Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>

incubator/authentik/0.0.1/CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog<br>
+
+
+<a name="authentik-0.0.1"></a>
+### authentik-0.0.1 (2022-04-22)
+
+#### Feat
+
+* add authentik ([#2535](https://github.com/truecharts/apps/issues/2535))
+

incubator/authentik/0.0.1/Chart.lock

@@ -0,0 +1,12 @@
+dependencies:
+- name: common
+  repository: https://library-charts.truecharts.org
+  version: 9.2.9
+- name: postgresql
+  repository: https://charts.truecharts.org/
+  version: 7.0.48
+- name: redis
+  repository: https://charts.truecharts.org
+  version: 2.0.40
+digest: sha256:79a7d6bb46936b025fe5cab73b2bad420cc75e3837c2b856908b9b0d4633825d
+generated: "2022-04-22T21:46:51.587633154Z"

incubator/authentik/0.0.1/Chart.yaml

@@ -0,0 +1,34 @@
+apiVersion: v2
+appVersion: "2022.4.1"
+dependencies:
+- name: common
+  repository: https://library-charts.truecharts.org
+  version: 9.2.9
+- condition: postgresql.enabled
+  name: postgresql
+  repository: https://charts.truecharts.org/
+  version: 7.0.48
+- condition: redis.enabled
+  name: redis
+  repository: https://charts.truecharts.org
+  version: 2.0.40
+description: authentik is an open-source Identity Provider focused on flexibility and versatility.
+home: https://github.com/truecharts/apps/tree/master/charts/stable/authentik
+icon: https://truecharts.org/_static/img/appicons/authentik.png
+keywords:
+- authentik
+kubeVersion: '>=1.16.0-0'
+maintainers:
+- email: info@truecharts.org
+  name: TrueCharts
+  url: https://truecharts.org
+name: authentik
+sources:
+- https://github.com/goauthentik/authentik
+- https://goauthentik.io/docs/
+version: 0.0.1
+annotations:
+  truecharts.org/catagories: |
+    - authentication
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/grade: U

incubator/authentik/0.0.1/README.md

@@ -0,0 +1,40 @@
+# Introduction
+
+authentik is an open-source Identity Provider focused on flexibility and versatility.
+
+TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
+
+## Source Code
+
+* <https://github.com/goauthentik/authentik>
+* <https://goauthentik.io/docs/>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.truecharts.org/ | postgresql | 7.0.48 |
+| https://charts.truecharts.org | redis | 2.0.40 |
+| https://library-charts.truecharts.org | common | 9.2.9 |
+
+## Installing the Chart
+
+To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/02-Installing-an-App/).
+
+## Upgrading, Rolling Back and Uninstalling the Chart
+
+To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/).
+
+## Support
+
+- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Adding-TrueCharts/) first.
+- See the [Wiki](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
+---
+All Rights Reserved - The TrueCharts Project

incubator/authentik/0.0.1/app-readme.md

@@ -0,0 +1,3 @@
+authentik is an open-source Identity Provider focused on flexibility and versatility.
+
+This App is supplied by TrueCharts, for more information please visit https://truecharts.org

incubator/authentik/0.0.1/ix_values.yaml

@@ -0,0 +1,223 @@
+image:
+  repository: ghcr.io/goauthentik/server
+  tag: 2022.4.1@sha256:bb668ae68e9cbab81539fcd79bec5f2de4eefba461e35c770f35d525d48333cb
+  pullPolicy: IfNotPresent
+
+geoipImage:
+  repository: maxmindinc/geoipupdate
+  tag: v4.9@sha256:ea0b06e4b753410fa865897622f256ed4b5217ff96c5cab35c61017d18830217
+  pullPolicy: IfNotPresent
+
+extraArgs: ["server"]
+
+podSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 1000
+
+secret:
+  AK_ADMIN_PASS: "supersecret"
+  AK_ADMIN_TOKEN: "supersecretapitoken"
+
+env:
+  AUTHENTIK_POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
+  AUTHENTIK_POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
+  AUTHENTIK_POSTGRESQL__PORT: "5432"
+  AUTHENTIK_REDIS__PORT: "6379"
+  # User Defined
+  AUTHENTIK_DISABLE_UPDATE_CHECK: false
+  AUTHENTIK_DEFAULT_USER_CHANGE_NAME: true
+  AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: true
+  AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: true
+  AUTHENTIK_GDPR_COMPLIANCE: true
+  AUTHENTIK_IMPERSONATION: true
+  AUTHENTIK_DISABLE_STARTUP_ANALYTICS: false
+  AUTHENTIK_ERROR_REPORTING__ENABLED: false
+  AUTHENTIK_ERROR_REPORTING__SEND_PII: false
+  AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: " "
+  AUTHENTIK_DEFAULT_TOKEN_LENGTH: 128
+  AUTHENTIK_AVATARS: "gravatar"
+  AUTHENTIK_LOG_LEVEL: "warning"
+  AUTHENTIK_EMAIL__HOST: ""
+  AUTHENTIK_EMAIL__PORT: 25
+  AUTHENTIK_EMAIL__USERNAME: ""
+  AUTHENTIK_EMAIL__PASSWORD: ""
+  AUTHENTIK_EMAIL__USE_TLS: false
+  AUTHENTIK_EMAIL__USE_SSL: false
+  AUTHENTIK_EMAIL__TIMEOUT: 10
+  AUTHENTIK_EMAIL__FROM: ""
+
+envValueFrom:
+  AUTHENTIK_POSTGRESQL__HOST:
+    secretKeyRef:
+      name: dbcreds
+      key: plainhost
+  AUTHENTIK_POSTGRESQL__PASSWORD:
+    secretKeyRef:
+      name: dbcreds
+      key: postgresql-password
+  AUTHENTIK_REDIS__HOST:
+    secretKeyRef:
+      name: rediscreds
+      key: plainhost
+  AUTHENTIK_REDIS__PASSWORD:
+    secretKeyRef:
+      name: rediscreds
+      key: redis-password
+  AUTHENTIK_SECRET_KEY:
+    secretKeyRef:
+      name: authentik-secrets
+      key: AUTHENTIK_SECRET_KEY
+
+geoip:
+  # Set image's frequence to 0, so it executes once and exits.
+  GEOIPUPDATE_FREQUENCY: 0
+  # User Defined
+  ENABLE_GEOIPUPDATER: false
+  # How often should we run the cronjob to update geoip
+  freqhours: 8
+  GEOIPUPDATE_ACCOUNT_ID: ""
+  GEOIPUPDATE_LICENSE_KEY: ""
+  GEOIPUPDATE_EDITION_IDS: "GeoIP2-City"
+  GEOIPUPDATE_HOST: "updates.maxmind.com"
+  GEOIPUPDATE_PRESERVE_FILE_TIMES: 0
+
+probes:
+  liveness:
+    path: "/-/health/live"
+  readiness:
+    path: "/-/health/ready"
+
+service:
+  main:
+    ports:
+      main:
+        port: 10230
+        targetPort: 9000
+  https:
+    enabled: true
+    ports:
+      https:
+        enabled: true
+        protocol: "HTTPS"
+        port: 10229
+        targetPort: 9443
+
+additionalContainers:
+  worker:
+    name: worker
+    image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+    args: ["worker"]
+    volumeMounts:
+    - name: media
+      mountPath: "/media"
+    - name: templates
+      mountPath: "/templates"
+    - name: certs
+      mountPath: "/certs"
+    - name: geoip
+      mountPath: "/geoip"
+    env:
+      - name: AUTHENTIK_REDIS__PORT
+        value: "6379"
+      - name: AUTHENTIK_REDIS__HOST
+        valueFrom:
+          secretKeyRef:
+            name: rediscreds
+            key: plainhost
+      - name: AUTHENTIK_REDIS__PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: rediscreds
+            key: redis-password
+      - name: AUTHENTIK_POSTGRESQL__NAME
+        value: "{{ .Values.postgresql.postgresqlDatabase }}"
+      - name: AUTHENTIK_POSTGRESQL__USER
+        value: "{{ .Values.postgresql.postgresqlUsername }}"
+      - name: AUTHENTIK_POSTGRESQL__PORT
+        value: "5432"
+      - name: AUTHENTIK_POSTGRESQL__HOST
+        valueFrom:
+          secretKeyRef:
+            name: dbcreds
+            key: plainhost
+      - name: AUTHENTIK_POSTGRESQL__PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: dbcreds
+            key: postgresql-password
+      - name: AUTHENTIK_SECRET_KEY
+        valueFrom:
+          secretKeyRef:
+            name: authentik-secrets
+            key: AUTHENTIK_SECRET_KEY
+      - name: AUTHENTIK_LOG_LEVEL
+        value: "{{ .Values.env.AUTHENTIK_LOG_LEVEL }}"
+      - name: AUTHENTIK_DISABLE_UPDATE_CHECK
+        value: "{{ .Values.env.AUTHENTIK_DISABLE_UPDATE_CHECK }}"
+      - name: AUTHENTIK_ERROR_REPORTING__ENABLED
+        value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENABLED }}"
+      - name: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
+        value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENVIRONMENT }}"
+      - name: AUTHENTIK_ERROR_REPORTING__SEND_PII
+        value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__SEND_PII }}"
+      - name: AUTHENTIK_EMAIL__HOST
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__HOST }}"
+      - name: AUTHENTIK_EMAIL__PORT
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__PORT }}"
+      - name: AUTHENTIK_EMAIL__USERNAME
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__USERNAME }}"
+      - name: AUTHENTIK_EMAIL__PASSWORD
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__PASSWORD }}"
+      - name: AUTHENTIK_EMAIL__USE_TLS
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_TLS }}"
+      - name: AUTHENTIK_EMAIL__USE_SSL
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_SSL }}"
+      - name: AUTHENTIK_EMAIL__TIMEOUT
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__TIMEOUT }}"
+      - name: AUTHENTIK_EMAIL__FROM
+        value: "{{ .Values.env.AUTHENTIK_EMAIL__FROM }}"
+      - name: AUTHENTIK_AVATARS
+        value: "{{ .Values.env.AUTHENTIK_AVATARS }}"
+      - name: AUTHENTIK_DEFAULT_USER_CHANGE_NAME
+        value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_NAME }}"
+      - name: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
+        value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL }}"
+      - name: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
+        value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME }}"
+      - name: AUTHENTIK_GDPR_COMPLIANCE
+        value: "{{ .Values.env.AUTHENTIK_GDPR_COMPLIANCE }}"
+      - name: AUTHENTIK_DEFAULT_TOKEN_LENGTH
+        value: "{{ .Values.env.AUTHENTIK_DEFAULT_TOKEN_LENGTH }}"
+      - name: AUTHENTIK_IMPERSONATION
+        value: "{{ .Values.env.AUTHENTIK_IMPERSONATION }}"
+      - name: AUTHENTIK_DISABLE_STARTUP_ANALYTICS
+        value: "{{ .Values.env.AUTHENTIK_DISABLE_STARTUP_ANALYTICS }}"
+
+cronjob:
+  annotations: {}
+  failedJobsHistoryLimit: 5
+  successfulJobsHistoryLimit: 2
+
+persistence:
+  media:
+    enabled: true
+    mountPath: "/media"
+  templates:
+    enabled: true
+    mountPath: "/templates"
+  certs:
+    enabled: true
+    mountPath: "/certs"
+  geoip:
+    enabled: true
+    mountPath: "/geoip"
+
+postgresql:
+  enabled: true
+  existingSecret: "dbcreds"
+  postgresqlUsername: baserow
+  postgresqlDatabase: baserow
+
+redis:
+  enabled: true
+  existingSecret: "rediscreds"

incubator/authentik/0.0.1/templates/_cronjob.tpl

@@ -0,0 +1,53 @@
+{{/* Define the cronjob */}}
+{{- define "authentik.cronjob" -}}
+{{- $jobName := include "common.names.fullname" . }}
+
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: {{ printf "%s-cronjob" $jobName }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  schedule: "0 */{{ .Values.geoip.freqhours }} * * *"
+  concurrencyPolicy: Forbid
+  {{- with .Values.cronjob.failedJobsHistoryLimit }}
+  failedJobsHistoryLimit: {{ . }}
+  {{- end }}
+  {{- with .Values.cronjob.successfulJobsHistoryLimit }}
+  successfulJobsHistoryLimit: {{ . }}
+  {{- end }}
+  jobTemplate:
+    metadata:
+    spec:
+      template:
+        metadata:
+        spec:
+          restartPolicy: Never
+          {{- with (include "common.controller.volumes" . | trim) }}
+          volumes:
+            {{- nindent 12 . }}
+          {{- end }}
+          containers:
+            - name: {{ .Chart.Name }}
+              image: "{{ .Values.geoipImage.repository }}:{{ .Values.geoipImage.tag }}"
+              env:
+                - name: GEOIPUPDATE_FREQUENCY
+                  value: "{{ .Values.geoip.GEOIPUPDATE_FREQUENCY }}"
+                - name: GEOIPUPDATE_PRESERVE_FILE_TIMES
+                  value: "{{ .Values.geoip.GEOIPUPDATE_PRESERVE_FILE_TIMES }}"
+                - name: GEOIPUPDATE_ACCOUNT_ID
+                  value: {{ .Values.geoip.GEOIPUPDATE_ACCOUNT_ID }}
+                - name: GEOIPUPDATE_LICENSE_KEY
+                  value: {{ .Values.geoip.GEOIPUPDATE_LICENSE_KEY }}
+                - name: GEOIPUPDATE_EDITION_IDS
+                  value: {{ .Values.geoip.GEOIPUPDATE_EDITION_IDS }}
+                - name: GEOIPUPDATE_HOST
+                  value: {{ .Values.geoip.GEOIPUPDATE_HOST }}
+              volumeMounts:
+              - name: geoip
+                mountPath: "/usr/share/GeoIP"
+              resources:
+{{ toYaml .Values.resources | indent 16 }}
+{{- end -}}

incubator/authentik/0.0.1/templates/_secrets.tpl

@@ -0,0 +1,20 @@
+{{/* Define the secrets */}}
+{{- define "authentik.secrets" -}}
+---
+
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: authentik-secrets
+{{- $authentikprevious := lookup "v1" "Secret" .Release.Namespace "authentik-secrets" }}
+{{- $secret_key := "" }}
+data:
+  {{- if $authentikprevious}}
+  AUTHENTIK_SECRET_KEY: {{ index $authentikprevious.data "AUTHENTIK_SECRET_KEY" }}
+  {{- else }}
+  {{- $secret_key := randAlphaNum 32 }}
+  AUTHENTIK_SECRET_KEY: {{ $secret_key | b64enc }}
+  {{- end }}
+
+{{- end -}}

incubator/authentik/0.0.1/templates/common.yaml

@@ -0,0 +1,13 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.setup" . }}
+
+{{/* Render secrets for authentik */}}
+{{- include "authentik.secrets" . }}
+
+{{- if .Values.geoip.ENABLE_GEOIPUPDATER }}
+{{/* Render cronjob for authentik */}}
+{{- include "authentik.cronjob" . }}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.postSetup" . }}

incubator/authentik/item.yaml

@@ -0,0 +1,4 @@
+icon_url: https://truecharts.org/_static/img/appicons/authentik.png
+categories:
+- authentication
+