update

master/authentik/Chart.yaml

@@ -7,6 +7,6 @@ version: 0.1.0
 appVersion: "1.16.0"
 
 dependencies:
-- name: authentik
+- name: authentik-remote-cluster
   repository: https://charts.goauthentik.io
-  version: 2024.8.3
+  version: 2.0.0

master/authentik/templates/ingress.yaml

@@ -1,42 +1,42 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authentik-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
-    kind: Rule
-    services:
-    - name: authentik-server
-      port: 80
-  tls:
-    secretName: authentik-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: authentik-tls
-spec:
-  secretName: authentik-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "authentik.durp.info"
-  dnsNames:
-  - "authentik.durp.info" 
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: authentik-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
+#apiVersion: traefik.containo.us/v1alpha1
+#kind: IngressRoute
+#metadata:
+#  name: authentik-ingress
+#spec:
+#  entryPoints:
+#    - websecure
+#  routes:
+#  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
+#    kind: Rule
+#    services:
+#    - name: authentik-server
+#      port: 80
+#  tls:
+#    secretName: authentik-tls
+#
+#---
+#
+#apiVersion: cert-manager.io/v1
+#kind: Certificate
+#metadata:
+#  name: authentik-tls
+#spec:
+#  secretName: authentik-tls
+#  issuerRef:
+#    name: letsencrypt-production
+#    kind: ClusterIssuer
+#  commonName: "authentik.durp.info"
+#  dnsNames:
+#  - "authentik.durp.info" 
+#
+#---
+#
+#kind: Service
+#apiVersion: v1
+#metadata:
+#  name: authentik-external-dns
+#  annotations:
+#    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
+#spec:
+#  type: ExternalName
+#  externalName: durp.info

master/authentik/values.yaml

@@ -1,56 +1,87 @@
 authentik:
+  # -- Provide a name in place of `authentik`. Prefer using global.nameOverride if possible
+  nameOverride: ""
+  # -- String to fully override `"authentik.fullname"`. Prefer using global.fullnameOverride if possible
+  fullnameOverride: ""
+  # -- Override the Kubernetes version, which is used to evaluate certain manifests
+  kubeVersionOverride: ""
+
+  ## Globally shared configuration for authentik components.
   global:
-    env: 
-      - name: AUTHENTIK_POSTGRESQL__PASSWORD
-        valueFrom:
-          secretKeyRef:
-            name: db-pass
-            key: dbpass
-      - name: AUTHENTIK_SECRET_KEY
-        valueFrom:
-          secretKeyRef:
-            name: db-pass
-            key: secretkey
-    revisionHistoryLimit: 1
-    image:
-      repository: registry.internal.durp.info/goauthentik/server
-      pullPolicy: Always
-  authentik:
-    outposts:
-      container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
-    postgresql:
-      host: '{{ .Release.Name }}-postgresql-hl'
-      name: "authentik"
-      user: "authentik"
-      port: 5432
-  server:
-    name: server
-    replicas: 3
-  worker:
-    replicas: 3
-  postgresql:
+    # -- Provide a name in place of `authentik`
+    nameOverride: ""
+    # -- String to fully override `"authentik.fullname"`
+    fullnameOverride: ""
+    # -- A custom namespace to override the default namespace for the deployed resources.
+    namespaceOverride: ""
+    # -- Common labels for all resources.
+    additionalLabels: {}
+      # app: authentik
+
+  # -- Annotations to apply to all resources
+  annotations: {}
+
+  serviceAccountSecret:
+    # -- Create a secret with the service account credentials
     enabled: true
-    image:
-      registry: registry.internal.durp.info
-      repository: bitnami/postgresql
-      pullPolicy: Always
-    postgresqlUsername: "authentik"
-    postgresqlDatabase: "authentik"
-    existingSecret: db-pass 
-    persistence:
-      enabled: true
-      storageClass: longhorn
-      accessModes:
-        - ReadWriteMany
-  redis:
-    enabled: true
-    master:
-      persistence:
-        enabled: false    
-    image:
-      registry: registry.internal.durp.info
-      repository: bitnami/redis
-      pullPolicy: Always
-    architecture: standalone
-    auth:
-      enabled: false
+
+  clusterRole:
+    # -- Create a clusterole in addition to a namespaced role.
+    enabled: true#
+
+    
+  #  global:
+  #    env: 
+  #      - name: AUTHENTIK_POSTGRESQL__PASSWORD
+  #        valueFrom:
+  #          secretKeyRef:
+  #            name: db-pass
+  #            key: dbpass
+  #      - name: AUTHENTIK_SECRET_KEY
+  #        valueFrom:
+  #          secretKeyRef:
+  #            name: db-pass
+  #            key: secretkey
+  #    revisionHistoryLimit: 1
+  #    image:
+  #      repository: registry.internal.durp.info/goauthentik/server
+  #      pullPolicy: Always
+  #  authentik:
+  #    outposts:
+  #      container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
+  #    postgresql:
+  #      host: '{{ .Release.Name }}-postgresql-hl'
+  #      name: "authentik"
+  #      user: "authentik"
+  #      port: 5432
+  #  server:
+  #    name: server
+  #    replicas: 3
+  #  worker:
+  #    replicas: 3
+  #  postgresql:
+  #    enabled: true
+  #    image:
+  #      registry: registry.internal.durp.info
+  #      repository: bitnami/postgresql
+  #      pullPolicy: Always
+  #    postgresqlUsername: "authentik"
+  #    postgresqlDatabase: "authentik"
+  #    existingSecret: db-pass 
+  #    persistence:
+  #      enabled: true
+  #      storageClass: longhorn
+  #      accessModes:
+  #        - ReadWriteMany
+  #  redis:
+  #    enabled: true
+  #    master:
+  #      persistence:
+  #        enabled: false    
+  #    image:
+  #      registry: registry.internal.durp.info
+  #      repository: bitnami/redis
+  #      pullPolicy: Always
+  #    architecture: standalone
+  #    auth:
+  #      enabled: false