catalog/incubator/authentik/12.0.0/ix_values.yaml

291 lines
7.0 KiB
YAML

image:
repository: tccr.io/truecharts/authentik
tag: 2023.4.1@sha256:7d60414d9d5f2395b703228193e8b03c616d7fed6c3cee620940845dd0b725cb
pullPolicy: IfNotPresent
geoipImage:
repository: tccr.io/truecharts/geoipupdate
tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce
pullPolicy: IfNotPresent
ldapImage:
repository: tccr.io/truecharts/authentik-ldap
tag: 2023.4.1@sha256:f737b534c6f3a022b002bb5d635ef491273fd40f8c0b6dd64efa7f5f6265d8cf
pullPolicy: IfNotPresent
proxyImage:
repository: tccr.io/truecharts/authentik-proxy
tag: 2023.4.1@sha256:b6e40435836333bdc53afde38f4c4bfb342005b0636d769c641c79348ce1aae4
pullPolicy: IfNotPresent
securityContext:
container:
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: false
workload:
main:
replicas: 1
strategy: RollingUpdate
podSpec:
containers:
main:
args: ["server"]
envFrom:
- secretRef:
name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret'
- configMapRef:
name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config'
- configMapRef:
name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-server-config'
probes:
liveness:
type: https
path: /-/health/live/
port: "{{ .Values.service.main.ports.main.targetPort }}"
readiness:
type: https
path: /-/health/ready/
port: "{{ .Values.service.main.ports.main.targetPort }}"
startup:
type: https
path: /-/health/ready/
port: "{{ .Values.service.main.ports.main.targetPort }}"
service:
main:
ports:
main:
protocol: https
port: 10229
targetPort: 9443
http:
enabled: true
type: ClusterIP
ports:
http:
enabled: true
protocol: http
port: 10230
targetPort: 9000
# LDAP Outpost Services
ldapldaps:
enabled: true
ports:
ldapldaps:
enabled: true
port: 636
targetPort: 6636
ldapldap:
enabled: true
ports:
ldapldap:
enabled: true
port: 389
targetPort: 3389
# Proxy Outpost Services
proxyhttps:
enabled: true
ports:
proxyhttps:
enabled: true
port: 10233
protocol: https
targetPort: 9444
proxyhttp:
enabled: true
type: ClusterIP
ports:
proxyhttp:
enabled: true
port: 10234
protocol: http
targetPort: 9001
# Metrics Services
metrics:
enabled: true
type: ClusterIP
ports:
metrics:
enabled: true
protocol: http
port: 10231
targetPort: 9301
ldapmetrics:
enabled: true
type: ClusterIP
ports:
ldapmetrics:
enabled: true
port: 10232
protocol: http
targetPort: 9302
proxymetrics:
enabled: true
type: ClusterIP
ports:
proxymetrics:
enabled: true
port: 10235
protocol: http
targetPort: 9303
metrics:
# TODO
main:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: false
type: "servicemonitor"
endpoints:
- port: main
path: /metrics
interval: 1m
scrapeTimeout: 30s
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical
ingress:
proxyhttps:
autoLink: true
# Target selectors taken from authentik's compose file:
# See https://github.com/goauthentik/authentik/blob/main/docker-compose.yml
persistence:
media:
enabled: true
mountPath: "/media"
targetSelector:
main:
main: {}
worker: {}
templates:
enabled: true
mountPath: "/templates"
targetSelector:
main:
main: {}
worker: {}
certs:
enabled: true
mountPath: "/certs"
targetSelector:
main:
worker: {}
geoip:
enabled: true
mountPath: "/usr/share/GeoIP"
targetSelector:
main:
geoip: {}
cnpg:
main:
enabled: true
user: authentik
database: authentik
cnpgProvider:
port: 5432
# Enabled redis
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
redis:
enabled: true
redisProvider:
port: 6379
workerContainer:
enabled: true
authentik:
credentials:
password: "supersecret"
general:
disable_update_check: false
disable_startup_analytics: true
allow_user_name_change: true
allow_user_mail_change: true
allow_user_username_change: true
gdpr_compliance: true
impersonation: true
avatars: "gravatar,initials"
token_length: 128
# Use single quotes for footer_links
footer_links: '[{"name": "Link Name", "href": "https://mylink.com"}]'
mail:
host: ""
port: 25
tls: false
ssl: false
timeout: 10
user: ""
pass: ""
from: ""
error_reporting:
enabled: false
send_pii: false
environment: "customer"
logging:
log_level: "info"
ldap:
tls_ciphers: "null"
geoip:
enabled: false
account_id: ""
license_key: ""
proxy: ""
proxy_user_pass: ""
edition_ids: "GeoLite2-City"
frequency: 8
host_server: "updates.maxmind.com"
preserve_file_times: false
verbose: false
outposts:
ldap:
# -- First you have to create an Outpost in the GUI. Applications > Outposts
enabled: false
# -- Host Browser by default is set to the first ingress host you set
# host_browser: ""
# -- Host should not need to be overridden. Defaults to https://localhost:9443
# host: ""
# -- As we use https://localhost:9443 it's an unsecure connection
# insecure: false
# -- Token is only needed if you accidentally deleted the token within the UI
# token: ""
proxy:
# -- First you have to create an Outpost in the GUI. Applications > Outposts
enabled: false
# -- Host Browser by default is set to the first ingress host you set
# host_browser: ""
# -- As we use https://localhost:9443 it's an unsecure connection
# insecure: false
# -- Host should not need to be overridden. Defaults to https://localhost:9443
# host: ""
# -- Token is only needed if you accidentally deleted the token within the UI
# token: ""
portal:
open:
enabled: true