222 lines
6.7 KiB
YAML
222 lines
6.7 KiB
YAML
image:
|
|
repository: tccr.io/truecharts/authentik
|
|
tag: v2022.7.2@sha256:5e00c82806f99fe7a964b794a1d89614ccf0d7bb4341c0f948ff7c1de960c171
|
|
pullPolicy: IfNotPresent
|
|
|
|
geoipImage:
|
|
repository: tccr.io/truecharts/geoipupdate
|
|
tag: v4.9@sha256:8466b52179d789f1ea00f80ac102b936397250b93d4ab4302e6e6dd5713694e5
|
|
pullPolicy: IfNotPresent
|
|
|
|
extraArgs: ["server"]
|
|
|
|
podSecurityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
|
|
secretEnv:
|
|
AK_ADMIN_PASS: "supersecret"
|
|
AK_ADMIN_TOKEN: "supersecretapitoken"
|
|
|
|
env:
|
|
AUTHENTIK_POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
|
|
AUTHENTIK_POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
|
|
AUTHENTIK_POSTGRESQL__PORT: "5432"
|
|
AUTHENTIK_REDIS__PORT: "6379"
|
|
# User Defined
|
|
AUTHENTIK_DISABLE_UPDATE_CHECK: false
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: true
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: true
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: true
|
|
AUTHENTIK_GDPR_COMPLIANCE: true
|
|
AUTHENTIK_IMPERSONATION: true
|
|
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: false
|
|
AUTHENTIK_ERROR_REPORTING__ENABLED: false
|
|
AUTHENTIK_ERROR_REPORTING__SEND_PII: false
|
|
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: " "
|
|
AUTHENTIK_DEFAULT_TOKEN_LENGTH: 128
|
|
AUTHENTIK_AVATARS: "gravatar"
|
|
AUTHENTIK_LOG_LEVEL: "warning"
|
|
AUTHENTIK_EMAIL__HOST: ""
|
|
AUTHENTIK_EMAIL__PORT: 25
|
|
AUTHENTIK_EMAIL__USERNAME: ""
|
|
AUTHENTIK_EMAIL__PASSWORD: ""
|
|
AUTHENTIK_EMAIL__USE_TLS: false
|
|
AUTHENTIK_EMAIL__USE_SSL: false
|
|
AUTHENTIK_EMAIL__TIMEOUT: 10
|
|
AUTHENTIK_EMAIL__FROM: ""
|
|
AUTHENTIK_POSTGRESQL__HOST:
|
|
secretKeyRef:
|
|
name: dbcreds
|
|
key: plainhost
|
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
|
secretKeyRef:
|
|
name: dbcreds
|
|
key: postgresql-password
|
|
AUTHENTIK_REDIS__HOST:
|
|
secretKeyRef:
|
|
name: rediscreds
|
|
key: plainhost
|
|
AUTHENTIK_REDIS__PASSWORD:
|
|
secretKeyRef:
|
|
name: rediscreds
|
|
key: redis-password
|
|
AUTHENTIK_SECRET_KEY:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: AUTHENTIK_SECRET_KEY
|
|
|
|
geoip:
|
|
# Set image's frequence to 0, so it executes once and exits.
|
|
GEOIPUPDATE_FREQUENCY: 0
|
|
# User Defined
|
|
ENABLE_GEOIPUPDATER: false
|
|
# How often should we run the cronjob to update geoip
|
|
freqhours: 8
|
|
GEOIPUPDATE_ACCOUNT_ID: ""
|
|
GEOIPUPDATE_LICENSE_KEY: ""
|
|
GEOIPUPDATE_EDITION_IDS: "GeoIP2-City"
|
|
GEOIPUPDATE_HOST: "updates.maxmind.com"
|
|
GEOIPUPDATE_PRESERVE_FILE_TIMES: 0
|
|
|
|
probes:
|
|
liveness:
|
|
path: "/-/health/live"
|
|
readiness:
|
|
path: "/-/health/ready"
|
|
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 10230
|
|
targetPort: 9000
|
|
https:
|
|
enabled: true
|
|
ports:
|
|
https:
|
|
enabled: true
|
|
protocol: "HTTPS"
|
|
port: 10229
|
|
targetPort: 9443
|
|
|
|
additionalContainers:
|
|
worker:
|
|
name: worker
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
args: ["worker"]
|
|
volumeMounts:
|
|
- name: media
|
|
mountPath: "/media"
|
|
- name: templates
|
|
mountPath: "/templates"
|
|
- name: certs
|
|
mountPath: "/certs"
|
|
- name: geoip
|
|
mountPath: "/geoip"
|
|
env:
|
|
- name: AUTHENTIK_REDIS__PORT
|
|
value: "6379"
|
|
- name: AUTHENTIK_REDIS__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: rediscreds
|
|
key: plainhost
|
|
- name: AUTHENTIK_REDIS__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: rediscreds
|
|
key: redis-password
|
|
- name: AUTHENTIK_POSTGRESQL__NAME
|
|
value: "{{ .Values.postgresql.postgresqlDatabase }}"
|
|
- name: AUTHENTIK_POSTGRESQL__USER
|
|
value: "{{ .Values.postgresql.postgresqlUsername }}"
|
|
- name: AUTHENTIK_POSTGRESQL__PORT
|
|
value: "5432"
|
|
- name: AUTHENTIK_POSTGRESQL__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dbcreds
|
|
key: plainhost
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dbcreds
|
|
key: postgresql-password
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: AUTHENTIK_SECRET_KEY
|
|
- name: AUTHENTIK_LOG_LEVEL
|
|
value: "{{ .Values.env.AUTHENTIK_LOG_LEVEL }}"
|
|
- name: AUTHENTIK_DISABLE_UPDATE_CHECK
|
|
value: "{{ .Values.env.AUTHENTIK_DISABLE_UPDATE_CHECK }}"
|
|
- name: AUTHENTIK_ERROR_REPORTING__ENABLED
|
|
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENABLED }}"
|
|
- name: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
|
|
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENVIRONMENT }}"
|
|
- name: AUTHENTIK_ERROR_REPORTING__SEND_PII
|
|
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__SEND_PII }}"
|
|
- name: AUTHENTIK_EMAIL__HOST
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__HOST }}"
|
|
- name: AUTHENTIK_EMAIL__PORT
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__PORT }}"
|
|
- name: AUTHENTIK_EMAIL__USERNAME
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__USERNAME }}"
|
|
- name: AUTHENTIK_EMAIL__PASSWORD
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__PASSWORD }}"
|
|
- name: AUTHENTIK_EMAIL__USE_TLS
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_TLS }}"
|
|
- name: AUTHENTIK_EMAIL__USE_SSL
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_SSL }}"
|
|
- name: AUTHENTIK_EMAIL__TIMEOUT
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__TIMEOUT }}"
|
|
- name: AUTHENTIK_EMAIL__FROM
|
|
value: "{{ .Values.env.AUTHENTIK_EMAIL__FROM }}"
|
|
- name: AUTHENTIK_AVATARS
|
|
value: "{{ .Values.env.AUTHENTIK_AVATARS }}"
|
|
- name: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
|
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_NAME }}"
|
|
- name: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
|
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL }}"
|
|
- name: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
|
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME }}"
|
|
- name: AUTHENTIK_GDPR_COMPLIANCE
|
|
value: "{{ .Values.env.AUTHENTIK_GDPR_COMPLIANCE }}"
|
|
- name: AUTHENTIK_DEFAULT_TOKEN_LENGTH
|
|
value: "{{ .Values.env.AUTHENTIK_DEFAULT_TOKEN_LENGTH }}"
|
|
- name: AUTHENTIK_IMPERSONATION
|
|
value: "{{ .Values.env.AUTHENTIK_IMPERSONATION }}"
|
|
- name: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
|
|
value: "{{ .Values.env.AUTHENTIK_DISABLE_STARTUP_ANALYTICS }}"
|
|
|
|
cronjob:
|
|
annotations: {}
|
|
failedJobsHistoryLimit: 5
|
|
successfulJobsHistoryLimit: 2
|
|
|
|
persistence:
|
|
media:
|
|
enabled: true
|
|
mountPath: "/media"
|
|
templates:
|
|
enabled: true
|
|
mountPath: "/templates"
|
|
certs:
|
|
enabled: true
|
|
mountPath: "/certs"
|
|
geoip:
|
|
enabled: true
|
|
mountPath: "/geoip"
|
|
|
|
postgresql:
|
|
enabled: true
|
|
existingSecret: "dbcreds"
|
|
postgresqlUsername: authentik
|
|
postgresqlDatabase: authentik
|
|
|
|
redis:
|
|
enabled: true
|
|
existingSecret: "rediscreds"
|