mirror of
https://github.com/nold360/hive-apps
synced 2024-12-22 13:01:21 +00:00
Add: Authentic
This commit is contained in:
parent
879600bd8c
commit
a2c31b9dd3
2 changed files with 206 additions and 0 deletions
20
projects/authentik/project.yml
Normal file
20
projects/authentik/project.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
config:
|
||||||
|
description: Authentik Authentication
|
||||||
|
|
||||||
|
apps:
|
||||||
|
- name: authentik
|
||||||
|
repoURL: https://charts.goauthentik.io/
|
||||||
|
chart: authentik
|
||||||
|
targetRevision: 4.0.3
|
||||||
|
secrets:
|
||||||
|
- name: authentik
|
||||||
|
keys:
|
||||||
|
- secret_key
|
||||||
|
- name: postgres
|
||||||
|
keys:
|
||||||
|
- postgresql-username
|
||||||
|
- postgresql-password
|
||||||
|
- postgresql-postgres-password
|
||||||
|
- name: redis
|
||||||
|
keys:
|
||||||
|
- password
|
186
projects/authentik/values/authentik.yaml
Normal file
186
projects/authentik/values/authentik.yaml
Normal file
|
@ -0,0 +1,186 @@
|
||||||
|
# -- Server replicas
|
||||||
|
replicas: 1
|
||||||
|
worker:
|
||||||
|
# -- worker replicas
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: ""
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: vault-issuer
|
||||||
|
labels: {}
|
||||||
|
hosts:
|
||||||
|
- host: auth.dc
|
||||||
|
paths:
|
||||||
|
- path: "/"
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts: ['auth.dc']
|
||||||
|
secretName: "auth-tls"
|
||||||
|
|
||||||
|
authentik:
|
||||||
|
# -- Log level for server and worker
|
||||||
|
log_level: info
|
||||||
|
# -- Secret key used for cookie singing and unique user IDs,
|
||||||
|
# don't change this after the first install
|
||||||
|
secret_key: ""
|
||||||
|
# -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
|
||||||
|
geoip: /geoip/GeoLite2-City.mmdb
|
||||||
|
# -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none'
|
||||||
|
avatars: none
|
||||||
|
email:
|
||||||
|
# -- SMTP Server emails are sent from, fully optional
|
||||||
|
host: ""
|
||||||
|
port: 587
|
||||||
|
# -- SMTP credentials, when left empty, not authentication will be done
|
||||||
|
username: ""
|
||||||
|
# -- SMTP credentials, when left empty, not authentication will be done
|
||||||
|
password: ""
|
||||||
|
# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
|
||||||
|
use_tls: false
|
||||||
|
# -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
|
||||||
|
use_ssl: false
|
||||||
|
# -- Connection timeout
|
||||||
|
timeout: 30
|
||||||
|
# -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
|
||||||
|
from: ""
|
||||||
|
outposts:
|
||||||
|
# -- Template used for managed outposts. The following placeholders can be used
|
||||||
|
# %(type)s - the type of the outpost
|
||||||
|
# %(version)s - version of your authentik install
|
||||||
|
# %(build_hash)s - only for beta versions, the build hash of the image
|
||||||
|
container_image_base: goauthentik.io/%(type)s:%(version)s
|
||||||
|
error_reporting:
|
||||||
|
# -- This sends anonymous usage-data, stack traces on errors and
|
||||||
|
# performance data to sentry.beryju.org, and is fully opt-in
|
||||||
|
enabled: false
|
||||||
|
# -- This is a string that is sent to sentry with your error reports
|
||||||
|
environment: "k8s"
|
||||||
|
# -- Send PII (Personally identifiable information) data to sentry
|
||||||
|
send_pii: false
|
||||||
|
postgresql:
|
||||||
|
# -- set the postgresql hostname to talk to
|
||||||
|
# if unset and .Values.postgresql.enabled == true, will generate the default
|
||||||
|
# @default -- `{{ .Release.Name }}-postgresql`
|
||||||
|
host: '{{ .Release.Name }}-postgresql'
|
||||||
|
# -- postgresql Database name
|
||||||
|
# @default -- `authentik`
|
||||||
|
name: "authentik"
|
||||||
|
# -- postgresql Username
|
||||||
|
# @default -- `authentik`
|
||||||
|
user: "authentik"
|
||||||
|
port: 5432
|
||||||
|
# redis:
|
||||||
|
# -- set the redis hostname to talk to
|
||||||
|
# @default -- `{{ .Release.Name }}-redis-master`
|
||||||
|
# host: '{{ .Release.Name }}-redis-master'
|
||||||
|
# password: fuckyou
|
||||||
|
|
||||||
|
# -- see configuration options at https://goauthentik.io/docs/installation/configuration/
|
||||||
|
env: {}
|
||||||
|
|
||||||
|
envFrom: []
|
||||||
|
# - configMapRef:
|
||||||
|
# name: special-config
|
||||||
|
|
||||||
|
envValueFrom:
|
||||||
|
AUTHENTIK_SECRET_KEY:
|
||||||
|
secretKeyRef:
|
||||||
|
key: secret_key
|
||||||
|
name: authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
key: postgresql-password
|
||||||
|
name: postgres
|
||||||
|
AUTHENTIK_REDIS__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
key: password
|
||||||
|
name: redis
|
||||||
|
|
||||||
|
service:
|
||||||
|
# -- Service that is created to access authentik
|
||||||
|
enabled: true
|
||||||
|
type: ClusterIP
|
||||||
|
port: 80
|
||||||
|
name: http
|
||||||
|
protocol: TCP
|
||||||
|
labels: {}
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
volumes: []
|
||||||
|
|
||||||
|
volumeMounts: []
|
||||||
|
|
||||||
|
# -- affinity applied to the deployments
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
resources:
|
||||||
|
server: {}
|
||||||
|
worker: {}
|
||||||
|
|
||||||
|
# WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe
|
||||||
|
# failure, but will continue on reboot. You can disable this during deployment if this is not desired
|
||||||
|
livenessProbe:
|
||||||
|
# -- enables or disables the livenessProbe
|
||||||
|
enabled: true
|
||||||
|
httpGet:
|
||||||
|
# -- liveness probe url path
|
||||||
|
path: /-/health/live/
|
||||||
|
port: http
|
||||||
|
initialDelaySeconds: 50
|
||||||
|
periodSeconds: 10
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
enabled: true
|
||||||
|
httpGet:
|
||||||
|
path: /-/health/ready/
|
||||||
|
port: http
|
||||||
|
initialDelaySeconds: 50
|
||||||
|
periodSeconds: 10
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# -- Service account is needed for managed outposts
|
||||||
|
create: true
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
serviceMonitor:
|
||||||
|
create: false
|
||||||
|
interval: 30s
|
||||||
|
scrapeTimeout: 3s
|
||||||
|
rules:
|
||||||
|
create: false
|
||||||
|
|
||||||
|
geoip:
|
||||||
|
# -- optional GeoIP, deploys a cronjob to download the maxmind database
|
||||||
|
enabled: false
|
||||||
|
# -- sign up under https://www.maxmind.com/en/geolite2/signup
|
||||||
|
accountId: ""
|
||||||
|
# -- sign up under https://www.maxmind.com/en/geolite2/signup
|
||||||
|
licenseKey: ""
|
||||||
|
editionIds: "GeoLite2-City"
|
||||||
|
image: maxmindinc/geoipupdate:v4.8
|
||||||
|
# -- number of hours between update runs
|
||||||
|
updateInterval: 8
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
# -- enable the bundled bitnami postgresql chart
|
||||||
|
enabled: true
|
||||||
|
postgresqlUsername: "authentik"
|
||||||
|
# postgresqlPassword: ""
|
||||||
|
postgresqlDatabase: "authentik"
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
# storageClass:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
existingSecret: postgres
|
||||||
|
|
||||||
|
redis:
|
||||||
|
# -- enable the bundled bitnami redis chart
|
||||||
|
enabled: true
|
||||||
|
architecture: standalone
|
||||||
|
auth:
|
||||||
|
enabled: true
|
||||||
|
existingSecret: redis
|
||||||
|
existingSecretPasswordKey: password
|
Loading…
Reference in a new issue