TrueChartsClone/charts/enterprise/authentik/templates/_proxy.tpl

49 lines
2.2 KiB
Smarty
Raw Normal View History

feat(authentik): make manual outpost much easier for both helm and scale gui (#3679) * feat(authentik): some rework * disable built in outposts as we aim to spin our own * piping the proxy outpost * use bootstrap token for outposts * remove comments * add some docs about the token * set defaults for outposts with ability to override * add some docs * empty space * add spaces for readability * different ports for metrics * add comments for metrics * remove service from gui * rename prots * rearrange * update ports to solve conflicts * reenable outpost * turn off outposts * rearrange * try previous image * nop * major bump * add ingresses * set default $host * quote true * test with outposts enabled * update docs * try only ldap outpost * update docs * expose services of outpost to gui and values * update gui * update docs * disable outpost * update default port type * use the targetPort to set ports for metrics * flexible ports everywhere * change probe port * update probe * some quote fixes * update probes * update ports * no message * give worker more startup time * more * probes... * dont quote ports * lint * rofs * whoops * quote * see env * extract listen ports from main config * don't load listen_ports envs * use default port * try quoting differently * hardcode * try more hardcoded change * disable probes * enable 1 probe * another probe * remove trailing slash?! * again * again * test template * give more time to probes * more!? * hmm * see env vars * I"M STUPID * run * last fixies * see env * disabel startup probe * hmm * enable readiness probe * wth * load env .. * Aaaahh * fix quotting * start without worker * delay worker startup * enable worker * try something better * bash * try again * whoops * dont chain * oneliner * one more try * back to normal startup * and default startup probe
2022-09-05 21:07:41 +00:00
{{/* Define the proxy container */}}
{{- define "authentik.proxy" -}}
image: {{ .Values.proxyImage.repository }}:{{ .Values.proxyImage.tag }}
imagePullPolicy: {{ .Values.proxyImage.pullPolicy }}
securityContext:
runAsUser: {{ .Values.podSecurityContext.runAsUser }}
runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
readOnlyRootFilesystem: true
runAsNonRoot: true
envFrom:
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-proxy-secret'
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-proxy-config'
ports:
- containerPort: {{ .Values.service.proxyhttps.ports.proxyhttps.targetPort }}
name: proxyhttps
- containerPort: {{ .Values.service.proxyhttp.ports.proxyhttp.targetPort }}
name: proxyhttp
{{- if .Values.outposts.proxy.metrics }}
- containerPort: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
name: proxymetrics
{{- end }}
readinessProbe:
httpGet:
path: /outpost.goauthentik.io/ping
port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /outpost.goauthentik.io/ping
port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /outpost.goauthentik.io/ping
port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}