Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

feat(authentik): add authentik (#2535) 

* feat(authentik): add authentik

* add secret

* try something crazy

* run geoip as a cronjob

* test

* whoops

* add gui options

* pin image

* add secret togui

* try http as main

* whops

* clear up

* clean
This commit is contained in:
Stavros Kois 2022-04-23 00:44:57 +03:00 committed by GitHub
parent 484cc57392
commit c843864fa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 1055 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
charts/incubator/authentik/Chart.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: v2
appVersion: "10.6.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 9.2.9
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 7.0.48
- condition: redis.enabled
name: redis
repository: https://charts.truecharts.org
version: 2.0.40
description: authentik is an open-source Identity Provider focused on flexibility and versatility.
home: https://github.com/truecharts/apps/tree/master/charts/stable/authentik
icon: https://truecharts.org/_static/img/appicons/authentik.png
keywords:
- authentik
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: authentik
sources:
- https://github.com/goauthentik/authentik
- https://goauthentik.io/docs/
version: 0.0.1
annotations:
truecharts.org/catagories: |
- authentication
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

712
charts/incubator/authentik/questions.yaml Normal file
View File

@ -0,0 +1,712 @@
# Include{groups}
portals:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: secret
group: "Container Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: AK_ADMIN_PASS
label: "AK_ADMIN_PASS (Initial Install Only)"
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
schema:
type: string
private: true
required: true
default: ""
- variable: AK_ADMIN_TOKEN
label: "AK_ADMIN_TOKEN (Initial Install Only)"
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
schema:
type: string
private: true
required: true
default: ""
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
label: "AUTHENTIK_DEFAULT_USER_CHANGE_NAME"
description: "Enable the ability for users to change their name."
schema:
type: boolean
default: true
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
label: "AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL"
description: "Enable the ability for users to change their Email address."
schema:
type: boolean
default: true
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
label: "AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME"
description: "Enable the ability for users to change their Usernames."
schema:
type: boolean
default: true
- variable: AUTHENTIK_GDPR_COMPLIANCE
label: "AUTHENTIK_GDPR_COMPLIANCE"
description: "When enabled, all the events caused by a user will be deleted upon the user's deletion."
schema:
type: boolean
default: true
- variable: AUTHENTIK_IMPERSONATION
label: "AUTHENTIK_IMPERSONATION"
description: "Globally enable/disable impersonation."
schema:
type: boolean
default: true
- variable: AUTHENTIK_DISABLE_UPDATE_CHECK
label: "AUTHENTIK_DISABLE_UPDATE_CHECK"
description: "Disable the inbuilt update-checker."
schema:
type: boolean
default: false
- variable: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
label: "AUTHENTIK_DISABLE_STARTUP_ANALYTICS"
description: "Disable the startup analytics."
schema:
type: boolean
default: false
- variable: AUTHENTIK_ERROR_REPORTING__ENABLED
label: "AUTHENTIK_ERROR_REPORTING__ENABLED"
description: "Enable error reporting."
schema:
type: boolean
default: false
- variable: AUTHENTIK_ERROR_REPORTING__SEND_PII
label: "AUTHENTIK_ERROR_REPORTING__SEND_PII"
description: "Whether or not to send personal data, like usernames."
schema:
type: boolean
default: false
- variable: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
label: "AUTHENTIK_ERROR_REPORTING__ENVIRONMENT"
description: "Unique environment that is attached to your error reports, should be set to your email address for example."
schema:
type: string
default: "customer"
- variable: AUTHENTIK_DEFAULT_TOKEN_LENGTH
label: "AUTHENTIK_DEFAULT_TOKEN_LENGTH"
description: "Configure the length of generated tokens. Defaults to 128."
schema:
type: int
default: 128
- variable: AUTHENTIK_AVATARS
label: "AUTHENTIK_AVATARS"
description: "Configure how authentik should show avatars for users."
schema:
type: string
default: "gravatar"
- variable: AUTHENTIK_LOG_LEVEL
label: "AUTHENTIK_LOG_LEVEL"
description: "Log level for the server and worker containers."
schema:
type: string
default: "info"
enum:
- value: trace
description: "trace"
- value: debug
description: "debug"
- value: info
description: "info"
- value: warning
description: "warning"
- value: error
description: "error"
- variable: enable_mail_config
label: "Enable Email Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: AUTHENTIK_EMAIL__HOST
label: "AUTHENTIK_EMAIL__HOST"
schema:
type: string
default: ""
- variable: AUTHENTIK_EMAIL__PORT
label: "AUTHENTIK_EMAIL__PORT"
schema:
type: int
default: 25
- variable: AUTHENTIK_EMAIL__USERNAME
label: "AUTHENTIK_EMAIL__USERNAME"
schema:
type: string
default: ""
- variable: AUTHENTIK_EMAIL__PASSWORD
label: "AUTHENTIK_EMAIL__PASSWORD"
schema:
type: string
private: true
default: ""
- variable: AUTHENTIK_EMAIL__USE_TLS
label: "AUTHENTIK_EMAIL__USE_TLS"
schema:
type: boolean
default: false
- variable: AUTHENTIK_EMAIL__USE_SSL
label: "AUTHENTIK_EMAIL__USE_SSL"
schema:
type: boolean
default: false
- variable: AUTHENTIK_EMAIL__TIMEOUT
label: "AUTHENTIK_EMAIL__TIMEOUT"
schema:
type: int
default: 10
- variable: AUTHENTIK_EMAIL__FROM
label: "AUTHENTIK_EMAIL__FROM"
description: "Email address authentik will send from, should have a correct @domain. To change the sender's display name, use a format like Name <account@domain>."
schema:
type: string
default: ""
- variable: geoip
group: "Container Configuration"
label: "Image GeoIP Updater"
schema:
additional_attrs: true
type: dict
attrs:
- variable: ENABLE_GEOIPUPDATER
label: "Enable CronJob for GeoIP Updater"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: GEOIPUPDATE_ACCOUNT_ID
label: "GEOIPUPDATE_ACCOUNT_ID"
description: "Your MaxMind account ID"
schema:
type: string
private: true
default: ""
- variable: GEOIPUPDATE_LICENSE_KEY
label: "GEOIPUPDATE_LICENSE_KEY"
description: "Your case-sensitive MaxMind license key."
schema:
type: string
private: true
default: ""
- variable: GEOIPUPDATE_EDITION_IDS
label: "GEOIPUPDATE_EDITION_IDS"
description: "ist of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes."
schema:
type: string
default: "GeoIP2-City"
- variable: GEOIPUPDATE_HOST
label: "GEOIPUPDATE_HOST"
description: "The host name of the server to use. The default is updates.maxmind.com."
schema:
type: string
default: "updates.maxmind.com"
- variable: GEOIPUPDATE_PRESERVE_FILE_TIMES
label: "GEOIPUPDATE_PRESERVE_FILE_TIMES"
description: "Whether to preserve modification times of files downloaded from the server. This option is either 0 or 1. The default is 0."
schema:
type: int
default: 0
- variable: freqhours
label: "FREQUENCY"
description: "The number of hours between geoipupdate runs."
schema:
type: int
default: 8
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10230
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 9000
- variable: https
label: "https Service"
description: "The https service."
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: https
label: "https Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10229
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTPS"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 9443
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: persistence
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
additional_attrs: true
type: dict
attrs:
- variable: media
label: "App Media Storage"
description: "Stores the Application Media."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: templates
label: "App Templates Storage"
description: "Stores the Application Templates."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: certs
label: "App Certs Storage"
description: "Stores the Application Certs."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: geoip
label: "App GeoIP Storage"
description: "Stores the Application GeoIP."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 1000
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 1000
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}

53
charts/incubator/authentik/templates/_cronjob.tpl Normal file
View File

@ -0,0 +1,53 @@
{{/* Define the cronjob */}}
{{- define "authentik.cronjob" -}}
{{- $jobName := include "common.names.fullname" . }}
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
schedule: "0 */{{ .Values.geoip.freqhours }} * * *"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.geoipImage.repository }}:{{ .Values.geoipImage.tag }}"
env:
- name: GEOIPUPDATE_FREQUENCY
value: "{{ .Values.geoip.GEOIPUPDATE_FREQUENCY }}"
- name: GEOIPUPDATE_PRESERVE_FILE_TIMES
value: "{{ .Values.geoip.GEOIPUPDATE_PRESERVE_FILE_TIMES }}"
- name: GEOIPUPDATE_ACCOUNT_ID
value: {{ .Values.geoip.GEOIPUPDATE_ACCOUNT_ID }}
- name: GEOIPUPDATE_LICENSE_KEY
value: {{ .Values.geoip.GEOIPUPDATE_LICENSE_KEY }}
- name: GEOIPUPDATE_EDITION_IDS
value: {{ .Values.geoip.GEOIPUPDATE_EDITION_IDS }}
- name: GEOIPUPDATE_HOST
value: {{ .Values.geoip.GEOIPUPDATE_HOST }}
volumeMounts:
- name: geoip
mountPath: "/usr/share/GeoIP"
resources:
{{ toYaml .Values.resources | indent 16 }}
{{- end -}}

20
charts/incubator/authentik/templates/_secrets.tpl Normal file
View File

@ -0,0 +1,20 @@
{{/* Define the secrets */}}
{{- define "authentik.secrets" -}}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: authentik-secrets
{{- $authentikprevious := lookup "v1" "Secret" .Release.Namespace "authentik-secrets" }}
{{- $secret_key := "" }}
data:
{{- if $authentikprevious}}
AUTHENTIK_SECRET_KEY: {{ index $authentikprevious.data "AUTHENTIK_SECRET_KEY" }}
{{- else }}
{{- $secret_key := randAlphaNum 32 }}
AUTHENTIK_SECRET_KEY: {{ $secret_key | b64enc }}
{{- end }}
{{- end -}}

13
charts/incubator/authentik/templates/common.yaml Normal file
View File

@ -0,0 +1,13 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{/* Render secrets for authentik */}}
{{- include "authentik.secrets" . }}
{{- if .Values.geoip.ENABLE_GEOIPUPDATER }}
{{/* Render cronjob for authentik */}}
{{- include "authentik.cronjob" . }}
{{- end -}}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

223
charts/incubator/authentik/values.yaml Normal file
View File

@ -0,0 +1,223 @@
image:
repository: ghcr.io/goauthentik/server
tag: 2022.4.1@sha256:bb668ae68e9cbab81539fcd79bec5f2de4eefba461e35c770f35d525d48333cb
pullPolicy: IfNotPresent
geoipImage:
repository: maxmindinc/geoipupdate
tag: v4.9@sha256:ea0b06e4b753410fa865897622f256ed4b5217ff96c5cab35c61017d18830217
pullPolicy: IfNotPresent
extraArgs: ["server"]
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
secret:
AK_ADMIN_PASS: "supersecret"
AK_ADMIN_TOKEN: "supersecretapitoken"
env:
AUTHENTIK_POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
AUTHENTIK_POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_REDIS__PORT: "6379"
# User Defined
AUTHENTIK_DISABLE_UPDATE_CHECK: false
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: true
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: true
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: true
AUTHENTIK_GDPR_COMPLIANCE: true
AUTHENTIK_IMPERSONATION: true
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: false
AUTHENTIK_ERROR_REPORTING__ENABLED: false
AUTHENTIK_ERROR_REPORTING__SEND_PII: false
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: " "
AUTHENTIK_DEFAULT_TOKEN_LENGTH: 128
AUTHENTIK_AVATARS: "gravatar"
AUTHENTIK_LOG_LEVEL: "warning"
AUTHENTIK_EMAIL__HOST: ""
AUTHENTIK_EMAIL__PORT: 25
AUTHENTIK_EMAIL__USERNAME: ""
AUTHENTIK_EMAIL__PASSWORD: ""
AUTHENTIK_EMAIL__USE_TLS: false
AUTHENTIK_EMAIL__USE_SSL: false
AUTHENTIK_EMAIL__TIMEOUT: 10
AUTHENTIK_EMAIL__FROM: ""
envValueFrom:
AUTHENTIK_POSTGRESQL__HOST:
secretKeyRef:
name: dbcreds
key: plainhost
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
AUTHENTIK_REDIS__HOST:
secretKeyRef:
name: rediscreds
key: plainhost
AUTHENTIK_REDIS__PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
AUTHENTIK_SECRET_KEY:
secretKeyRef:
name: authentik-secrets
key: AUTHENTIK_SECRET_KEY
geoip:
# Set image's frequence to 0, so it executes once and exits.
GEOIPUPDATE_FREQUENCY: 0
# User Defined
ENABLE_GEOIPUPDATER: false
# How often should we run the cronjob to update geoip
freqhours: 8
GEOIPUPDATE_ACCOUNT_ID: ""
GEOIPUPDATE_LICENSE_KEY: ""
GEOIPUPDATE_EDITION_IDS: "GeoIP2-City"
GEOIPUPDATE_HOST: "updates.maxmind.com"
GEOIPUPDATE_PRESERVE_FILE_TIMES: 0
probes:
liveness:
path: "/-/health/live"
readiness:
path: "/-/health/ready"
service:
main:
ports:
main:
port: 10230
targetPort: 9000
https:
enabled: true
ports:
https:
enabled: true
protocol: "HTTPS"
port: 10229
targetPort: 9443
additionalContainers:
worker:
name: worker
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
args: ["worker"]
volumeMounts:
- name: media
mountPath: "/media"
- name: templates
mountPath: "/templates"
- name: certs
mountPath: "/certs"
- name: geoip
mountPath: "/geoip"
env:
- name: AUTHENTIK_REDIS__PORT
value: "6379"
- name: AUTHENTIK_REDIS__HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
- name: AUTHENTIK_POSTGRESQL__NAME
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: AUTHENTIK_POSTGRESQL__USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: AUTHENTIK_POSTGRESQL__PORT
value: "5432"
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secrets
key: AUTHENTIK_SECRET_KEY
- name: AUTHENTIK_LOG_LEVEL
value: "{{ .Values.env.AUTHENTIK_LOG_LEVEL }}"
- name: AUTHENTIK_DISABLE_UPDATE_CHECK
value: "{{ .Values.env.AUTHENTIK_DISABLE_UPDATE_CHECK }}"
- name: AUTHENTIK_ERROR_REPORTING__ENABLED
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENABLED }}"
- name: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENVIRONMENT }}"
- name: AUTHENTIK_ERROR_REPORTING__SEND_PII
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__SEND_PII }}"
- name: AUTHENTIK_EMAIL__HOST
value: "{{ .Values.env.AUTHENTIK_EMAIL__HOST }}"
- name: AUTHENTIK_EMAIL__PORT
value: "{{ .Values.env.AUTHENTIK_EMAIL__PORT }}"
- name: AUTHENTIK_EMAIL__USERNAME
value: "{{ .Values.env.AUTHENTIK_EMAIL__USERNAME }}"
- name: AUTHENTIK_EMAIL__PASSWORD
value: "{{ .Values.env.AUTHENTIK_EMAIL__PASSWORD }}"
- name: AUTHENTIK_EMAIL__USE_TLS
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_TLS }}"
- name: AUTHENTIK_EMAIL__USE_SSL
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_SSL }}"
- name: AUTHENTIK_EMAIL__TIMEOUT
value: "{{ .Values.env.AUTHENTIK_EMAIL__TIMEOUT }}"
- name: AUTHENTIK_EMAIL__FROM
value: "{{ .Values.env.AUTHENTIK_EMAIL__FROM }}"
- name: AUTHENTIK_AVATARS
value: "{{ .Values.env.AUTHENTIK_AVATARS }}"
- name: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_NAME }}"
- name: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL }}"
- name: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME }}"
- name: AUTHENTIK_GDPR_COMPLIANCE
value: "{{ .Values.env.AUTHENTIK_GDPR_COMPLIANCE }}"
- name: AUTHENTIK_DEFAULT_TOKEN_LENGTH
value: "{{ .Values.env.AUTHENTIK_DEFAULT_TOKEN_LENGTH }}"
- name: AUTHENTIK_IMPERSONATION
value: "{{ .Values.env.AUTHENTIK_IMPERSONATION }}"
- name: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
value: "{{ .Values.env.AUTHENTIK_DISABLE_STARTUP_ANALYTICS }}"
cronjob:
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
persistence:
media:
enabled: true
mountPath: "/media"
templates:
enabled: true
mountPath: "/templates"
certs:
enabled: true
mountPath: "/certs"
geoip:
enabled: true
mountPath: "/geoip"
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: baserow
postgresqlDatabase: baserow
redis:
enabled: true
existingSecret: "rediscreds"