From 8a8c12f68a905a242e17abc049068396d6177ae0 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Wed, 9 Nov 2022 10:01:23 -0600 Subject: [PATCH] add authentik --- argocd/templates/authentik.yaml | 23 +++++ authentik/Chart.yaml | 12 +++ authentik/values.yaml | 153 ++++++++++++++++++++++++++++++++ 3 files changed, 188 insertions(+) create mode 100644 argocd/templates/authentik.yaml create mode 100644 authentik/Chart.yaml create mode 100644 authentik/values.yaml diff --git a/argocd/templates/authentik.yaml b/argocd/templates/authentik.yaml new file mode 100644 index 0000000..fa6ef1b --- /dev/null +++ b/argocd/templates/authentik.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authentik + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: authentik + directory: + recurese: true + destination: + namespace: authentik + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/authentik/Chart.yaml b/authentik/Chart.yaml new file mode 100644 index 0000000..1fdd992 --- /dev/null +++ b/authentik/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: nextcloud +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" + +dependencies: +- name: nextcloud + repository: https://nextcloud.github.io/helm/ + version: 2.14.4 diff --git a/authentik/values.yaml b/authentik/values.yaml new file mode 100644 index 0000000..f94bb42 --- /dev/null +++ b/authentik/values.yaml @@ -0,0 +1,153 @@ +authentik: + + replicas: 1 + priorityClassName: + securityContext: {} + + worker: + replicas: 1 + priorityClassName: + securityContext: {} + + image: + repository: ghcr.io/goauthentik/server + pullPolicy: Always + + ingress: + enabled: true + ingressClassName: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + labels: {} + hosts: + - host: authentik.durp.info + paths: + - path: "/" + pathType: Prefix + tls: + - secretName: authentik-tls + hosts: + - authentik.durp.info + + + authentik: + log_level: info + secret_key: "A2dfUl0aqRCrlZS6EumjXsrWPRlm6+Ry7CTnfL0Xw1Jc/W2B" + geoip: /geoip/GeoLite2-City.mmdb + avatars: gravatar + email: + host: "" + port: 587 + username: "" + password: "" + use_tls: false + use_ssl: false + timeout: 30 + from: "" + outposts: + container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s + error_reporting: + enabled: false + environment: "k8s" + send_pii: false + postgresql: + host: '{{ .Release.Name }}-postgresql' + name: "authentik" + user: "authentik" + password: "testpassword" + port: 5432 + s3_backup: + access_key: "" + secret_key: "" + bucket: "" + region: "" + host: "" + location: "" + insecure_skip_verify: false + redis: + host: '{{ .Release.Name }}-redis-master' + password: "testpassword" + + blueprints: [] + + env: {} + + envFrom: [] + + envValueFrom: {} + + service: + enabled: true + type: ClusterIP + port: 80 + name: http + protocol: TCP + labels: {} + annotations: {} + + volumes: [] + + volumeMounts: [] + + affinity: {} + + tolerations: [] + + nodeSelector: {} + + resources: + server: {} + worker: {} + + livenessProbe: + enabled: true + httpGet: + path: /-/health/live/ + port: http + initialDelaySeconds: 50 + periodSeconds: 10 + + readinessProbe: + enabled: true + httpGet: + path: /-/health/ready/ + port: http + initialDelaySeconds: 50 + periodSeconds: 10 + + serviceAccount: + create: true + + prometheus: + serviceMonitor: + create: false + interval: 30s + scrapeTimeout: 3s + rules: + create: false + + geoip: + enabled: false + accountId: "" + licenseKey: "" + editionIds: "GeoLite2-City" + image: maxmindinc/geoipupdate:v4.8 + # -- number of hours between update runs + updateInterval: 8 + + postgresql: + enabled: false + postgresqlUsername: "authentik" + # postgresqlPassword: "" + postgresqlDatabase: "authentik" + persistence: + enabled: true + storageClass: nfs-storage + accessModes: + - ReadWriteMany + redis: + enabled: false + architecture: standalone + auth: + enabled: false +