From 76a637b8b6d93061e98eb62b421995fd143c984e Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Thu, 29 Sep 2022 14:03:50 +0000 Subject: [PATCH] Update argocd/authentik/Chart.yaml, argocd/authentik/values.yaml, argocd/argocd/apps/authentik.yaml --- argocd/argocd/apps/authentik.yaml | 20 +++ argocd/authentik/Chart.yaml | 24 ++++ argocd/authentik/values.yaml | 224 ++++++++++++++++++++++++++++++ 3 files changed, 268 insertions(+) create mode 100644 argocd/argocd/apps/authentik.yaml create mode 100644 argocd/authentik/Chart.yaml create mode 100644 argocd/authentik/values.yaml diff --git a/argocd/argocd/apps/authentik.yaml b/argocd/argocd/apps/authentik.yaml new file mode 100644 index 0000000..b14a056 --- /dev/null +++ b/argocd/argocd/apps/authentik.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authentik + namespace: argocd +spec: + project: default + source: + repoURL: https://gitlab.com/developerdurp/linode.git + targetRevision: main + path: argocd/authentik + destination: + namespace: authentik + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/authentik/Chart.yaml b/argocd/authentik/Chart.yaml new file mode 100644 index 0000000..cd15119 --- /dev/null +++ b/argocd/authentik/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: authentik +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: authentik + repository: https://charts.goauthentik.io/ + version: 2022.9.0 +- condition: redis.enabled + name: redis + repository: https://charts.bitnami.com/bitnami + version: 15.7.6 +- condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 10.16.2 +- name: common + repository: https://library-charts.k8s-at-home.com + tags: + - bitnami-common + version: 2.x.x diff --git a/argocd/authentik/values.yaml b/argocd/authentik/values.yaml new file mode 100644 index 0000000..24f6a55 --- /dev/null +++ b/argocd/authentik/values.yaml @@ -0,0 +1,224 @@ +authentik: + # -- Server replicas + replicas: 1 + # -- Custom priority class for different treatment by the scheduler + priorityClassName: + # -- server securityContext + securityContext: {} + + worker: + # -- worker replicas + replicas: 1 + # -- Custom priority class for different treatment by the scheduler + priorityClassName: + # -- worker securityContext + securityContext: {} + + image: + repository: ghcr.io/goauthentik/server + tag: 2022.9.0 + # -- optional container image digest + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + + # -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values + initContainers: {} + + # -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values + additionalContainers: {} + + ingress: + enabled: false + ingressClassName: "" + annotations: {} + labels: {} + hosts: + - host: authentik.domain.tld + paths: + - path: "/" + pathType: Prefix + tls: [] + + authentik: + # -- Log level for server and worker + log_level: info + # -- Secret key used for cookie singing and unique user IDs, + # don't change this after the first install + secret_key: "" + # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled. + geoip: /geoip/GeoLite2-City.mmdb + # -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none' + avatars: gravatar + email: + # -- SMTP Server emails are sent from, fully optional + host: "" + port: 587 + # -- SMTP credentials, when left empty, not authentication will be done + username: "" + # -- SMTP credentials, when left empty, not authentication will be done + password: "" + # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. + use_tls: false + # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. + use_ssl: false + # -- Connection timeout + timeout: 30 + # -- Email from address, can either be in the format "foo@bar.baz" or "authentik " + from: "" + outposts: + # -- Template used for managed outposts. The following placeholders can be used + # %(type)s - the type of the outpost + # %(version)s - version of your authentik install + # %(build_hash)s - only for beta versions, the build hash of the image + container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s + error_reporting: + # -- This sends anonymous usage-data, stack traces on errors and + # performance data to sentry.beryju.org, and is fully opt-in + enabled: false + # -- This is a string that is sent to sentry with your error reports + environment: "k8s" + # -- Send PII (Personally identifiable information) data to sentry + send_pii: false + postgresql: + # -- set the postgresql hostname to talk to + # if unset and .Values.postgresql.enabled == true, will generate the default + # @default -- `{{ .Release.Name }}-postgresql` + host: '{{ .Release.Name }}-postgresql' + # -- postgresql Database name + # @default -- `authentik` + name: "authentik" + # -- postgresql Username + # @default -- `authentik` + user: "authentik" + password: "" + port: 5432 + s3_backup: + # -- optional S3 backup, access key + access_key: "" + # -- optional S3 backup, secret key + secret_key: "" + # -- optional S3 backup, bucket + bucket: "" + # -- optional S3 backup, region + region: "" + # -- optional S3 backup, host, including protocol (https://minio.domain.tld) + host: "" + # -- optional S3 backup, location in the bucket + # @default -- `"/"` + location: "" + # -- optional S3 backup, set to `true` to disable SSL certificate verification + insecure_skip_verify: false + redis: + # -- set the redis hostname to talk to + # @default -- `{{ .Release.Name }}-redis-master` + host: '{{ .Release.Name }}-redis-master' + password: "" + + # -- List of config maps to mount blueprints from. Only keys in the + # configmap ending with ".yaml" wil be discovered and applied + blueprints: [] + + # -- see configuration options at https://goauthentik.io/docs/installation/configuration/ + env: {} + # AUTHENTIK_VAR_NAME: VALUE + + envFrom: [] + # - configMapRef: + # name: special-config + + envValueFrom: {} + # AUTHENTIK_VAR_NAME: + # secretKeyRef: + # key: password + # name: my-secret + + service: + # -- Service that is created to access authentik + enabled: true + type: ClusterIP + port: 80 + name: http + protocol: TCP + labels: {} + annotations: {} + + volumes: [] + + volumeMounts: [] + + # -- affinity applied to the deployments + affinity: {} + + # -- tolerations applied to the deployments + tolerations: [] + + # -- nodeSelector applied to the deployments + nodeSelector: {} + + resources: + server: {} + worker: {} + + # WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe + # failure, but will continue on reboot. You can disable this during deployment if this is not desired + livenessProbe: + # -- enables or disables the livenessProbe + enabled: true + httpGet: + # -- liveness probe url path + path: /-/health/live/ + port: http + initialDelaySeconds: 50 + periodSeconds: 10 + + readinessProbe: + enabled: true + httpGet: + path: /-/health/ready/ + port: http + initialDelaySeconds: 50 + periodSeconds: 10 + + serviceAccount: + # -- Service account is needed for managed outposts + create: true + + prometheus: + serviceMonitor: + create: false + interval: 30s + scrapeTimeout: 3s + rules: + create: false + + geoip: + # -- optional GeoIP, deploys a cronjob to download the maxmind database + enabled: false + # -- sign up under https://www.maxmind.com/en/geolite2/signup + accountId: "" + # -- sign up under https://www.maxmind.com/en/geolite2/signup + licenseKey: "" + editionIds: "GeoLite2-City" + image: maxmindinc/geoipupdate:v4.8 + # -- number of hours between update runs + updateInterval: 8 + + postgresql: + # -- enable the bundled bitnami postgresql chart + enabled: false + postgresqlUsername: "authentik" + # postgresqlPassword: "" + postgresqlDatabase: "authentik" + # persistence: + # enabled: true + # storageClass: + # accessModes: + # - ReadWriteOnce + redis: + # -- enable the bundled bitnami redis chart + enabled: false + architecture: standalone + auth: + enabled: false +