TrueChartsClone/charts/incubator/authentik/values.yaml

222 lines
6.7 KiB
YAML

image:
repository: tccr.io/truecharts/authentik
tag: v2022.7.2@sha256:5e00c82806f99fe7a964b794a1d89614ccf0d7bb4341c0f948ff7c1de960c171
pullPolicy: IfNotPresent
geoipImage:
repository: tccr.io/truecharts/geoipupdate
tag: v4.9@sha256:8466b52179d789f1ea00f80ac102b936397250b93d4ab4302e6e6dd5713694e5
pullPolicy: IfNotPresent
extraArgs: ["server"]
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
secretEnv:
AK_ADMIN_PASS: "supersecret"
AK_ADMIN_TOKEN: "supersecretapitoken"
env:
AUTHENTIK_POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
AUTHENTIK_POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_REDIS__PORT: "6379"
# User Defined
AUTHENTIK_DISABLE_UPDATE_CHECK: false
AUTHENTIK_DEFAULT_USER_CHANGE_NAME: true
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: true
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: true
AUTHENTIK_GDPR_COMPLIANCE: true
AUTHENTIK_IMPERSONATION: true
AUTHENTIK_DISABLE_STARTUP_ANALYTICS: false
AUTHENTIK_ERROR_REPORTING__ENABLED: false
AUTHENTIK_ERROR_REPORTING__SEND_PII: false
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: " "
AUTHENTIK_DEFAULT_TOKEN_LENGTH: 128
AUTHENTIK_AVATARS: "gravatar"
AUTHENTIK_LOG_LEVEL: "warning"
AUTHENTIK_EMAIL__HOST: ""
AUTHENTIK_EMAIL__PORT: 25
AUTHENTIK_EMAIL__USERNAME: ""
AUTHENTIK_EMAIL__PASSWORD: ""
AUTHENTIK_EMAIL__USE_TLS: false
AUTHENTIK_EMAIL__USE_SSL: false
AUTHENTIK_EMAIL__TIMEOUT: 10
AUTHENTIK_EMAIL__FROM: ""
AUTHENTIK_POSTGRESQL__HOST:
secretKeyRef:
name: dbcreds
key: plainhost
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
AUTHENTIK_REDIS__HOST:
secretKeyRef:
name: rediscreds
key: plainhost
AUTHENTIK_REDIS__PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
AUTHENTIK_SECRET_KEY:
secretKeyRef:
name: authentik-secrets
key: AUTHENTIK_SECRET_KEY
geoip:
# Set image's frequence to 0, so it executes once and exits.
GEOIPUPDATE_FREQUENCY: 0
# User Defined
ENABLE_GEOIPUPDATER: false
# How often should we run the cronjob to update geoip
freqhours: 8
GEOIPUPDATE_ACCOUNT_ID: ""
GEOIPUPDATE_LICENSE_KEY: ""
GEOIPUPDATE_EDITION_IDS: "GeoIP2-City"
GEOIPUPDATE_HOST: "updates.maxmind.com"
GEOIPUPDATE_PRESERVE_FILE_TIMES: 0
probes:
liveness:
path: "/-/health/live"
readiness:
path: "/-/health/ready"
service:
main:
ports:
main:
port: 10230
targetPort: 9000
https:
enabled: true
ports:
https:
enabled: true
protocol: "HTTPS"
port: 10229
targetPort: 9443
additionalContainers:
worker:
name: worker
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
args: ["worker"]
volumeMounts:
- name: media
mountPath: "/media"
- name: templates
mountPath: "/templates"
- name: certs
mountPath: "/certs"
- name: geoip
mountPath: "/geoip"
env:
- name: AUTHENTIK_REDIS__PORT
value: "6379"
- name: AUTHENTIK_REDIS__HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
- name: AUTHENTIK_POSTGRESQL__NAME
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: AUTHENTIK_POSTGRESQL__USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: AUTHENTIK_POSTGRESQL__PORT
value: "5432"
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainhost
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secrets
key: AUTHENTIK_SECRET_KEY
- name: AUTHENTIK_LOG_LEVEL
value: "{{ .Values.env.AUTHENTIK_LOG_LEVEL }}"
- name: AUTHENTIK_DISABLE_UPDATE_CHECK
value: "{{ .Values.env.AUTHENTIK_DISABLE_UPDATE_CHECK }}"
- name: AUTHENTIK_ERROR_REPORTING__ENABLED
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENABLED }}"
- name: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENVIRONMENT }}"
- name: AUTHENTIK_ERROR_REPORTING__SEND_PII
value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__SEND_PII }}"
- name: AUTHENTIK_EMAIL__HOST
value: "{{ .Values.env.AUTHENTIK_EMAIL__HOST }}"
- name: AUTHENTIK_EMAIL__PORT
value: "{{ .Values.env.AUTHENTIK_EMAIL__PORT }}"
- name: AUTHENTIK_EMAIL__USERNAME
value: "{{ .Values.env.AUTHENTIK_EMAIL__USERNAME }}"
- name: AUTHENTIK_EMAIL__PASSWORD
value: "{{ .Values.env.AUTHENTIK_EMAIL__PASSWORD }}"
- name: AUTHENTIK_EMAIL__USE_TLS
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_TLS }}"
- name: AUTHENTIK_EMAIL__USE_SSL
value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_SSL }}"
- name: AUTHENTIK_EMAIL__TIMEOUT
value: "{{ .Values.env.AUTHENTIK_EMAIL__TIMEOUT }}"
- name: AUTHENTIK_EMAIL__FROM
value: "{{ .Values.env.AUTHENTIK_EMAIL__FROM }}"
- name: AUTHENTIK_AVATARS
value: "{{ .Values.env.AUTHENTIK_AVATARS }}"
- name: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_NAME }}"
- name: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL }}"
- name: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME }}"
- name: AUTHENTIK_GDPR_COMPLIANCE
value: "{{ .Values.env.AUTHENTIK_GDPR_COMPLIANCE }}"
- name: AUTHENTIK_DEFAULT_TOKEN_LENGTH
value: "{{ .Values.env.AUTHENTIK_DEFAULT_TOKEN_LENGTH }}"
- name: AUTHENTIK_IMPERSONATION
value: "{{ .Values.env.AUTHENTIK_IMPERSONATION }}"
- name: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
value: "{{ .Values.env.AUTHENTIK_DISABLE_STARTUP_ANALYTICS }}"
cronjob:
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
persistence:
media:
enabled: true
mountPath: "/media"
templates:
enabled: true
mountPath: "/templates"
certs:
enabled: true
mountPath: "/certs"
geoip:
enabled: true
mountPath: "/geoip"
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: authentik
postgresqlDatabase: authentik
redis:
enabled: true
existingSecret: "rediscreds"