diff --git a/alertmanager-matrix/README.md b/alertmanager-matrix/README.md index d9844be..ee37636 100644 --- a/alertmanager-matrix/README.md +++ b/alertmanager-matrix/README.md @@ -66,6 +66,3 @@ Service for managing and receiving Alertmanager alerts on Matrix | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/alertmanager-ntfy/README.md b/alertmanager-ntfy/README.md index 90a835f..b1bebcb 100644 --- a/alertmanager-ntfy/README.md +++ b/alertmanager-ntfy/README.md @@ -57,6 +57,3 @@ Receiver for alertmanager to forward to ntfy.sh | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/authentik-application/Chart.yaml b/authentik-application/Chart.yaml index edebd3b..7760812 100644 --- a/authentik-application/Chart.yaml +++ b/authentik-application/Chart.yaml @@ -1,6 +1,67 @@ apiVersion: v2 name: authentik-application -description: A Chart to deploy a secret for the authentik blueprint-sidecar type: application version: 0.3.4 +description: |- + A Chart to deploy a secret for the authentik blueprint-sidecar. + + for usage, deploy: + https://github.com/goauthentik/helm/pull/146 + + or use: + ```yaml + serviceAccount: + create: true + + additionalContainers: + - name: sidecar-blueprints + image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" + env: + - name: "FOLDER" + value: "/blueprints/sidecar" + - name: "LABEL" + value: "goauthentik_blueprint" + - name: "LABEL_VALUE" + value: "1" + # - name: "NAMESPACE" + # value: "ALL" + - name: "RESOURCE" + value: "both" + - name: "UNIQUE_FILENAMES" + value: "true" + volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + + volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + + volumes: + - name: sidecar-blueprints + emptyDir: {} + ``` + and create an serviceaccount to read secrets: + ```yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: authentik-blueprint-sidecar + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: authentik-blueprint-sidecar + subjects: + - kind: ServiceAccount + name: authentik + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: authentik-blueprint-sidecar + rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] + ``` diff --git a/authentik-application/README.md b/authentik-application/README.md index 440a041..3ae5dcc 100644 --- a/authentik-application/README.md +++ b/authentik-application/README.md @@ -2,27 +2,87 @@ ![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -A Chart to deploy a secret for the authentik blueprint-sidecar +A Chart to deploy a secret for the authentik blueprint-sidecar. + +for usage, deploy: +https://github.com/goauthentik/helm/pull/146 + +or use: +```yaml +serviceAccount: + create: true + +additionalContainers: + - name: sidecar-blueprints + image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" + env: + - name: "FOLDER" + value: "/blueprints/sidecar" + - name: "LABEL" + value: "goauthentik_blueprint" + - name: "LABEL_VALUE" + value: "1" + # - name: "NAMESPACE" + # value: "ALL" + - name: "RESOURCE" + value: "both" + - name: "UNIQUE_FILENAMES" + value: "true" + volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + +volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + +volumes: + - name: sidecar-blueprints + emptyDir: {} +``` +and create an serviceaccount to read secrets: +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: authentik-blueprint-sidecar +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: authentik-blueprint-sidecar +subjects: + - kind: ServiceAccount + name: authentik +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: authentik-blueprint-sidecar +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +``` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) | -| blueprint.application.description | string | `""` | | -| blueprint.application.group | string | `""` | | -| blueprint.application.icon | string | `""` | | +| blueprint.application.description | string | `""` | description of application | +| blueprint.application.group | string | `""` | put this application in authentik in group | +| blueprint.application.icon | string | `""` | icon of application (url) | | blueprint.application.launchURL | string | `""` | | -| blueprint.application.name | string | `""` | | -| blueprint.application.openInNewTab | bool | `false` | | +| blueprint.application.name | string | `""` | application name in menu | +| blueprint.application.openInNewTab | bool | `false` | open application in new tab | | blueprint.application.policyEngineMode | string | `"any"` | | -| blueprint.application.publisher | string | `""` | | -| blueprint.application.slug | string | `"app-name"` | | -| blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | | -| blueprint.groups | string | `nil` | additional groups disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid | -| blueprint.labels.goauthentik_blueprint | string | `"1"` | | +| blueprint.application.publisher | string | `""` | publisher of application | +| blueprint.application.slug | string | `"app-name"` | application slug | +| blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | domain to authentik, used in generated url (like issuer) | +| blueprint.groups | string | `nil` | authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid | +| blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint | | blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` | | -| blueprint.provider.enabled | bool | `true` | | +| blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) | | blueprint.provider.name | string | `""` | | | blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled | | blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled | @@ -30,11 +90,12 @@ A Chart to deploy a secret for the authentik blueprint-sidecar | blueprint.provider.oidc.redirectURL | string | `""` | | | blueprint.provider.oidc.scopes | string | `nil` | Scope | | blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA | -| blueprint.provider.proxy | object | `{"cookieDomain":"","externalHost":null,"ingress":{"backend":"authentik","domain":null,"enabled":false},"skipPathRegex":""}` | used for proxy provider | -| blueprint.provider.proxy.ingress | object | `{"backend":"authentik","domain":null,"enabled":false}` | not yet supported | -| blueprint.provider.type | string | `"oidc"` | | -| secret.labels | object | `{}` | | -| secret.name | string | `""` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +| blueprint.provider.proxy.cookieDomain | string | `""` | | +| blueprint.provider.proxy.externalHost | string | `nil` | | +| blueprint.provider.proxy.ingress.backend | string | `"authentik"` | service backend to authentik | +| blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) | +| blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) | +| blueprint.provider.proxy.skipPathRegex | string | `""` | | +| blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc and proxy | +| secret.labels | object | `{}` | label of secret to store generated secret | +| secret.name | string | `""` | name of secret to store generated secret (like clientI) | diff --git a/authentik-application/values.yaml b/authentik-application/values.yaml index f2f133b..aaddb0d 100644 --- a/authentik-application/values.yaml +++ b/authentik-application/values.yaml @@ -1,18 +1,23 @@ secret: + # -- name of secret to store generated secret (like clientI) name: "" + # -- label of secret to store generated secret labels: {} blueprint: authentik: + # -- domain to authentik, used in generated url (like issuer) domain: "https://auth.wrenix.eu" + # -- label of generated secret with blueprint labels: goauthentik_blueprint: "1" provider: + # -- creat an provider for authentification (otherwise just a like in menu is created) enabled: true name: "" authorizationFlow: "default-provider-authorization-implicit-consent" + # -- type of application connection, current support: oidc and proxy type: "oidc" # or proxy - # used for oidc provider oidc: clientType: "confidential" # -- client id - generated if secret enabled @@ -24,30 +29,38 @@ blueprint: signingKey: "" # -- Scope scopes: - # -- used for proxy provider proxy: externalHost: skipPathRegex: "" cookieDomain: "" - # -- not yet supported ingress: + # -- deploy ingress on application domain for e.g. logout (WIP) enabled: false + # -- domain of application (where outpost should be deployed) domain: - # service backend + # -- service backend to authentik backend: authentik application: + # -- application name in menu name: "" + # -- application slug slug: "app-name" + # -- put this application in authentik in group + group: "" + # url to application + launchURL: "" + # -- open application in new tab + openInNewTab: false + # -- icon of application (url) + icon: "" + # -- description of application + description: "" + # -- publisher of application + publisher: "" # -- uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) bindPolicyID: policyEngineMode: "any" - group: "" - launchURL: "" - openInNewTab: false - icon: "" - description: "" - publisher: "" - # -- additional groups + # -- authentik groups created / give access to this application # disable any groups by set groups: [] (to a slice) # example: # - slug: "app: grafana-admin" diff --git a/conduit/README.md b/conduit/README.md index 035e3e0..2b3e6f6 100644 --- a/conduit/README.md +++ b/conduit/README.md @@ -76,6 +76,3 @@ Conduit is a simple, fast and reliable chat server powered by Matrix. | wellknown.service.port | int | `8080` | | | wellknown.service.type | string | `"ClusterIP"` | | | wellknown.tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/forgejo-runner/README.md b/forgejo-runner/README.md index f392779..1f93957 100644 --- a/forgejo-runner/README.md +++ b/forgejo-runner/README.md @@ -47,6 +47,3 @@ Deploy runner for an forgejo instance (default codeberg.org) | tolerations | list | `[]` | | | volumeMounts | list | `[]` | | | volumes | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/headscale-ui/README.md b/headscale-ui/README.md index 17e8c12..8125175 100644 --- a/headscale-ui/README.md +++ b/headscale-ui/README.md @@ -39,6 +39,3 @@ A simple Headscale web UI for small-scale deployments. | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/headscale/README.md b/headscale/README.md index a76dd39..ef4554b 100644 --- a/headscale/README.md +++ b/headscale/README.md @@ -80,6 +80,3 @@ An open source, self-hosted implementation of the Tailscale control server. | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/hydrogen-web/README.md b/hydrogen-web/README.md index 30ce37f..bca1f9a 100644 --- a/hydrogen-web/README.md +++ b/hydrogen-web/README.md @@ -47,6 +47,3 @@ A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient) | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/jellyfin/README.md b/jellyfin/README.md index efe1429..0b4de67 100644 --- a/jellyfin/README.md +++ b/jellyfin/README.md @@ -48,6 +48,3 @@ The Free Software Media System | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/miniserve/README.md b/miniserve/README.md index 4995a17..7f8d810 100644 --- a/miniserve/README.md +++ b/miniserve/README.md @@ -73,6 +73,3 @@ A Helm chart for Kubernetes | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/monitoring/README.md b/monitoring/README.md index 8fe0f78..fe0b754 100644 --- a/monitoring/README.md +++ b/monitoring/README.md @@ -32,6 +32,3 @@ Deploy helper for probes and scrapeconfig of prometheus-operator | scrapes[1].metricsPath | string | `"/minio/v2/metrics/node"` | metric path on scrape | | scrapes[1].name | string | `"minio"` | name of scrape | | scrapes[1].scheme | string | `"http"` | schema on scrape | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/ntfy/README.md b/ntfy/README.md index 79f5a49..8d6a39b 100644 --- a/ntfy/README.md +++ b/ntfy/README.md @@ -100,6 +100,3 @@ A Helm chart for Kubernetes | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/postgresql/README.md b/postgresql/README.md index 889f058..50762ba 100644 --- a/postgresql/README.md +++ b/postgresql/README.md @@ -39,6 +39,3 @@ A Helm chart for running PostgreSQL (Postgres) database | serviceAccount.create | bool | `false` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/publish.sh b/publish.sh index 6c786b4..1a03740 100755 --- a/publish.sh +++ b/publish.sh @@ -2,13 +2,14 @@ HELM_REPO=${HELM_REPO:-oci://codeberg.org/wrenix/helm-charts} +helm-docs -t ./README.md.gotmpl + for p in * ; do if [ ! -d $p ]; then continue; fi echo "${p}:"; - helm-docs -t ../README.md.gotmpl # last pkg lastTag=$(git tag -l "${p}-v*" | tail -1)