hive-apps/projects/authentik/values/authentik.yaml

# -- Server replicas
replicas: 1
worker:
  # -- worker replicas
  replicas: 1

ingress:
  enabled: true
  ingressClassName: ""
  annotations:
    cert-manager.io/cluster-issuer: vault-issuer
  labels: {}
  hosts:
    - host: auth.dc
      paths:
        - path: "/"
          pathType: Prefix
  tls:
    - hosts: ['auth.dc']
      secretName: "auth-tls"

authentik:
  # -- Log level for server and worker
  log_level: info
  # -- Secret key used for cookie singing and unique user IDs,

  # don't change this after the first install
  secret_key: ""
  # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
  geoip: /geoip/GeoLite2-City.mmdb
  # -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none'
  avatars: none
  email:
    # -- SMTP Server emails are sent from, fully optional
    host: ""
    port: 587
    # -- SMTP credentials, when left empty, not authentication will be done
    username: ""
    # -- SMTP credentials, when left empty, not authentication will be done
    password: ""
    # -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
    use_tls: false
    # -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
    use_ssl: false
    # -- Connection timeout
    timeout: 30
    # -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
    from: ""
  outposts:
    # -- Template used for managed outposts. The following placeholders can be used
    # %(type)s - the type of the outpost
    # %(version)s - version of your authentik install
    # %(build_hash)s - only for beta versions, the build hash of the image
    container_image_base: goauthentik.io/%(type)s:%(version)s
  error_reporting:
    # -- This sends anonymous usage-data, stack traces on errors and
    # performance data to sentry.beryju.org, and is fully opt-in
    enabled: false
    # -- This is a string that is sent to sentry with your error reports
    environment: "k8s"
    # -- Send PII (Personally identifiable information) data to sentry
    send_pii: false
  postgresql:
    # -- set the postgresql hostname to talk to
    # if unset and .Values.postgresql.enabled == true, will generate the default
    # @default -- `{{ .Release.Name }}-postgresql`
    host: '{{ .Release.Name }}-postgresql'
    # -- postgresql Database name
    # @default -- `authentik`
    name: "authentik"
    # -- postgresql Username
    # @default -- `authentik`
    user: "authentik"
    port: 5432
#  redis:
    # -- set the redis hostname to talk to
    # @default -- `{{ .Release.Name }}-redis-master`
#    host: '{{ .Release.Name }}-redis-master'
#    password: fuckyou

# -- see configuration options at https://goauthentik.io/docs/installation/configuration/
env: {}

envFrom: []
#  - configMapRef:
#      name: special-config

envValueFrom:
  AUTHENTIK_SECRET_KEY:
    secretKeyRef:
      key: secret_key
      name: authentik
  AUTHENTIK_POSTGRESQL__PASSWORD:
    secretKeyRef:
      key: postgresql-password
      name: postgres
  AUTHENTIK_REDIS__PASSWORD:
    secretKeyRef:
      key: password
      name: redis

service:
  # -- Service that is created to access authentik
  enabled: true
  type: ClusterIP
  port: 80
  name: http
  protocol: TCP
  labels: {}
  annotations: {}

volumes: []

volumeMounts: []

# -- affinity applied to the deployments
affinity: {}

resources:
  server: {}
  worker: {}

# WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe
# failure, but will continue on reboot. You can disable this during deployment if this is not desired
livenessProbe:
  # -- enables or disables the livenessProbe
  enabled: true
  httpGet:
    # -- liveness probe url path
    path: /-/health/live/
    port: http
  initialDelaySeconds: 50
  periodSeconds: 10

readinessProbe:
  enabled: true
  httpGet:
    path: /-/health/ready/
    port: http
  initialDelaySeconds: 50
  periodSeconds: 10

serviceAccount:
  # -- Service account is needed for managed outposts
  create: true

prometheus:
  serviceMonitor:
    create: false
    interval: 30s
    scrapeTimeout: 3s
  rules:
    create: false

geoip:
  # -- optional GeoIP, deploys a cronjob to download the maxmind database
  enabled: false
  # -- sign up under https://www.maxmind.com/en/geolite2/signup
  accountId: ""
  # -- sign up under https://www.maxmind.com/en/geolite2/signup
  licenseKey: ""
  editionIds: "GeoLite2-City"
  image: maxmindinc/geoipupdate:v4.8
  # -- number of hours between update runs
  updateInterval: 8

postgresql:
  # -- enable the bundled bitnami postgresql chart
  enabled: true
  postgresqlUsername: "authentik"
  # postgresqlPassword: ""
  postgresqlDatabase: "authentik"
  persistence:
    enabled: true
  #  storageClass:
    accessModes:
      - ReadWriteOnce
  existingSecret: postgres

redis:
  # -- enable the bundled bitnami redis chart
  enabled: true
  architecture: standalone
  auth:
    enabled: true
    existingSecret: redis
    existingSecretPasswordKey: password
Add: Authentic 2021-11-24 14:37:12 +00:00			`# -- Server replicas`
			`replicas: 1`
			`worker:`
			`# -- worker replicas`
			`replicas: 1`

			`ingress:`
			`enabled: true`
			`ingressClassName: ""`
			`annotations:`
			`cert-manager.io/cluster-issuer: vault-issuer`
			`labels: {}`
			`hosts:`
			`- host: auth.dc`
			`paths:`
			`- path: "/"`
			`pathType: Prefix`
			`tls:`
			`- hosts: ['auth.dc']`
			`secretName: "auth-tls"`

			`authentik:`
			`# -- Log level for server and worker`
			`log_level: info`
			`# -- Secret key used for cookie singing and unique user IDs,`
Add: Arrstack 2021-11-28 10:03:18 +00:00
Add: Authentic 2021-11-24 14:37:12 +00:00			`# don't change this after the first install`
			`secret_key: ""`
			`# -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.`
			`geoip: /geoip/GeoLite2-City.mmdb`
			`# -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none'`
			`avatars: none`
			`email:`
			`# -- SMTP Server emails are sent from, fully optional`
			`host: ""`
			`port: 587`
			`# -- SMTP credentials, when left empty, not authentication will be done`
			`username: ""`
			`# -- SMTP credentials, when left empty, not authentication will be done`
			`password: ""`
			`# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.`
			`use_tls: false`
			`# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.`
			`use_ssl: false`
			`# -- Connection timeout`
			`timeout: 30`
			`# -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"`
			`from: ""`
			`outposts:`
			`# -- Template used for managed outposts. The following placeholders can be used`
			`# %(type)s - the type of the outpost`
			`# %(version)s - version of your authentik install`
			`# %(build_hash)s - only for beta versions, the build hash of the image`
			`container_image_base: goauthentik.io/%(type)s:%(version)s`
			`error_reporting:`
			`# -- This sends anonymous usage-data, stack traces on errors and`
			`# performance data to sentry.beryju.org, and is fully opt-in`
			`enabled: false`
			`# -- This is a string that is sent to sentry with your error reports`
			`environment: "k8s"`
			`# -- Send PII (Personally identifiable information) data to sentry`
			`send_pii: false`
			`postgresql:`
			`# -- set the postgresql hostname to talk to`
			`# if unset and .Values.postgresql.enabled == true, will generate the default`
			# @default -- `{{ .Release.Name }}-postgresql`
			`host: '{{ .Release.Name }}-postgresql'`
			`# -- postgresql Database name`
			# @default -- `authentik`
			`name: "authentik"`
			`# -- postgresql Username`
			# @default -- `authentik`
			`user: "authentik"`
			`port: 5432`
			`# redis:`
			`# -- set the redis hostname to talk to`
			# @default -- `{{ .Release.Name }}-redis-master`
			`# host: '{{ .Release.Name }}-redis-master'`
			`# password: fuckyou`

			`# -- see configuration options at https://goauthentik.io/docs/installation/configuration/`
			`env: {}`

			`envFrom: []`
			`# - configMapRef:`
			`# name: special-config`

			`envValueFrom:`
			`AUTHENTIK_SECRET_KEY:`
			`secretKeyRef:`
			`key: secret_key`
			`name: authentik`
			`AUTHENTIK_POSTGRESQL__PASSWORD:`
			`secretKeyRef:`
			`key: postgresql-password`
			`name: postgres`
			`AUTHENTIK_REDIS__PASSWORD:`
			`secretKeyRef:`
			`key: password`
			`name: redis`

			`service:`
			`# -- Service that is created to access authentik`
			`enabled: true`
			`type: ClusterIP`
			`port: 80`
			`name: http`
			`protocol: TCP`
			`labels: {}`
			`annotations: {}`

			`volumes: []`

			`volumeMounts: []`

			`# -- affinity applied to the deployments`
			`affinity: {}`

			`resources:`
			`server: {}`
			`worker: {}`

			`# WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe`
			`# failure, but will continue on reboot. You can disable this during deployment if this is not desired`
			`livenessProbe:`
			`# -- enables or disables the livenessProbe`
			`enabled: true`
			`httpGet:`
			`# -- liveness probe url path`
			`path: /-/health/live/`
			`port: http`
			`initialDelaySeconds: 50`
			`periodSeconds: 10`

			`readinessProbe:`
			`enabled: true`
			`httpGet:`
			`path: /-/health/ready/`
			`port: http`
			`initialDelaySeconds: 50`
			`periodSeconds: 10`

			`serviceAccount:`
			`# -- Service account is needed for managed outposts`
			`create: true`

			`prometheus:`
			`serviceMonitor:`
			`create: false`
			`interval: 30s`
			`scrapeTimeout: 3s`
			`rules:`
			`create: false`

			`geoip:`
			`# -- optional GeoIP, deploys a cronjob to download the maxmind database`
			`enabled: false`
			`# -- sign up under https://www.maxmind.com/en/geolite2/signup`
			`accountId: ""`
			`# -- sign up under https://www.maxmind.com/en/geolite2/signup`
			`licenseKey: ""`
			`editionIds: "GeoLite2-City"`
			`image: maxmindinc/geoipupdate:v4.8`
			`# -- number of hours between update runs`
			`updateInterval: 8`

			`postgresql:`
			`# -- enable the bundled bitnami postgresql chart`
			`enabled: true`
			`postgresqlUsername: "authentik"`
			`# postgresqlPassword: ""`
			`postgresqlDatabase: "authentik"`
			`persistence:`
			`enabled: true`
			`# storageClass:`
			`accessModes:`
			`- ReadWriteOnce`
			`existingSecret: postgres`

			`redis:`
			`# -- enable the bundled bitnami redis chart`
			`enabled: true`
			`architecture: standalone`
			`auth:`
			`enabled: true`
			`existingSecret: redis`
			`existingSecretPasswordKey: password`