add(authentik)

This commit is contained in:
nold 2023-08-07 20:57:47 +02:00
parent a7ddf12087
commit 861218f35b
4 changed files with 19 additions and 38 deletions

View file

@ -2,7 +2,7 @@ apiVersion: postgresql.cnpg.io/v1
kind: Cluster kind: Cluster
metadata: metadata:
name: authentik-db name: authentik-db
namespace: authentik namespace: auth
spec: spec:
instances: 1 instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:15 imageName: ghcr.io/cloudnative-pg/postgresql:15

View file

@ -0,0 +1,12 @@
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
metadata:
name: authentik-redis
namespace: auth
spec:
sentinel:
replicas: 1
redis:
replicas: 1
auth:
secretPath: redis

View file

@ -14,3 +14,6 @@ apps:
keys: keys:
- secretkey - secretkey
- accesskey - accesskey
- name: redis
keys:
- password

View file

@ -23,19 +23,11 @@ image:
repository: ghcr.io/goauthentik/server repository: ghcr.io/goauthentik/server
tag: 2022.11.3 tag: 2022.11.3
# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values
initContainers: {}
# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values
additionalContainers: {}
ingress: ingress:
enabled: true enabled: true
ingressClassName: "ingress-internal-traefik" ingressClassName: "ingress-internal"
annotations: annotations:
cert-manager.io/cluster-issuer: "vault-issuer" cert-manager.io/cluster-issuer: "vault-issuer"
traefik.ingress.kubernetes.io/router.tls: 'true'
labels: {}
hosts: hosts:
- host: auth.dc - host: auth.dc
paths: paths:
@ -90,7 +82,7 @@ authentik:
# -- set the postgresql hostname to talk to # -- set the postgresql hostname to talk to
# if unset and .Values.postgresql.enabled == true, will generate the default # if unset and .Values.postgresql.enabled == true, will generate the default
# @default -- `{{ .Release.Name }}-postgresql` # @default -- `{{ .Release.Name }}-postgresql`
host: 'authentik-db-rw.authentik.svc.cluster.local' host: 'authentik-db-rw.auth.svc.cluster.local'
# -- postgresql Database name # -- postgresql Database name
# @default -- `authentik` # @default -- `authentik`
name: "app" name: "app"
@ -128,41 +120,15 @@ envValueFrom:
name: authentik name: authentik
service:
# -- Service that is created to access authentik
enabled: true
type: ClusterIP
port: 80
name: http
protocol: TCP
labels: {}
annotations: {}
volumes: []
volumeMounts: []
resources: resources:
server: {} server: {}
worker: {} worker: {}
serviceAccount:
# -- Service account is needed for managed outposts
create: true
prometheus:
serviceMonitor:
create: false
interval: 30s
scrapeTimeout: 3s
rules:
create: false
postgresql: postgresql:
enabled: false enabled: false
redis: redis:
enabled: true enabled: false
architecture: standalone architecture: standalone
auth: auth:
enabled: false enabled: false