catalog/stable/authentik/24.10.9/ix_values.yaml

504 lines
11 KiB
YAML

image:
repository: ghcr.io/goauthentik/server
tag: 2024.2.2@sha256:29417285cf1e1a0f2dd23ae10e8e299e4acba9cf6376bf184e05a290bc578fbb
pullPolicy: IfNotPresent
geoipImage:
repository: ghcr.io/maxmind/geoipupdate
tag: v6.1.0@sha256:cdd36d36c2e1d353a990a48e5a36d42ee75089d5d9064d80d36d90c147fd2606
pullPolicy: IfNotPresent
ldapImage:
repository: ghcr.io/goauthentik/ldap
tag: 2024.2.2@sha256:d7ede5ca79392dd8ae9896950a10bdc4539296108f32399703a7bfc4e365df59
pullPolicy: IfNotPresent
radiusImage:
repository: ghcr.io/goauthentik/radius
tag: 2024.2.2@sha256:c33b00af096aed7738791a388ee072ed19032cc9ef25093077fef8ece0e52d03
pullPolicy: IfNotPresent
proxyImage:
repository: ghcr.io/goauthentik/proxy
tag: 2024.2.2@sha256:4c1e407a38588db8b7e49039a6b500de6088b044a4d528df37c31fe5e6599a11
pullPolicy: IfNotPresent
authentik:
credentials:
# Only works on initial install
email: my-mail@example.com
password: my-password
# Optional, only set if you want to use it
bootstrapToken: ""
general:
disableUpdateCheck: false
disableStartupAnalytics: true
allowUserChangeName: true
allowUserChangeEmail: true
allowUserChangeUsername: true
overwriteDefaultBlueprints: false
gdprCompliance: true
tokenLength: 128
impersonation: true
avatars:
- gravatar
- initials
footerLinks:
- name: Authentik
href: https://goauthentik.io
email:
host: ""
port: 587
username:
password:
useTLS: true
useSSL: false
timeout: 10
from: ""
ldap:
tlsCiphers: "null"
taskTimeoutHours: 2
logging:
# info, debug, warning, error, trace
logLevel: info
errorReporting:
enabled: false
sendPII: false
environment: customer
sentryDSN: ""
geoip:
enabled: false
# Ignored if enabled is true
# If enabled is false, and this is true, the
# built-in GeoIP database will be wiped
wipeBuiltInDb: false
editionID: GeoLite2-City
frequency: 8
accountID: ""
licenseKey: ""
outposts:
proxy:
enabled: false
token: ""
radius:
enabled: false
token: ""
ldap:
enabled: false
token: ""
# ===== DO NOT EDIT BELOW THIS LINE =====
workload:
# ===== Server =====
main:
enabled: true
type: Deployment
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1000
runAsGroup: 1000
# readOnlyRootFilesystem: false
envFrom:
- configMapRef:
name: server
- secretRef:
name: server-worker
- configMapRef:
name: server-worker
args:
- server
probes:
liveness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
readiness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
startup:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
# ===== Worker =====
worker:
enabled: true
type: Deployment
podSpec:
containers:
worker:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1000
runAsGroup: 1000
# readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: server-worker
- configMapRef:
name: server-worker
args:
- worker
probes:
liveness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
readiness:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
startup:
enabled: true
type: exec
command:
- /lifecycle/ak
- healthcheck
# ===== PROXY =====
proxy:
enabled: true
type: Deployment
podSpec:
containers:
proxy:
enabled: true
primary: true
imageSelector: proxyImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: proxy
- secretRef:
name: proxy
probes:
liveness:
enabled: true
type: exec
command:
- /proxy
- healthcheck
readiness:
enabled: true
type: exec
command:
- /proxy
- healthcheck
startup:
enabled: true
type: exec
command:
- /proxy
- healthcheck
# ===== RADIUS =====
radius:
enabled: true
type: Deployment
podSpec:
containers:
radius:
enabled: true
primary: true
imageSelector: radiusImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: radius
- secretRef:
name: radius
probes:
liveness:
enabled: true
type: exec
command:
- /radius
- healthcheck
readiness:
enabled: true
type: exec
command:
- /radius
- healthcheck
startup:
enabled: true
type: exec
command:
- /radius
- healthcheck
# ===== LDAP =====
ldap:
enabled: true
type: Deployment
podSpec:
containers:
ldap:
enabled: true
primary: true
imageSelector: ldapImage
securityContext:
runAsUser: 1000
runAsGroup: 1000
envFrom:
- configMapRef:
name: ldap
- secretRef:
name: ldap
probes:
liveness:
enabled: true
type: exec
command:
- /ldap
- healthcheck
readiness:
enabled: true
type: exec
command:
- /ldap
- healthcheck
startup:
enabled: true
type: exec
command:
- /ldap
- healthcheck
# ===== GeoIP Updater =====
geoip:
enabled: true
type: Deployment
podSpec:
containers:
geoip:
enabled: true
primary: true
imageSelector: geoipImage
securityContext:
runAsUser: 0
runAsGroup: 0
capabilities:
disableS6Caps: true
envFrom:
- configMapRef:
name: geoip
- secretRef:
name: geoip
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
service:
# Server HTTPS
main:
ports:
main:
protocol: https
port: 10229
# Server HTTP
http:
enabled: true
type: ClusterIP
ports:
http:
enabled: true
protocol: http
port: 10230
# Proxy
proxy:
enabled: true
targetSelector: proxy
ports:
http:
enabled: true
protocol: http
port: 10227
targetSelector: proxy
https:
enabled: true
protocol: https
port: 10228
targetSelector: proxy
# Radius
radius:
enabled: true
targetSelector: radius
ports:
radius:
enabled: true
protocol: udp
targetSelector: radius
port: 1812
# LDAP
ldap:
enabled: true
targetSelector: ldap
ports:
ldap:
enabled: true
port: 389
targetSelector: ldap
# LDAPS
ldaps:
enabled: true
targetSelector: ldap
ports:
ldaps:
enabled: true
port: 636
targetSelector: ldap
# Server Metrics
servermetrics:
enabled: true
type: ClusterIP
ports:
servermetrics:
enabled: true
protocol: http
port: 10231
# Radius Metrics
radiusmetrics:
enabled: true
type: ClusterIP
targetSelector: radius
ports:
radiusmetrics:
enabled: true
protocol: http
port: 10232
targetSelector: radius
# LDAP Metrics
ldapmetrics:
enabled: true
type: ClusterIP
targetSelector: ldap
ports:
ldapmetrics:
enabled: true
protocol: http
port: 10233
targetSelector: ldap
# Proxy Metrics
proxymetrics:
enabled: true
type: ClusterIP
targetSelector: proxy
ports:
proxymetrics:
enabled: true
protocol: http
port: 10234
targetSelector: proxy
persistence:
media:
enabled: true
targetSelector:
main:
main:
mountPath: /media
worker:
worker:
mountPath: /media
templates:
enabled: true
targetSelector:
main:
main:
mountPath: /templates
worker:
worker:
mountPath: /templates
blueprints:
enabled: true
targetSelector:
worker:
worker:
# This will automatically change to `/blueprints`
# if `overwriteDefaultBlueprints` is set to `true
# Otherwise it will respect the value specified here
mountPath: /blueprints/custom
certs:
enabled: true
mountPath: /certs
targetSelector:
worker:
worker:
mountPath: /certs
geoip:
enabled: true
targetSelector:
main:
main:
mountPath: /geoip
worker:
worker:
mountPath: /geoip
geoip:
geoip:
mountPath: /usr/share/GeoIP
cnpg:
main:
enabled: true
user: authentik
database: authentik
redis:
enabled: true
includeCommon: true
portal:
open:
enabled: true
metrics:
# FIXME: Metrics do not work yet
servermetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.servermetrics.ports.servermetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
radiusmetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.radiusmetrics.ports.radiusmetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
ldapmetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.ldapmetrics.ports.ldapmetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
proxymetrics:
enabled: true
type: servicemonitor
endpoints:
- port: "{{ .Values.service.proxymetrics.ports.proxymetrics.port }}"
path: /metrics
prometheusRule:
enabled: false
updated: true
ingress:
main:
required: true