image: repository: tccr.io/truecharts/authentik tag: v2023.5.3@sha256:55c6eea8ce8d936379b34a05c0d0558a0ca737e71a72d27600d27ce23bc369e3 pullPolicy: IfNotPresent geoipImage: repository: tccr.io/truecharts/geoipupdate tag: v5.1.0@sha256:9397c7e4d99ab79d620bd7c6ecbad3558ac581dfc2c9432d98dd066ae7d55c71 pullPolicy: IfNotPresent ldapImage: repository: tccr.io/truecharts/authentik-ldap tag: v2023.5.3@sha256:7ac0f5c4ad334c9480548cf2d5978fe0f6105809c9deeb8d40c450486863526f pullPolicy: IfNotPresent radiusImage: repository: tccr.io/truecharts/authentik-radius tag: v2023.5.3@sha256:d46f4dbc727d5d6f6c91df0f6a2bf98d2c941de908fdc15193552413331e375b pullPolicy: IfNotPresent proxyImage: repository: tccr.io/truecharts/authentik-proxy tag: v2023.5.3@sha256:d46f4dbc727d5d6f6c91df0f6a2bf98d2c941de908fdc15193552413331e375b pullPolicy: IfNotPresent authentik: credentials: # Only works on initial install email: my-mail@example.com password: my-password general: disableUpdateCheck: false disableStartupAnalytics: true allowUserChangeName: true allowUserChangeEmail: true allowUserChangeUsername: true gdprCompliance: true tokenLength: 128 impersonation: true avatars: - gravatar - initials footerLinks: - name: Authentik href: https://goauthentik.io email: host: "" port: 587 username: password: useTLS: true useSSL: false timeout: 10 from: "" ldap: tlsCiphers: "null" taskTimeoutHours: 2 logging: # info, debug, warning, error, trace logLevel: info errorReporting: enabled: false sendPII: false environment: customer sentryDSN: "" geoip: enabled: false editionID: GeoLite2-City frequency: 8 accountID: "" licenseKey: "" outposts: # Experimental feature disableEmbeddedOutpost: false proxy: enabled: false token: "" radius: enabled: false token: "" ldap: enabled: false token: "" # ===== DO NOT EDIT BELOW THIS LINE ===== workload: # ===== Server ===== main: enabled: true type: Deployment podSpec: containers: main: enabled: true primary: true imageSelector: image securityContext: runAsUser: 1000 runAsGroup: 1000 # readOnlyRootFilesystem: false envFrom: - configMapRef: name: server - secretRef: name: server-worker - configMapRef: name: server-worker args: - server probes: liveness: enabled: true type: exec command: - /lifecycle/ak - healthcheck readiness: enabled: true type: exec command: - /lifecycle/ak - healthcheck startup: enabled: true type: exec command: - /lifecycle/ak - healthcheck # ===== Worker ===== worker: enabled: true type: Deployment podSpec: containers: worker: enabled: true primary: true imageSelector: image securityContext: runAsUser: 1000 runAsGroup: 1000 # readOnlyRootFilesystem: false envFrom: - secretRef: name: server-worker - configMapRef: name: server-worker args: - worker probes: liveness: enabled: true type: exec command: - /lifecycle/ak - healthcheck readiness: enabled: true type: exec command: - /lifecycle/ak - healthcheck startup: enabled: true type: exec command: - /lifecycle/ak - healthcheck # ===== PROXY ===== proxy: enabled: true type: Deployment podSpec: containers: proxy: enabled: true primary: true imageSelector: proxyImage securityContext: runAsUser: 1000 runAsGroup: 1000 envFrom: - configMapRef: name: proxy - secretRef: name: proxy probes: liveness: enabled: true type: exec command: - /proxy - healthcheck readiness: enabled: true type: exec command: - /proxy - healthcheck startup: enabled: true type: exec command: - /proxy - healthcheck # ===== RADIUS ===== radius: enabled: true type: Deployment podSpec: containers: radius: enabled: true primary: true imageSelector: radiusImage securityContext: runAsUser: 1000 runAsGroup: 1000 envFrom: - configMapRef: name: radius - secretRef: name: radius probes: liveness: enabled: true type: exec command: - /radius - healthcheck readiness: enabled: true type: exec command: - /radius - healthcheck startup: enabled: true type: exec command: - /radius - healthcheck # ===== LDAP ===== ldap: enabled: true type: Deployment podSpec: containers: ldap: enabled: true primary: true imageSelector: ldapImage securityContext: runAsUser: 1000 runAsGroup: 1000 envFrom: - configMapRef: name: ldap - secretRef: name: ldap probes: liveness: enabled: true type: exec command: - /ldap - healthcheck readiness: enabled: true type: exec command: - /ldap - healthcheck startup: enabled: true type: exec command: - /ldap - healthcheck # ===== GeoIP Updater ===== geoip: enabled: true type: Deployment podSpec: containers: geoip: enabled: true primary: true imageSelector: geoipImage securityContext: runAsUser: 0 runAsGroup: 0 capabilities: disableS6Caps: true envFrom: - configMapRef: name: geoip - secretRef: name: geoip probes: liveness: enabled: false readiness: enabled: false startup: enabled: false service: # Server HTTPS main: ports: main: protocol: https port: 10229 # Server HTTP http: enabled: true type: ClusterIP ports: http: enabled: true protocol: http port: 10230 # Proxy proxy: ports: http: protocol: http port: 10227 https: enabled: true protocol: https port: 10228 # Radius radius: enabled: true ports: radius: enabled: true protocol: udp port: 1812 # LDAP ldap: enabled: true ports: ldap: enabled: true port: 389 # LDAPS ldaps: enabled: true ports: ldaps: enabled: true port: 636 # Server Metrics servermetrics: enabled: true type: ClusterIP ports: servermetrics: enabled: true protocol: http port: 10231 # Radius Metrics radiusmetrics: enabled: true type: ClusterIP ports: radiusmetrics: enabled: true protocol: http port: 10232 # LDAP Metrics ldapmetrics: enabled: true type: ClusterIP ports: ldapmetrics: enabled: true protocol: http port: 10233 # Proxy Metrics proxymetrics: enabled: true type: ClusterIP ports: proxymetrics: enabled: true protocol: http port: 10234 persistence: media: enabled: true targetSelector: main: main: mountPath: /media worker: worker: mountPath: /media templates: enabled: true targetSelector: main: main: mountPath: /templates worker: worker: mountPath: /templates blueprints: enabled: true targetSelector: worker: worker: mountPath: /blueprints certs: enabled: true mountPath: /certs targetSelector: worker: worker: mountPath: /certs geoip: enabled: true targetSelector: main: main: mountPath: /geoip worker: worker: mountPath: /geoip geoip: geoip: mountPath: /usr/share/GeoIP cnpg: main: enabled: true user: authentik database: authentik redis: enabled: true portal: open: enabled: true metrics: # FIXME: Metrics do not work yet servermetrics: enabled: true type: servicemonitor endpoints: - port: "{{ .Values.service.servermetrics.ports.servermetrics.port }}" path: /metrics prometheusRule: enabled: false radiusmetrics: enabled: true type: servicemonitor endpoints: - port: "{{ .Values.service.radiusmetrics.ports.radiusmetrics.port }}" path: /metrics prometheusRule: enabled: false ldapmetrics: enabled: true type: servicemonitor endpoints: - port: "{{ .Values.service.ldapmetrics.ports.ldapmetrics.port }}" path: /metrics prometheusRule: enabled: false proxymetrics: enabled: true type: servicemonitor endpoints: - port: "{{ .Values.service.proxymetrics.ports.proxymetrics.port }}" path: /metrics prometheusRule: enabled: false