2022-12-13 12:47:52 +00:00
|
|
|
# -- Server replicas
|
|
|
|
replicas: 1
|
|
|
|
|
|
|
|
# -- server securityContext
|
|
|
|
securityContext:
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|
|
|
|
fsGroup: 1000
|
|
|
|
|
|
|
|
worker:
|
|
|
|
# -- worker replicas
|
|
|
|
replicas: 1
|
|
|
|
# -- worker securityContext
|
|
|
|
securityContext:
|
|
|
|
runAsUser: 1000
|
|
|
|
runAsGroup: 1000
|
|
|
|
fsGroup: 1000
|
|
|
|
|
|
|
|
|
|
|
|
image:
|
|
|
|
repository: ghcr.io/goauthentik/server
|
2024-02-02 18:05:25 +00:00
|
|
|
tag: 2023.10.7
|
2022-12-13 12:47:52 +00:00
|
|
|
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
2023-08-07 18:57:47 +00:00
|
|
|
ingressClassName: "ingress-internal"
|
2022-12-13 12:47:52 +00:00
|
|
|
annotations:
|
|
|
|
cert-manager.io/cluster-issuer: "vault-issuer"
|
|
|
|
hosts:
|
|
|
|
- host: auth.dc
|
|
|
|
paths:
|
|
|
|
- path: "/"
|
|
|
|
pathType: Prefix
|
|
|
|
tls:
|
|
|
|
- secretName: auth.dc-tls
|
|
|
|
hosts:
|
|
|
|
- auth.dc
|
|
|
|
|
|
|
|
authentik:
|
|
|
|
# -- Log level for server and worker
|
|
|
|
log_level: info
|
|
|
|
# -- Secret key used for cookie singing and unique user IDs,
|
|
|
|
# don't change this after the first install
|
|
|
|
#secret_key: ""
|
|
|
|
# -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
|
|
|
|
geoip: /geoip/GeoLite2-City.mmdb
|
|
|
|
# -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none'
|
|
|
|
avatars: none
|
|
|
|
email:
|
|
|
|
# -- SMTP Server emails are sent from, fully optional
|
|
|
|
host: ""
|
|
|
|
port: 587
|
|
|
|
# -- SMTP credentials, when left empty, not authentication will be done
|
|
|
|
username: ""
|
|
|
|
# -- SMTP credentials, when left empty, not authentication will be done
|
|
|
|
password: ""
|
|
|
|
# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
|
|
|
|
use_tls: false
|
|
|
|
# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
|
|
|
|
use_ssl: false
|
|
|
|
# -- Connection timeout
|
|
|
|
timeout: 30
|
|
|
|
# -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
|
|
|
|
from: ""
|
|
|
|
outposts:
|
|
|
|
# -- Template used for managed outposts. The following placeholders can be used
|
|
|
|
# %(type)s - the type of the outpost
|
|
|
|
# %(version)s - version of your authentik install
|
|
|
|
# %(build_hash)s - only for beta versions, the build hash of the image
|
|
|
|
container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
|
|
|
|
error_reporting:
|
|
|
|
# -- This sends anonymous usage-data, stack traces on errors and
|
|
|
|
# performance data to sentry.beryju.org, and is fully opt-in
|
|
|
|
enabled: false
|
|
|
|
# -- This is a string that is sent to sentry with your error reports
|
|
|
|
environment: "k8s"
|
|
|
|
# -- Send PII (Personally identifiable information) data to sentry
|
|
|
|
send_pii: false
|
|
|
|
postgresql:
|
|
|
|
# -- set the postgresql hostname to talk to
|
|
|
|
# if unset and .Values.postgresql.enabled == true, will generate the default
|
|
|
|
# @default -- `{{ .Release.Name }}-postgresql`
|
2023-08-07 18:57:47 +00:00
|
|
|
host: 'authentik-db-rw.auth.svc.cluster.local'
|
2022-12-13 12:47:52 +00:00
|
|
|
# -- postgresql Database name
|
|
|
|
# @default -- `authentik`
|
|
|
|
name: "app"
|
|
|
|
# -- postgresql Username
|
|
|
|
# @default -- `authentik`
|
|
|
|
user: "app"
|
|
|
|
#password: ""
|
|
|
|
port: 5432
|
2023-08-07 19:13:10 +00:00
|
|
|
|
2023-08-08 12:48:55 +00:00
|
|
|
# redis:
|
|
|
|
# host: 'rfs-authentik-redis.auth.svc.cluster.local'
|
2022-12-13 12:47:52 +00:00
|
|
|
|
|
|
|
# -- List of config maps to mount blueprints from. Only keys in the
|
|
|
|
# configmap ending with ".yaml" wil be discovered and applied
|
|
|
|
blueprints: []
|
|
|
|
|
|
|
|
# -- see configuration options at https://goauthentik.io/docs/installation/configuration/
|
|
|
|
env: {}
|
|
|
|
# AUTHENTIK_VAR_NAME: VALUE
|
|
|
|
|
|
|
|
envFrom: []
|
|
|
|
# - configMapRef:
|
|
|
|
# name: special-config
|
|
|
|
|
|
|
|
envValueFrom:
|
|
|
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
|
|
|
secretKeyRef:
|
|
|
|
key: password
|
|
|
|
name: authentik-db-app
|
|
|
|
AUTHENTIK_SECRET_KEY:
|
|
|
|
secretKeyRef:
|
|
|
|
key: secret_key
|
|
|
|
name: authentik
|
2023-08-07 19:13:10 +00:00
|
|
|
AUTHENTIK_REDIS__PASSWORD:
|
|
|
|
secretKeyRef:
|
|
|
|
key: password
|
|
|
|
name: redis
|
2022-12-13 12:47:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
resources:
|
|
|
|
server: {}
|
|
|
|
worker: {}
|
|
|
|
|
|
|
|
postgresql:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
redis:
|
2023-08-08 12:48:55 +00:00
|
|
|
#FIXME: Authentik doesn't support redis+sentinal yet..
|
|
|
|
# See: https://github.com/goauthentik/authentik/pull/5395
|
|
|
|
enabled: true
|
2022-12-13 12:47:52 +00:00
|
|
|
architecture: standalone
|
|
|
|
auth:
|
2023-08-08 12:48:55 +00:00
|
|
|
enabled: true
|
|
|
|
existingSecret: "redis"
|
|
|
|
existingSecretPasswordKey: "password"
|