From 2ad04019a8a43a5087fb6dc889c61d93e8121bd4 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Wed, 5 Mar 2025 05:03:41 -0600 Subject: [PATCH] update --- master/authentik/Chart.yaml | 4 +- master/authentik/templates/ingress.yaml | 84 +++++++-------- master/authentik/values.yaml | 137 +++++++++++++++--------- 3 files changed, 128 insertions(+), 97 deletions(-) diff --git a/master/authentik/Chart.yaml b/master/authentik/Chart.yaml index c87b677..62c0fa1 100644 --- a/master/authentik/Chart.yaml +++ b/master/authentik/Chart.yaml @@ -7,6 +7,6 @@ version: 0.1.0 appVersion: "1.16.0" dependencies: -- name: authentik +- name: authentik-remote-cluster repository: https://charts.goauthentik.io - version: 2024.8.3 \ No newline at end of file + version: 2.0.0 diff --git a/master/authentik/templates/ingress.yaml b/master/authentik/templates/ingress.yaml index ac10303..2e17729 100644 --- a/master/authentik/templates/ingress.yaml +++ b/master/authentik/templates/ingress.yaml @@ -1,42 +1,42 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: authentik-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`authentik.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: authentik-server - port: 80 - tls: - secretName: authentik-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: authentik-tls -spec: - secretName: authentik-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "authentik.durp.info" - dnsNames: - - "authentik.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: authentik-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: authentik.durp.info -spec: - type: ExternalName - externalName: durp.info +#apiVersion: traefik.containo.us/v1alpha1 +#kind: IngressRoute +#metadata: +# name: authentik-ingress +#spec: +# entryPoints: +# - websecure +# routes: +# - match: Host(`authentik.durp.info`) && PathPrefix(`/`) +# kind: Rule +# services: +# - name: authentik-server +# port: 80 +# tls: +# secretName: authentik-tls +# +#--- +# +#apiVersion: cert-manager.io/v1 +#kind: Certificate +#metadata: +# name: authentik-tls +#spec: +# secretName: authentik-tls +# issuerRef: +# name: letsencrypt-production +# kind: ClusterIssuer +# commonName: "authentik.durp.info" +# dnsNames: +# - "authentik.durp.info" +# +#--- +# +#kind: Service +#apiVersion: v1 +#metadata: +# name: authentik-external-dns +# annotations: +# external-dns.alpha.kubernetes.io/hostname: authentik.durp.info +#spec: +# type: ExternalName +# externalName: durp.info diff --git a/master/authentik/values.yaml b/master/authentik/values.yaml index 716e081..ea38f16 100644 --- a/master/authentik/values.yaml +++ b/master/authentik/values.yaml @@ -1,56 +1,87 @@ authentik: + # -- Provide a name in place of `authentik`. Prefer using global.nameOverride if possible + nameOverride: "" + # -- String to fully override `"authentik.fullname"`. Prefer using global.fullnameOverride if possible + fullnameOverride: "" + # -- Override the Kubernetes version, which is used to evaluate certain manifests + kubeVersionOverride: "" + + ## Globally shared configuration for authentik components. global: - env: - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - name: db-pass - key: dbpass - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - name: db-pass - key: secretkey - revisionHistoryLimit: 1 - image: - repository: registry.internal.durp.info/goauthentik/server - pullPolicy: Always - authentik: - outposts: - container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s - postgresql: - host: '{{ .Release.Name }}-postgresql-hl' - name: "authentik" - user: "authentik" - port: 5432 - server: - name: server - replicas: 3 - worker: - replicas: 3 - postgresql: + # -- Provide a name in place of `authentik` + nameOverride: "" + # -- String to fully override `"authentik.fullname"` + fullnameOverride: "" + # -- A custom namespace to override the default namespace for the deployed resources. + namespaceOverride: "" + # -- Common labels for all resources. + additionalLabels: {} + # app: authentik + + # -- Annotations to apply to all resources + annotations: {} + + serviceAccountSecret: + # -- Create a secret with the service account credentials enabled: true - image: - registry: registry.internal.durp.info - repository: bitnami/postgresql - pullPolicy: Always - postgresqlUsername: "authentik" - postgresqlDatabase: "authentik" - existingSecret: db-pass - persistence: - enabled: true - storageClass: longhorn - accessModes: - - ReadWriteMany - redis: - enabled: true - master: - persistence: - enabled: false - image: - registry: registry.internal.durp.info - repository: bitnami/redis - pullPolicy: Always - architecture: standalone - auth: - enabled: false + + clusterRole: + # -- Create a clusterole in addition to a namespaced role. + enabled: true# + + + # global: + # env: + # - name: AUTHENTIK_POSTGRESQL__PASSWORD + # valueFrom: + # secretKeyRef: + # name: db-pass + # key: dbpass + # - name: AUTHENTIK_SECRET_KEY + # valueFrom: + # secretKeyRef: + # name: db-pass + # key: secretkey + # revisionHistoryLimit: 1 + # image: + # repository: registry.internal.durp.info/goauthentik/server + # pullPolicy: Always + # authentik: + # outposts: + # container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s + # postgresql: + # host: '{{ .Release.Name }}-postgresql-hl' + # name: "authentik" + # user: "authentik" + # port: 5432 + # server: + # name: server + # replicas: 3 + # worker: + # replicas: 3 + # postgresql: + # enabled: true + # image: + # registry: registry.internal.durp.info + # repository: bitnami/postgresql + # pullPolicy: Always + # postgresqlUsername: "authentik" + # postgresqlDatabase: "authentik" + # existingSecret: db-pass + # persistence: + # enabled: true + # storageClass: longhorn + # accessModes: + # - ReadWriteMany + # redis: + # enabled: true + # master: + # persistence: + # enabled: false + # image: + # registry: registry.internal.durp.info + # repository: bitnami/redis + # pullPolicy: Always + # architecture: standalone + # auth: + # enabled: false