129 lines
4.2 KiB
YAML
129 lines
4.2 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: "{{ .Release.Name }}-hr"
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: "authentik"
|
|
chart: "authentik"
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
authentik:
|
|
secret_key: {{ .Values.secret_key | default (derivePassword 1 "long" .Values.commons.masterPassword "authentik" "secret_key") | quote }}
|
|
avatars: "none"
|
|
postgresql:
|
|
host: {{ .Values.database.host | quote }}
|
|
name: {{ .Values.database.name | quote }}
|
|
user: {{ .Values.database.username | quote }}
|
|
password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "authentik" "database_password" | b64enc) | quote }}
|
|
email:
|
|
host: {{ .Values.commons.mail.host | quote }}
|
|
username: {{ .Values.commons.mail.username | quote }}
|
|
password: {{ .Values.commons.mail.password | quote }}
|
|
use_tls: {{ .Values.commons.mail.use_tls }}
|
|
use_ssl: {{ .Values.commons.mail.use_ssl }}
|
|
from: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "authentik" .Values.commons.mail.from) | quote }}
|
|
|
|
redis:
|
|
enabled: true
|
|
architecture: replication
|
|
replica:
|
|
replicaCount: 1
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
|
|
prometheusRule:
|
|
# empty rules
|
|
enabled: false
|
|
# {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
|
|
rules: []
|
|
|
|
postgresql:
|
|
enabled: false
|
|
|
|
prometheus:
|
|
serviceMonitor:
|
|
create: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
|
|
rules:
|
|
create: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
|
|
|
|
{{- $host := .Values.ingress.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
hosts:
|
|
- host: "{{ $host }}"
|
|
paths:
|
|
- path: "/"
|
|
pathType: "Prefix"
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-authentik-cert"
|
|
hosts:
|
|
- "{{ $host }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
#
|
|
# https://github.com/goauthentik/helm/pull/146
|
|
#
|
|
serviceAccount:
|
|
create: true
|
|
|
|
additionalContainers:
|
|
- name: sidecar-blueprints
|
|
image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
|
|
env:
|
|
- name: "FOLDER"
|
|
value: "/blueprints/sidecar"
|
|
- name: "LABEL"
|
|
value: "goauthentik_blueprint"
|
|
- name: "LABEL_VALUE"
|
|
value: "1"
|
|
# - name: "NAMESPACE"
|
|
# value: "ALL"
|
|
- name: "RESOURCE"
|
|
value: "both"
|
|
- name: "UNIQUE_FILENAMES"
|
|
value: "true"
|
|
volumeMounts:
|
|
- name: sidecar-blueprints
|
|
mountPath: /blueprints/sidecar
|
|
|
|
volumeMounts:
|
|
- name: sidecar-blueprints
|
|
mountPath: /blueprints/sidecar
|
|
|
|
volumes:
|
|
- name: sidecar-blueprints
|
|
emptyDir: {}
|