feat(authentik): add authentik (#2535)
* feat(authentik): add authentik * add secret * try something crazy * run geoip as a cronjob * test * whoops * add gui options * pin image * add secret togui * try http as main * whops * clear up * clean
This commit is contained in:
parent
484cc57392
commit
c843864fa5
|
@ -0,0 +1,34 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: "10.6.2"
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
repository: https://library-charts.truecharts.org
|
||||||
|
version: 9.2.9
|
||||||
|
- condition: postgresql.enabled
|
||||||
|
name: postgresql
|
||||||
|
repository: https://charts.truecharts.org/
|
||||||
|
version: 7.0.48
|
||||||
|
- condition: redis.enabled
|
||||||
|
name: redis
|
||||||
|
repository: https://charts.truecharts.org
|
||||||
|
version: 2.0.40
|
||||||
|
description: authentik is an open-source Identity Provider focused on flexibility and versatility.
|
||||||
|
home: https://github.com/truecharts/apps/tree/master/charts/stable/authentik
|
||||||
|
icon: https://truecharts.org/_static/img/appicons/authentik.png
|
||||||
|
keywords:
|
||||||
|
- authentik
|
||||||
|
kubeVersion: '>=1.16.0-0'
|
||||||
|
maintainers:
|
||||||
|
- email: info@truecharts.org
|
||||||
|
name: TrueCharts
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: authentik
|
||||||
|
sources:
|
||||||
|
- https://github.com/goauthentik/authentik
|
||||||
|
- https://goauthentik.io/docs/
|
||||||
|
version: 0.0.1
|
||||||
|
annotations:
|
||||||
|
truecharts.org/catagories: |
|
||||||
|
- authentication
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/grade: U
|
|
@ -0,0 +1,712 @@
|
||||||
|
# Include{groups}
|
||||||
|
portals:
|
||||||
|
open:
|
||||||
|
protocols:
|
||||||
|
- "$kubernetes-resource_configmap_portal_protocol"
|
||||||
|
host:
|
||||||
|
- "$kubernetes-resource_configmap_portal_host"
|
||||||
|
ports:
|
||||||
|
- "$kubernetes-resource_configmap_portal_port"
|
||||||
|
questions:
|
||||||
|
- variable: portal
|
||||||
|
group: "Container Image"
|
||||||
|
label: "Configure Portal Button"
|
||||||
|
schema:
|
||||||
|
type: dict
|
||||||
|
hidden: true
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: "Enable"
|
||||||
|
description: "enable the portal button"
|
||||||
|
schema:
|
||||||
|
hidden: true
|
||||||
|
editable: false
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
# Include{global}
|
||||||
|
- variable: controller
|
||||||
|
group: "Controller"
|
||||||
|
label: ""
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: advanced
|
||||||
|
label: "Show Advanced Controller Settings"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: type
|
||||||
|
description: "Please specify type of workload to deploy"
|
||||||
|
label: "(Advanced) Controller Type"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "deployment"
|
||||||
|
required: true
|
||||||
|
enum:
|
||||||
|
- value: "deployment"
|
||||||
|
description: "Deployment"
|
||||||
|
- value: "statefulset"
|
||||||
|
description: "Statefulset"
|
||||||
|
- value: "daemonset"
|
||||||
|
description: "Daemonset"
|
||||||
|
- variable: replicas
|
||||||
|
description: "Number of desired pod replicas"
|
||||||
|
label: "Desired Replicas"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 1
|
||||||
|
required: true
|
||||||
|
- variable: strategy
|
||||||
|
description: "Please specify type of workload to deploy"
|
||||||
|
label: "(Advanced) Update Strategy"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "Recreate"
|
||||||
|
required: true
|
||||||
|
enum:
|
||||||
|
- value: "Recreate"
|
||||||
|
description: "Recreate: Kill existing pods before creating new ones"
|
||||||
|
- value: "RollingUpdate"
|
||||||
|
description: "RollingUpdate: Create new pods and then kill old ones"
|
||||||
|
- value: "OnDelete"
|
||||||
|
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||||||
|
# Include{controllerExpert}
|
||||||
|
- variable: secret
|
||||||
|
group: "Container Configuration"
|
||||||
|
label: "Image Secrets"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: AK_ADMIN_PASS
|
||||||
|
label: "AK_ADMIN_PASS (Initial Install Only)"
|
||||||
|
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: AK_ADMIN_TOKEN
|
||||||
|
label: "AK_ADMIN_TOKEN (Initial Install Only)"
|
||||||
|
description: "This will only have effect in the first installation or always if OVERRIDE_SERVER_PROPERTIES is enabled"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: env
|
||||||
|
group: "Container Configuration"
|
||||||
|
label: "Image Environment"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
|
||||||
|
label: "AUTHENTIK_DEFAULT_USER_CHANGE_NAME"
|
||||||
|
description: "Enable the ability for users to change their name."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
|
||||||
|
label: "AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL"
|
||||||
|
description: "Enable the ability for users to change their Email address."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
|
||||||
|
label: "AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME"
|
||||||
|
description: "Enable the ability for users to change their Usernames."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: AUTHENTIK_GDPR_COMPLIANCE
|
||||||
|
label: "AUTHENTIK_GDPR_COMPLIANCE"
|
||||||
|
description: "When enabled, all the events caused by a user will be deleted upon the user's deletion."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: AUTHENTIK_IMPERSONATION
|
||||||
|
label: "AUTHENTIK_IMPERSONATION"
|
||||||
|
description: "Globally enable/disable impersonation."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||||
|
label: "AUTHENTIK_DISABLE_UPDATE_CHECK"
|
||||||
|
description: "Disable the inbuilt update-checker."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
|
||||||
|
label: "AUTHENTIK_DISABLE_STARTUP_ANALYTICS"
|
||||||
|
description: "Disable the startup analytics."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: AUTHENTIK_ERROR_REPORTING__ENABLED
|
||||||
|
label: "AUTHENTIK_ERROR_REPORTING__ENABLED"
|
||||||
|
description: "Enable error reporting."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: AUTHENTIK_ERROR_REPORTING__SEND_PII
|
||||||
|
label: "AUTHENTIK_ERROR_REPORTING__SEND_PII"
|
||||||
|
description: "Whether or not to send personal data, like usernames."
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
|
||||||
|
label: "AUTHENTIK_ERROR_REPORTING__ENVIRONMENT"
|
||||||
|
description: "Unique environment that is attached to your error reports, should be set to your email address for example."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "customer"
|
||||||
|
- variable: AUTHENTIK_DEFAULT_TOKEN_LENGTH
|
||||||
|
label: "AUTHENTIK_DEFAULT_TOKEN_LENGTH"
|
||||||
|
description: "Configure the length of generated tokens. Defaults to 128."
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 128
|
||||||
|
- variable: AUTHENTIK_AVATARS
|
||||||
|
label: "AUTHENTIK_AVATARS"
|
||||||
|
description: "Configure how authentik should show avatars for users."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "gravatar"
|
||||||
|
- variable: AUTHENTIK_LOG_LEVEL
|
||||||
|
label: "AUTHENTIK_LOG_LEVEL"
|
||||||
|
description: "Log level for the server and worker containers."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "info"
|
||||||
|
enum:
|
||||||
|
- value: trace
|
||||||
|
description: "trace"
|
||||||
|
- value: debug
|
||||||
|
description: "debug"
|
||||||
|
- value: info
|
||||||
|
description: "info"
|
||||||
|
- value: warning
|
||||||
|
description: "warning"
|
||||||
|
- value: error
|
||||||
|
description: "error"
|
||||||
|
- variable: enable_mail_config
|
||||||
|
label: "Enable Email Settings"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: AUTHENTIK_EMAIL__HOST
|
||||||
|
label: "AUTHENTIK_EMAIL__HOST"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: AUTHENTIK_EMAIL__PORT
|
||||||
|
label: "AUTHENTIK_EMAIL__PORT"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 25
|
||||||
|
- variable: AUTHENTIK_EMAIL__USERNAME
|
||||||
|
label: "AUTHENTIK_EMAIL__USERNAME"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: AUTHENTIK_EMAIL__PASSWORD
|
||||||
|
label: "AUTHENTIK_EMAIL__PASSWORD"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
default: ""
|
||||||
|
- variable: AUTHENTIK_EMAIL__USE_TLS
|
||||||
|
label: "AUTHENTIK_EMAIL__USE_TLS"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: AUTHENTIK_EMAIL__USE_SSL
|
||||||
|
label: "AUTHENTIK_EMAIL__USE_SSL"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: AUTHENTIK_EMAIL__TIMEOUT
|
||||||
|
label: "AUTHENTIK_EMAIL__TIMEOUT"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 10
|
||||||
|
- variable: AUTHENTIK_EMAIL__FROM
|
||||||
|
label: "AUTHENTIK_EMAIL__FROM"
|
||||||
|
description: "Email address authentik will send from, should have a correct @domain. To change the sender's display name, use a format like Name <account@domain>."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: geoip
|
||||||
|
group: "Container Configuration"
|
||||||
|
label: "Image GeoIP Updater"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: ENABLE_GEOIPUPDATER
|
||||||
|
label: "Enable CronJob for GeoIP Updater"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: GEOIPUPDATE_ACCOUNT_ID
|
||||||
|
label: "GEOIPUPDATE_ACCOUNT_ID"
|
||||||
|
description: "Your MaxMind account ID"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
default: ""
|
||||||
|
- variable: GEOIPUPDATE_LICENSE_KEY
|
||||||
|
label: "GEOIPUPDATE_LICENSE_KEY"
|
||||||
|
description: "Your case-sensitive MaxMind license key."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
default: ""
|
||||||
|
- variable: GEOIPUPDATE_EDITION_IDS
|
||||||
|
label: "GEOIPUPDATE_EDITION_IDS"
|
||||||
|
description: "ist of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "GeoIP2-City"
|
||||||
|
- variable: GEOIPUPDATE_HOST
|
||||||
|
label: "GEOIPUPDATE_HOST"
|
||||||
|
description: "The host name of the server to use. The default is updates.maxmind.com."
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "updates.maxmind.com"
|
||||||
|
- variable: GEOIPUPDATE_PRESERVE_FILE_TIMES
|
||||||
|
label: "GEOIPUPDATE_PRESERVE_FILE_TIMES"
|
||||||
|
description: "Whether to preserve modification times of files downloaded from the server. This option is either 0 or 1. The default is 0."
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 0
|
||||||
|
- variable: freqhours
|
||||||
|
label: "FREQUENCY"
|
||||||
|
description: "The number of hours between geoipupdate runs."
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 8
|
||||||
|
|
||||||
|
# Include{containerConfig}
|
||||||
|
|
||||||
|
- variable: service
|
||||||
|
group: "Networking and Services"
|
||||||
|
label: "Configure Service(s)"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: main
|
||||||
|
label: "Main Service"
|
||||||
|
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
# Include{serviceSelector}
|
||||||
|
- variable: main
|
||||||
|
label: "Main Service Port Configuration"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: port
|
||||||
|
label: "Port"
|
||||||
|
description: "This port exposes the container port on the service"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 10230
|
||||||
|
required: true
|
||||||
|
- variable: advanced
|
||||||
|
label: "Show Advanced settings"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: protocol
|
||||||
|
label: "Port Type"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "HTTP"
|
||||||
|
enum:
|
||||||
|
- value: HTTP
|
||||||
|
description: "HTTP"
|
||||||
|
- value: "HTTPS"
|
||||||
|
description: "HTTPS"
|
||||||
|
- value: TCP
|
||||||
|
description: "TCP"
|
||||||
|
- value: "UDP"
|
||||||
|
description: "UDP"
|
||||||
|
- variable: nodePort
|
||||||
|
label: "Node Port (Optional)"
|
||||||
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
min: 9000
|
||||||
|
max: 65535
|
||||||
|
- variable: targetPort
|
||||||
|
label: "Target Port"
|
||||||
|
description: "The internal(!) port on the container the Application runs on"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 9000
|
||||||
|
- variable: https
|
||||||
|
label: "https Service"
|
||||||
|
description: "The https service."
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
# Include{serviceSelector}
|
||||||
|
- variable: https
|
||||||
|
label: "https Service Port Configuration"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: port
|
||||||
|
label: "Port"
|
||||||
|
description: "This port exposes the container port on the service"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 10229
|
||||||
|
required: true
|
||||||
|
- variable: advanced
|
||||||
|
label: "Show Advanced settings"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: protocol
|
||||||
|
label: "Port Type"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "HTTPS"
|
||||||
|
enum:
|
||||||
|
- value: HTTP
|
||||||
|
description: "HTTP"
|
||||||
|
- value: "HTTPS"
|
||||||
|
description: "HTTPS"
|
||||||
|
- value: TCP
|
||||||
|
description: "TCP"
|
||||||
|
- value: "UDP"
|
||||||
|
description: "UDP"
|
||||||
|
- variable: nodePort
|
||||||
|
label: "Node Port (Optional)"
|
||||||
|
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
min: 9000
|
||||||
|
max: 65535
|
||||||
|
- variable: targetPort
|
||||||
|
label: "Target Port"
|
||||||
|
description: "The internal(!) port on the container the Application runs on"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 9443
|
||||||
|
|
||||||
|
- variable: serviceexpert
|
||||||
|
group: "Networking and Services"
|
||||||
|
label: "Show Expert Config"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: hostNetwork
|
||||||
|
group: "Networking and Services"
|
||||||
|
label: "Host-Networking (Complicated)"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
# Include{serviceExpert}
|
||||||
|
|
||||||
|
# Include{serviceList}
|
||||||
|
|
||||||
|
- variable: persistence
|
||||||
|
label: "Integrated Persistent Storage"
|
||||||
|
description: "Integrated Persistent Storage"
|
||||||
|
group: "Storage and Persistence"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: media
|
||||||
|
label: "App Media Storage"
|
||||||
|
description: "Stores the Application Media."
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: type
|
||||||
|
label: "Type of Storage"
|
||||||
|
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "simplePVC"
|
||||||
|
enum:
|
||||||
|
- value: "simplePVC"
|
||||||
|
description: "PVC (simple)"
|
||||||
|
- value: "simpleHP"
|
||||||
|
description: "HostPath (simple)"
|
||||||
|
- value: "emptyDir"
|
||||||
|
description: "emptyDir"
|
||||||
|
- value: "pvc"
|
||||||
|
description: "pvc"
|
||||||
|
- value: "hostPath"
|
||||||
|
description: "hostPath"
|
||||||
|
# Include{persistenceBasic}
|
||||||
|
- variable: hostPath
|
||||||
|
label: "hostPath"
|
||||||
|
description: "Path inside the container the storage is mounted"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "hostPath"]]
|
||||||
|
type: hostpath
|
||||||
|
- variable: medium
|
||||||
|
label: "EmptyDir Medium"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "emptyDir"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
enum:
|
||||||
|
- value: ""
|
||||||
|
description: "Default"
|
||||||
|
- value: "Memory"
|
||||||
|
description: "Memory"
|
||||||
|
# Include{persistenceAdvanced}
|
||||||
|
- variable: templates
|
||||||
|
label: "App Templates Storage"
|
||||||
|
description: "Stores the Application Templates."
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: type
|
||||||
|
label: "Type of Storage"
|
||||||
|
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "simplePVC"
|
||||||
|
enum:
|
||||||
|
- value: "simplePVC"
|
||||||
|
description: "PVC (simple)"
|
||||||
|
- value: "simpleHP"
|
||||||
|
description: "HostPath (simple)"
|
||||||
|
- value: "emptyDir"
|
||||||
|
description: "emptyDir"
|
||||||
|
- value: "pvc"
|
||||||
|
description: "pvc"
|
||||||
|
- value: "hostPath"
|
||||||
|
description: "hostPath"
|
||||||
|
# Include{persistenceBasic}
|
||||||
|
- variable: hostPath
|
||||||
|
label: "hostPath"
|
||||||
|
description: "Path inside the container the storage is mounted"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "hostPath"]]
|
||||||
|
type: hostpath
|
||||||
|
- variable: medium
|
||||||
|
label: "EmptyDir Medium"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "emptyDir"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
enum:
|
||||||
|
- value: ""
|
||||||
|
description: "Default"
|
||||||
|
- value: "Memory"
|
||||||
|
description: "Memory"
|
||||||
|
# Include{persistenceAdvanced}
|
||||||
|
- variable: certs
|
||||||
|
label: "App Certs Storage"
|
||||||
|
description: "Stores the Application Certs."
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: type
|
||||||
|
label: "Type of Storage"
|
||||||
|
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "simplePVC"
|
||||||
|
enum:
|
||||||
|
- value: "simplePVC"
|
||||||
|
description: "PVC (simple)"
|
||||||
|
- value: "simpleHP"
|
||||||
|
description: "HostPath (simple)"
|
||||||
|
- value: "emptyDir"
|
||||||
|
description: "emptyDir"
|
||||||
|
- value: "pvc"
|
||||||
|
description: "pvc"
|
||||||
|
- value: "hostPath"
|
||||||
|
description: "hostPath"
|
||||||
|
# Include{persistenceBasic}
|
||||||
|
- variable: hostPath
|
||||||
|
label: "hostPath"
|
||||||
|
description: "Path inside the container the storage is mounted"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "hostPath"]]
|
||||||
|
type: hostpath
|
||||||
|
- variable: medium
|
||||||
|
label: "EmptyDir Medium"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "emptyDir"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
enum:
|
||||||
|
- value: ""
|
||||||
|
description: "Default"
|
||||||
|
- value: "Memory"
|
||||||
|
description: "Memory"
|
||||||
|
# Include{persistenceAdvanced}
|
||||||
|
- variable: geoip
|
||||||
|
label: "App GeoIP Storage"
|
||||||
|
description: "Stores the Application GeoIP."
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: type
|
||||||
|
label: "Type of Storage"
|
||||||
|
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: "simplePVC"
|
||||||
|
enum:
|
||||||
|
- value: "simplePVC"
|
||||||
|
description: "PVC (simple)"
|
||||||
|
- value: "simpleHP"
|
||||||
|
description: "HostPath (simple)"
|
||||||
|
- value: "emptyDir"
|
||||||
|
description: "emptyDir"
|
||||||
|
- value: "pvc"
|
||||||
|
description: "pvc"
|
||||||
|
- value: "hostPath"
|
||||||
|
description: "hostPath"
|
||||||
|
# Include{persistenceBasic}
|
||||||
|
- variable: hostPath
|
||||||
|
label: "hostPath"
|
||||||
|
description: "Path inside the container the storage is mounted"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "hostPath"]]
|
||||||
|
type: hostpath
|
||||||
|
- variable: medium
|
||||||
|
label: "EmptyDir Medium"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "emptyDir"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
enum:
|
||||||
|
- value: ""
|
||||||
|
description: "Default"
|
||||||
|
- value: "Memory"
|
||||||
|
description: "Memory"
|
||||||
|
# Include{persistenceAdvanced}
|
||||||
|
|
||||||
|
# Include{persistenceList}
|
||||||
|
|
||||||
|
- variable: ingress
|
||||||
|
label: ""
|
||||||
|
group: "Ingress"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: main
|
||||||
|
label: "Main Ingress"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
# Include{ingressDefault}
|
||||||
|
|
||||||
|
# Include{ingressTLS}
|
||||||
|
|
||||||
|
# Include{ingressTraefik}
|
||||||
|
|
||||||
|
# Include{ingressExpert}
|
||||||
|
|
||||||
|
# Include{ingressList}
|
||||||
|
|
||||||
|
# Include{security}
|
||||||
|
|
||||||
|
- variable: advancedSecurity
|
||||||
|
label: "Show Advanced Security Settings"
|
||||||
|
group: "Security and Permissions"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: securityContext
|
||||||
|
label: "Security Context"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: privileged
|
||||||
|
label: "Privileged mode"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: readOnlyRootFilesystem
|
||||||
|
label: "ReadOnly Root Filesystem"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: allowPrivilegeEscalation
|
||||||
|
label: "Allow Privilege Escalation"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: runAsNonRoot
|
||||||
|
label: "runAsNonRoot"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
# Include{securityContextAdvanced}
|
||||||
|
|
||||||
|
- variable: podSecurityContext
|
||||||
|
group: "Security and Permissions"
|
||||||
|
label: "Pod Security Context"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: runAsUser
|
||||||
|
label: "runAsUser"
|
||||||
|
description: "The UserID of the user running the application"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 1000
|
||||||
|
- variable: runAsGroup
|
||||||
|
label: "runAsGroup"
|
||||||
|
description: "The groupID this App of the user running the application"
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 1000
|
||||||
|
- variable: fsGroup
|
||||||
|
label: "fsGroup"
|
||||||
|
description: "The group that should own ALL storage."
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 568
|
||||||
|
# Include{podSecurityContextAdvanced}
|
||||||
|
|
||||||
|
# Include{resources}
|
||||||
|
|
||||||
|
# Include{advanced}
|
||||||
|
|
||||||
|
# Include{addons}
|
|
@ -0,0 +1,53 @@
|
||||||
|
{{/* Define the cronjob */}}
|
||||||
|
{{- define "authentik.cronjob" -}}
|
||||||
|
{{- $jobName := include "common.names.fullname" . }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1beta1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-cronjob" $jobName }}
|
||||||
|
labels:
|
||||||
|
{{- include "common.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
schedule: "0 */{{ .Values.geoip.freqhours }} * * *"
|
||||||
|
concurrencyPolicy: Forbid
|
||||||
|
{{- with .Values.cronjob.failedJobsHistoryLimit }}
|
||||||
|
failedJobsHistoryLimit: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
|
||||||
|
successfulJobsHistoryLimit: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
jobTemplate:
|
||||||
|
metadata:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
spec:
|
||||||
|
restartPolicy: Never
|
||||||
|
{{- with (include "common.controller.volumes" . | trim) }}
|
||||||
|
volumes:
|
||||||
|
{{- nindent 12 . }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
image: "{{ .Values.geoipImage.repository }}:{{ .Values.geoipImage.tag }}"
|
||||||
|
env:
|
||||||
|
- name: GEOIPUPDATE_FREQUENCY
|
||||||
|
value: "{{ .Values.geoip.GEOIPUPDATE_FREQUENCY }}"
|
||||||
|
- name: GEOIPUPDATE_PRESERVE_FILE_TIMES
|
||||||
|
value: "{{ .Values.geoip.GEOIPUPDATE_PRESERVE_FILE_TIMES }}"
|
||||||
|
- name: GEOIPUPDATE_ACCOUNT_ID
|
||||||
|
value: {{ .Values.geoip.GEOIPUPDATE_ACCOUNT_ID }}
|
||||||
|
- name: GEOIPUPDATE_LICENSE_KEY
|
||||||
|
value: {{ .Values.geoip.GEOIPUPDATE_LICENSE_KEY }}
|
||||||
|
- name: GEOIPUPDATE_EDITION_IDS
|
||||||
|
value: {{ .Values.geoip.GEOIPUPDATE_EDITION_IDS }}
|
||||||
|
- name: GEOIPUPDATE_HOST
|
||||||
|
value: {{ .Values.geoip.GEOIPUPDATE_HOST }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: geoip
|
||||||
|
mountPath: "/usr/share/GeoIP"
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.resources | indent 16 }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{/* Define the secrets */}}
|
||||||
|
{{- define "authentik.secrets" -}}
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: authentik-secrets
|
||||||
|
{{- $authentikprevious := lookup "v1" "Secret" .Release.Namespace "authentik-secrets" }}
|
||||||
|
{{- $secret_key := "" }}
|
||||||
|
data:
|
||||||
|
{{- if $authentikprevious}}
|
||||||
|
AUTHENTIK_SECRET_KEY: {{ index $authentikprevious.data "AUTHENTIK_SECRET_KEY" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $secret_key := randAlphaNum 32 }}
|
||||||
|
AUTHENTIK_SECRET_KEY: {{ $secret_key | b64enc }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,13 @@
|
||||||
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "common.setup" . }}
|
||||||
|
|
||||||
|
{{/* Render secrets for authentik */}}
|
||||||
|
{{- include "authentik.secrets" . }}
|
||||||
|
|
||||||
|
{{- if .Values.geoip.ENABLE_GEOIPUPDATER }}
|
||||||
|
{{/* Render cronjob for authentik */}}
|
||||||
|
{{- include "authentik.cronjob" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "common.postSetup" . }}
|
|
@ -0,0 +1,223 @@
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/goauthentik/server
|
||||||
|
tag: 2022.4.1@sha256:bb668ae68e9cbab81539fcd79bec5f2de4eefba461e35c770f35d525d48333cb
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
geoipImage:
|
||||||
|
repository: maxmindinc/geoipupdate
|
||||||
|
tag: v4.9@sha256:ea0b06e4b753410fa865897622f256ed4b5217ff96c5cab35c61017d18830217
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
extraArgs: ["server"]
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
|
||||||
|
secret:
|
||||||
|
AK_ADMIN_PASS: "supersecret"
|
||||||
|
AK_ADMIN_TOKEN: "supersecretapitoken"
|
||||||
|
|
||||||
|
env:
|
||||||
|
AUTHENTIK_POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||||
|
AUTHENTIK_POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||||
|
AUTHENTIK_POSTGRESQL__PORT: "5432"
|
||||||
|
AUTHENTIK_REDIS__PORT: "6379"
|
||||||
|
# User Defined
|
||||||
|
AUTHENTIK_DISABLE_UPDATE_CHECK: false
|
||||||
|
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: true
|
||||||
|
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: true
|
||||||
|
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: true
|
||||||
|
AUTHENTIK_GDPR_COMPLIANCE: true
|
||||||
|
AUTHENTIK_IMPERSONATION: true
|
||||||
|
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: false
|
||||||
|
AUTHENTIK_ERROR_REPORTING__ENABLED: false
|
||||||
|
AUTHENTIK_ERROR_REPORTING__SEND_PII: false
|
||||||
|
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: " "
|
||||||
|
AUTHENTIK_DEFAULT_TOKEN_LENGTH: 128
|
||||||
|
AUTHENTIK_AVATARS: "gravatar"
|
||||||
|
AUTHENTIK_LOG_LEVEL: "warning"
|
||||||
|
AUTHENTIK_EMAIL__HOST: ""
|
||||||
|
AUTHENTIK_EMAIL__PORT: 25
|
||||||
|
AUTHENTIK_EMAIL__USERNAME: ""
|
||||||
|
AUTHENTIK_EMAIL__PASSWORD: ""
|
||||||
|
AUTHENTIK_EMAIL__USE_TLS: false
|
||||||
|
AUTHENTIK_EMAIL__USE_SSL: false
|
||||||
|
AUTHENTIK_EMAIL__TIMEOUT: 10
|
||||||
|
AUTHENTIK_EMAIL__FROM: ""
|
||||||
|
|
||||||
|
envValueFrom:
|
||||||
|
AUTHENTIK_POSTGRESQL__HOST:
|
||||||
|
secretKeyRef:
|
||||||
|
name: dbcreds
|
||||||
|
key: plainhost
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
name: dbcreds
|
||||||
|
key: postgresql-password
|
||||||
|
AUTHENTIK_REDIS__HOST:
|
||||||
|
secretKeyRef:
|
||||||
|
name: rediscreds
|
||||||
|
key: plainhost
|
||||||
|
AUTHENTIK_REDIS__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
name: rediscreds
|
||||||
|
key: redis-password
|
||||||
|
AUTHENTIK_SECRET_KEY:
|
||||||
|
secretKeyRef:
|
||||||
|
name: authentik-secrets
|
||||||
|
key: AUTHENTIK_SECRET_KEY
|
||||||
|
|
||||||
|
geoip:
|
||||||
|
# Set image's frequence to 0, so it executes once and exits.
|
||||||
|
GEOIPUPDATE_FREQUENCY: 0
|
||||||
|
# User Defined
|
||||||
|
ENABLE_GEOIPUPDATER: false
|
||||||
|
# How often should we run the cronjob to update geoip
|
||||||
|
freqhours: 8
|
||||||
|
GEOIPUPDATE_ACCOUNT_ID: ""
|
||||||
|
GEOIPUPDATE_LICENSE_KEY: ""
|
||||||
|
GEOIPUPDATE_EDITION_IDS: "GeoIP2-City"
|
||||||
|
GEOIPUPDATE_HOST: "updates.maxmind.com"
|
||||||
|
GEOIPUPDATE_PRESERVE_FILE_TIMES: 0
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
path: "/-/health/live"
|
||||||
|
readiness:
|
||||||
|
path: "/-/health/ready"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
port: 10230
|
||||||
|
targetPort: 9000
|
||||||
|
https:
|
||||||
|
enabled: true
|
||||||
|
ports:
|
||||||
|
https:
|
||||||
|
enabled: true
|
||||||
|
protocol: "HTTPS"
|
||||||
|
port: 10229
|
||||||
|
targetPort: 9443
|
||||||
|
|
||||||
|
additionalContainers:
|
||||||
|
worker:
|
||||||
|
name: worker
|
||||||
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||||
|
args: ["worker"]
|
||||||
|
volumeMounts:
|
||||||
|
- name: media
|
||||||
|
mountPath: "/media"
|
||||||
|
- name: templates
|
||||||
|
mountPath: "/templates"
|
||||||
|
- name: certs
|
||||||
|
mountPath: "/certs"
|
||||||
|
- name: geoip
|
||||||
|
mountPath: "/geoip"
|
||||||
|
env:
|
||||||
|
- name: AUTHENTIK_REDIS__PORT
|
||||||
|
value: "6379"
|
||||||
|
- name: AUTHENTIK_REDIS__HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: rediscreds
|
||||||
|
key: plainhost
|
||||||
|
- name: AUTHENTIK_REDIS__PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: rediscreds
|
||||||
|
key: redis-password
|
||||||
|
- name: AUTHENTIK_POSTGRESQL__NAME
|
||||||
|
value: "{{ .Values.postgresql.postgresqlDatabase }}"
|
||||||
|
- name: AUTHENTIK_POSTGRESQL__USER
|
||||||
|
value: "{{ .Values.postgresql.postgresqlUsername }}"
|
||||||
|
- name: AUTHENTIK_POSTGRESQL__PORT
|
||||||
|
value: "5432"
|
||||||
|
- name: AUTHENTIK_POSTGRESQL__HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: dbcreds
|
||||||
|
key: plainhost
|
||||||
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: dbcreds
|
||||||
|
key: postgresql-password
|
||||||
|
- name: AUTHENTIK_SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: authentik-secrets
|
||||||
|
key: AUTHENTIK_SECRET_KEY
|
||||||
|
- name: AUTHENTIK_LOG_LEVEL
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_LOG_LEVEL }}"
|
||||||
|
- name: AUTHENTIK_DISABLE_UPDATE_CHECK
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_DISABLE_UPDATE_CHECK }}"
|
||||||
|
- name: AUTHENTIK_ERROR_REPORTING__ENABLED
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENABLED }}"
|
||||||
|
- name: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENVIRONMENT }}"
|
||||||
|
- name: AUTHENTIK_ERROR_REPORTING__SEND_PII
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__SEND_PII }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__HOST
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__HOST }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__PORT
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__PORT }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__USERNAME
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__USERNAME }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__PASSWORD
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__PASSWORD }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__USE_TLS
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_TLS }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__USE_SSL
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_SSL }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__TIMEOUT
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__TIMEOUT }}"
|
||||||
|
- name: AUTHENTIK_EMAIL__FROM
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__FROM }}"
|
||||||
|
- name: AUTHENTIK_AVATARS
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_AVATARS }}"
|
||||||
|
- name: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_NAME }}"
|
||||||
|
- name: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL }}"
|
||||||
|
- name: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME }}"
|
||||||
|
- name: AUTHENTIK_GDPR_COMPLIANCE
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_GDPR_COMPLIANCE }}"
|
||||||
|
- name: AUTHENTIK_DEFAULT_TOKEN_LENGTH
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_TOKEN_LENGTH }}"
|
||||||
|
- name: AUTHENTIK_IMPERSONATION
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_IMPERSONATION }}"
|
||||||
|
- name: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
|
||||||
|
value: "{{ .Values.env.AUTHENTIK_DISABLE_STARTUP_ANALYTICS }}"
|
||||||
|
|
||||||
|
cronjob:
|
||||||
|
annotations: {}
|
||||||
|
failedJobsHistoryLimit: 5
|
||||||
|
successfulJobsHistoryLimit: 2
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
media:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/media"
|
||||||
|
templates:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/templates"
|
||||||
|
certs:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/certs"
|
||||||
|
geoip:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/geoip"
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
existingSecret: "dbcreds"
|
||||||
|
postgresqlUsername: baserow
|
||||||
|
postgresqlDatabase: baserow
|
||||||
|
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
existingSecret: "rediscreds"
|
Loading…
Reference in New Issue