wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

fix(authentik-application): redirect_uris

Browse source
This commit is contained in:
WrenIX 2025-01-08 22:18:21 +01:00
parent 59d61d8fe9
commit 1dd3eeb6b2
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
4 changed files with 4 additions and 287 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authentik-application/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
name: authentik-application name: authentik-application
description: "A Chart to deploy a secret for the authentik blueprint-sidecar." description: "A Chart to deploy a secret for the authentik blueprint-sidecar."
type: application type: application
version: "0.4.3" version: "0.4.4"
maintainers: maintainers:
- name: WrenIX - name: WrenIX
url: https://wrenix.eu url: https://wrenix.eu

284
authentik-application/README.adoc
View file

@ -1,284 +0,0 @@
= authentik-application
image::https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square[Version: 0.4.3]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
## Pre-Requirement
Usage of https://github.com/goauthentik/helm/pull/146
## or manual:
Install authentik with this `values.yaml`:
```yaml
serviceAccount:
create: true
additionalContainers:
- name: sidecar-blueprints
image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
env:
- name: "FOLDER"
value: "/blueprints/sidecar"
- name: "LABEL"
value: "goauthentik_blueprint"
- name: "LABEL_VALUE"
value: "1"
# - name: "NAMESPACE"
# value: "ALL"
- name: "RESOURCE"
value: "both"
- name: "UNIQUE_FILENAMES"
value: "true"
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumes:
- name: sidecar-blueprints
emptyDir: {}
```
And create an Role and bind them on to the ServiceAccount to read secrets:
```yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: authentik-blueprint-sidecar
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: authentik-blueprint-sidecar
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: authentik-blueprint-sidecar
subjects:
- kind: ServiceAccount
name: authentik
```
== Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's https://helm.sh/docs[documentation] to get started.
Once Helm has been set up correctly, fetch the charts as follows:
[source,bash]
----
helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application
----
You can install a chart release using the following command:
[source,bash]
----
helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml
----
To uninstall a chart release use `helm`'s delete command:
[source,bash]
----
helm uninstall authentik-application-release
----
== Values
.Values
|===
| Key | Type | Default | Description
| blueprint.application.bindPolicyID
| string
| `nil`
| uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled)
| blueprint.application.description
| string
| `""`
| description of application
| blueprint.application.group
| string
| `""`
| put this application in authentik in group
| blueprint.application.icon
| string
| `""`
| icon of application (url)
| blueprint.application.launchURL
| string
| `""`
|
| blueprint.application.name
| string
| `""`
| application name in menu
| blueprint.application.openInNewTab
| bool
| `false`
| open application in new tab
| blueprint.application.policyEngineMode
| string
| `"any"`
|
| blueprint.application.publisher
| string
| `""`
| publisher of application
| blueprint.application.slug
| string
| `"app-name"`
| application slug
| blueprint.authentik.domain
| string
| `"https://auth.wrenix.eu"`
| domain to authentik, used in generated url (like issuer)
| blueprint.groups
| string
| `nil`
| authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid
| blueprint.labels
| object
| `{"goauthentik_blueprint":"1"}`
| label of generated secret with blueprint
| blueprint.provider.authorizationFlow
| string
| `"default-provider-authorization-implicit-consent"`
|
| blueprint.provider.enabled
| bool
| `true`
| creat an provider for authentification (otherwise just a like in menu is created)
| blueprint.provider.name
| string
| `""`
|
| blueprint.provider.oidc.clientID
| string
| `nil`
| client id - generated if secret enabled
| blueprint.provider.oidc.clientSecret
| string
| `nil`
| client secret - generated if secret enabled
| blueprint.provider.oidc.clientType
| string
| `"confidential"`
|
| blueprint.provider.oidc.redirectURL
| string
| `""`
|
| blueprint.provider.oidc.scopes
| string
| `nil`
| Scope
| blueprint.provider.oidc.signingKey
| string
| `""`
| Need for non-curve / RSA
| blueprint.provider.proxy.cookieDomain
| string
| `""`
|
| blueprint.provider.proxy.externalHost
| string
| `nil`
|
| blueprint.provider.proxy.ingress.annotations
| list
| `[]`
| annotations to ingress for outpost
| blueprint.provider.proxy.ingress.backend
| string
| `"authentik"`
| service backend to authentik
| blueprint.provider.proxy.ingress.domain
| string
| `nil`
| domain of application (where outpost should be deployed)
| blueprint.provider.proxy.ingress.enabled
| bool
| `false`
| deploy ingress on application domain for e.g. logout (WIP)
| blueprint.provider.proxy.ingress.tls
| list
| `[]`
| tls to ingress for outpost
| blueprint.provider.proxy.skipPathRegex
| string
| `""`
|
| blueprint.provider.saml
| string
| `nil`
|
| blueprint.provider.type
| string
| `"oidc"`
| type of application connection, current support: oidc, saml and proxy
| secret.labels
| object
| `{}`
| label of secret to store generated secret
| secret.name
| string
| `""`
| name of secret to store generated secret (like clientI)
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

2
authentik-application/README.md
View file

@ -7,7 +7,7 @@ description: "A Chart to deploy a secret for the authentik blueprint-sidecar."
# authentik-application # authentik-application
![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
A Chart to deploy a secret for the authentik blueprint-sidecar. A Chart to deploy a secret for the authentik blueprint-sidecar.

3
authentik-application/files/provider/oidc.yaml.gotmpl
View file

@ -26,7 +26,8 @@
client_type: {{ .clientType | quote }} client_type: {{ .clientType | quote }}
client_id: {{ $clientID | quote }} client_id: {{ $clientID | quote }}
client_secret: {{ $clientSecret | quote }} client_secret: {{ $clientSecret | quote }}
redirect_uris: {{ .redirectURL }} redirect_uris:
- {{ .redirectURL | quote }}
{{- with .tokenDuration }} {{- with .tokenDuration }}
access_token_validity: {{ . | quote }} access_token_validity: {{ . | quote }}
{{- end }} {{- end }}