diff --git a/projects/authentik/project.yml b/projects/authentik/project.yml deleted file mode 100644 index a13a36a8..00000000 --- a/projects/authentik/project.yml +++ /dev/null @@ -1,20 +0,0 @@ -config: - description: Authentik Authentication - -apps: - - name: authentik - repoURL: https://charts.goauthentik.io/ - chart: authentik - targetRevision: 4.0.3 - secrets: - - name: authentik - keys: - - secret_key - - name: postgres - keys: - - postgresql-username - - postgresql-password - - postgresql-postgres-password - - name: redis - keys: - - password diff --git a/projects/authentik/values/authentik.yaml b/projects/authentik/values/authentik.yaml deleted file mode 100644 index 675ce718..00000000 --- a/projects/authentik/values/authentik.yaml +++ /dev/null @@ -1,187 +0,0 @@ -# -- Server replicas -replicas: 1 -worker: - # -- worker replicas - replicas: 1 - -ingress: - enabled: true - ingressClassName: "" - annotations: - cert-manager.io/cluster-issuer: vault-issuer - labels: {} - hosts: - - host: auth.dc - paths: - - path: "/" - pathType: Prefix - tls: - - hosts: ['auth.dc'] - secretName: "auth-tls" - -authentik: - # -- Log level for server and worker - log_level: info - # -- Secret key used for cookie singing and unique user IDs, - - # don't change this after the first install - secret_key: "" - # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled. - geoip: /geoip/GeoLite2-City.mmdb - # -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none' - avatars: none - email: - # -- SMTP Server emails are sent from, fully optional - host: "" - port: 587 - # -- SMTP credentials, when left empty, not authentication will be done - username: "" - # -- SMTP credentials, when left empty, not authentication will be done - password: "" - # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. - use_tls: false - # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. - use_ssl: false - # -- Connection timeout - timeout: 30 - # -- Email from address, can either be in the format "foo@bar.baz" or "authentik " - from: "" - outposts: - # -- Template used for managed outposts. The following placeholders can be used - # %(type)s - the type of the outpost - # %(version)s - version of your authentik install - # %(build_hash)s - only for beta versions, the build hash of the image - container_image_base: goauthentik.io/%(type)s:%(version)s - error_reporting: - # -- This sends anonymous usage-data, stack traces on errors and - # performance data to sentry.beryju.org, and is fully opt-in - enabled: false - # -- This is a string that is sent to sentry with your error reports - environment: "k8s" - # -- Send PII (Personally identifiable information) data to sentry - send_pii: false - postgresql: - # -- set the postgresql hostname to talk to - # if unset and .Values.postgresql.enabled == true, will generate the default - # @default -- `{{ .Release.Name }}-postgresql` - host: '{{ .Release.Name }}-postgresql' - # -- postgresql Database name - # @default -- `authentik` - name: "authentik" - # -- postgresql Username - # @default -- `authentik` - user: "authentik" - port: 5432 -# redis: - # -- set the redis hostname to talk to - # @default -- `{{ .Release.Name }}-redis-master` -# host: '{{ .Release.Name }}-redis-master' -# password: fuckyou - -# -- see configuration options at https://goauthentik.io/docs/installation/configuration/ -env: {} - -envFrom: [] -# - configMapRef: -# name: special-config - -envValueFrom: - AUTHENTIK_SECRET_KEY: - secretKeyRef: - key: secret_key - name: authentik - AUTHENTIK_POSTGRESQL__PASSWORD: - secretKeyRef: - key: postgresql-password - name: postgres - AUTHENTIK_REDIS__PASSWORD: - secretKeyRef: - key: password - name: redis - -service: - # -- Service that is created to access authentik - enabled: true - type: ClusterIP - port: 80 - name: http - protocol: TCP - labels: {} - annotations: {} - -volumes: [] - -volumeMounts: [] - -# -- affinity applied to the deployments -affinity: {} - -resources: - server: {} - worker: {} - -# WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe -# failure, but will continue on reboot. You can disable this during deployment if this is not desired -livenessProbe: - # -- enables or disables the livenessProbe - enabled: true - httpGet: - # -- liveness probe url path - path: /-/health/live/ - port: http - initialDelaySeconds: 50 - periodSeconds: 10 - -readinessProbe: - enabled: true - httpGet: - path: /-/health/ready/ - port: http - initialDelaySeconds: 50 - periodSeconds: 10 - -serviceAccount: - # -- Service account is needed for managed outposts - create: true - -prometheus: - serviceMonitor: - create: false - interval: 30s - scrapeTimeout: 3s - rules: - create: false - -geoip: - # -- optional GeoIP, deploys a cronjob to download the maxmind database - enabled: false - # -- sign up under https://www.maxmind.com/en/geolite2/signup - accountId: "" - # -- sign up under https://www.maxmind.com/en/geolite2/signup - licenseKey: "" - editionIds: "GeoLite2-City" - image: maxmindinc/geoipupdate:v4.8 - # -- number of hours between update runs - updateInterval: 8 - -postgresql: - # -- enable the bundled bitnami postgresql chart - enabled: true - postgresqlUsername: "authentik" - # postgresqlPassword: "" - postgresqlDatabase: "authentik" - persistence: - enabled: true - # storageClass: - accessModes: - - ReadWriteOnce - existingSecret: postgres - -redis: - # -- enable the bundled bitnami redis chart - enabled: true - architecture: standalone - auth: - enabled: true - existingSecret: redis - existingSecretPasswordKey: password