }}
|
|
labels:
|
|
{{- include "tc.common.labels" . | nindent 4 }}
|
|
data:
|
|
AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }}
|
|
AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
|
|
AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }}
|
|
AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }}
|
|
AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }}
|
|
AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }}
|
|
|
|
---
|
|
|
|
{{/* This configmap is loaded on ldap container */}}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ $proxyConfigName }}
|
|
labels:
|
|
{{- include "tc.common.labels" . | nindent 4 }}
|
|
data:
|
|
AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }}
|
|
AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
|
|
AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }}
|
|
AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }}
|
|
AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }}
|
|
AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }}
|
|
|
|
---
|
|
|
|
{{/* This configmap is loaded on geoip container */}}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ $geoipConfigName }}
|
|
labels:
|
|
{{- include "tc.common.labels" . | nindent 4 }}
|
|
data:
|
|
{{- with .Values.geoip.edition_ids }}
|
|
GEOIPUPDATE_EDITION_IDS: {{ . }}
|
|
{{- end }}
|
|
GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }}
|
|
{{- with .Values.geoip.host_server }}
|
|
GEOIPUPDATE_HOST: {{ . }}
|
|
{{- end }}
|
|
GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }}
|
|
GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }}
|
|
{{- end -}}
|