wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

fix(authentik-application): Improve documentation

Browse source
This commit is contained in:
WrenIX 2023-11-03 15:48:54 +01:00
parent 5a18c7e1cf
commit bdfb096a3a
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
16 changed files with 169 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
alertmanager-matrix/README.md
View file

@ -66,6 +66,3 @@ Service for managing and receiving Alertmanager alerts on Matrix
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
alertmanager-ntfy/README.md
View file

@ -57,6 +57,3 @@ Receiver for alertmanager to forward to ntfy.sh
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

63
authentik-application/Chart.yaml
View file

@ -1,6 +1,67 @@
apiVersion: v2 apiVersion: v2
name: authentik-application name: authentik-application
description: A Chart to deploy a secret for the authentik blueprint-sidecar
type: application type: application
version: 0.3.4 version: 0.3.4
description: |-
A Chart to deploy a secret for the authentik blueprint-sidecar.
for usage, deploy:
https://github.com/goauthentik/helm/pull/146
or use:
```yaml
serviceAccount:
create: true
additionalContainers:
- name: sidecar-blueprints
image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
env:
- name: "FOLDER"
value: "/blueprints/sidecar"
- name: "LABEL"
value: "goauthentik_blueprint"
- name: "LABEL_VALUE"
value: "1"
# - name: "NAMESPACE"
# value: "ALL"
- name: "RESOURCE"
value: "both"
- name: "UNIQUE_FILENAMES"
value: "true"
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumes:
- name: sidecar-blueprints
emptyDir: {}
```
and create an serviceaccount to read secrets:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: authentik-blueprint-sidecar
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: authentik-blueprint-sidecar
subjects:
- kind: ServiceAccount
name: authentik
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: authentik-blueprint-sidecar
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
```

101
authentik-application/README.md
View file

@ -2,27 +2,87 @@
![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
A Chart to deploy a secret for the authentik blueprint-sidecar A Chart to deploy a secret for the authentik blueprint-sidecar.
for usage, deploy:
https://github.com/goauthentik/helm/pull/146
or use:
```yaml
serviceAccount:
create: true
additionalContainers:
- name: sidecar-blueprints
image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
env:
- name: "FOLDER"
value: "/blueprints/sidecar"
- name: "LABEL"
value: "goauthentik_blueprint"
- name: "LABEL_VALUE"
value: "1"
# - name: "NAMESPACE"
# value: "ALL"
- name: "RESOURCE"
value: "both"
- name: "UNIQUE_FILENAMES"
value: "true"
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumes:
- name: sidecar-blueprints
emptyDir: {}
```
and create an serviceaccount to read secrets:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: authentik-blueprint-sidecar
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: authentik-blueprint-sidecar
subjects:
- kind: ServiceAccount
name: authentik
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: authentik-blueprint-sidecar
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
```
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) | | blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) |
| blueprint.application.description | string | `""` | | | blueprint.application.description | string | `""` | description of application |
| blueprint.application.group | string | `""` | | | blueprint.application.group | string | `""` | put this application in authentik in group |
| blueprint.application.icon | string | `""` | | | blueprint.application.icon | string | `""` | icon of application (url) |
| blueprint.application.launchURL | string | `""` | | | blueprint.application.launchURL | string | `""` | |
| blueprint.application.name | string | `""` | | | blueprint.application.name | string | `""` | application name in menu |
| blueprint.application.openInNewTab | bool | `false` | | | blueprint.application.openInNewTab | bool | `false` | open application in new tab |
| blueprint.application.policyEngineMode | string | `"any"` | | | blueprint.application.policyEngineMode | string | `"any"` | |
| blueprint.application.publisher | string | `""` | | | blueprint.application.publisher | string | `""` | publisher of application |
| blueprint.application.slug | string | `"app-name"` | | | blueprint.application.slug | string | `"app-name"` | application slug |
| blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | | | blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | domain to authentik, used in generated url (like issuer) |
| blueprint.groups | string | `nil` | additional groups disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid | | blueprint.groups | string | `nil` | authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid |
| blueprint.labels.goauthentik_blueprint | string | `"1"` | | | blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint |
| blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` | | | blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` | |
| blueprint.provider.enabled | bool | `true` | | | blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) |
| blueprint.provider.name | string | `""` | | | blueprint.provider.name | string | `""` | |
| blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled | | blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled |
| blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled | | blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled |
@ -30,11 +90,12 @@ A Chart to deploy a secret for the authentik blueprint-sidecar
| blueprint.provider.oidc.redirectURL | string | `""` | | | blueprint.provider.oidc.redirectURL | string | `""` | |
| blueprint.provider.oidc.scopes | string | `nil` | Scope | | blueprint.provider.oidc.scopes | string | `nil` | Scope |
| blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA | | blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA |
| blueprint.provider.proxy | object | `{"cookieDomain":"","externalHost":null,"ingress":{"backend":"authentik","domain":null,"enabled":false},"skipPathRegex":""}` | used for proxy provider | | blueprint.provider.proxy.cookieDomain | string | `""` | |
| blueprint.provider.proxy.ingress | object | `{"backend":"authentik","domain":null,"enabled":false}` | not yet supported | | blueprint.provider.proxy.externalHost | string | `nil` | |
| blueprint.provider.type | string | `"oidc"` | | | blueprint.provider.proxy.ingress.backend | string | `"authentik"` | service backend to authentik |
| secret.labels | object | `{}` | | | blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) |
| secret.name | string | `""` | | | blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) |
| blueprint.provider.proxy.skipPathRegex | string | `""` | |
---------------------------------------------- | blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc and proxy |
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) | secret.labels | object | `{}` | label of secret to store generated secret |
| secret.name | string | `""` | name of secret to store generated secret (like clientI) |

35
authentik-application/values.yaml
View file

@ -1,18 +1,23 @@
secret: secret:
# -- name of secret to store generated secret (like clientI)
name: "" name: ""
# -- label of secret to store generated secret
labels: {} labels: {}
blueprint: blueprint:
authentik: authentik:
# -- domain to authentik, used in generated url (like issuer)
domain: "https://auth.wrenix.eu" domain: "https://auth.wrenix.eu"
# -- label of generated secret with blueprint
labels: labels:
goauthentik_blueprint: "1" goauthentik_blueprint: "1"
provider: provider:
# -- creat an provider for authentification (otherwise just a like in menu is created)
enabled: true enabled: true
name: "" name: ""
authorizationFlow: "default-provider-authorization-implicit-consent" authorizationFlow: "default-provider-authorization-implicit-consent"
# -- type of application connection, current support: oidc and proxy
type: "oidc" # or proxy type: "oidc" # or proxy
# used for oidc provider
oidc: oidc:
clientType: "confidential" clientType: "confidential"
# -- client id - generated if secret enabled # -- client id - generated if secret enabled
@ -24,30 +29,38 @@ blueprint:
signingKey: "" signingKey: ""
# -- Scope # -- Scope
scopes: scopes:
# -- used for proxy provider
proxy: proxy:
externalHost: externalHost:
skipPathRegex: "" skipPathRegex: ""
cookieDomain: "" cookieDomain: ""
# -- not yet supported
ingress: ingress:
# -- deploy ingress on application domain for e.g. logout (WIP)
enabled: false enabled: false
# -- domain of application (where outpost should be deployed)
domain: domain:
# service backend # -- service backend to authentik
backend: authentik backend: authentik
application: application:
# -- application name in menu
name: "" name: ""
# -- application slug
slug: "app-name" slug: "app-name"
# -- put this application in authentik in group
group: ""
# url to application
launchURL: ""
# -- open application in new tab
openInNewTab: false
# -- icon of application (url)
icon: ""
# -- description of application
description: ""
# -- publisher of application
publisher: ""
# -- uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) # -- uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled)
bindPolicyID: bindPolicyID:
policyEngineMode: "any" policyEngineMode: "any"
group: "" # -- authentik groups created / give access to this application
launchURL: ""
openInNewTab: false
icon: ""
description: ""
publisher: ""
# -- additional groups
# disable any groups by set groups: [] (to a slice) # disable any groups by set groups: [] (to a slice)
# example: # example:
# - slug: "app: grafana-admin" # - slug: "app: grafana-admin"

3
conduit/README.md
View file

@ -76,6 +76,3 @@ Conduit is a simple, fast and reliable chat server powered by Matrix.
| wellknown.service.port | int | `8080` | | | wellknown.service.port | int | `8080` | |
| wellknown.service.type | string | `"ClusterIP"` | | | wellknown.service.type | string | `"ClusterIP"` | |
| wellknown.tolerations | list | `[]` | | | wellknown.tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
forgejo-runner/README.md
View file

@ -47,6 +47,3 @@ Deploy runner for an forgejo instance (default codeberg.org)
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
| volumeMounts | list | `[]` | | | volumeMounts | list | `[]` | |
| volumes | list | `[]` | | | volumes | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
headscale-ui/README.md
View file

@ -39,6 +39,3 @@ A simple Headscale web UI for small-scale deployments.
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
headscale/README.md
View file

@ -80,6 +80,3 @@ An open source, self-hosted implementation of the Tailscale control server.
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
hydrogen-web/README.md
View file

@ -47,6 +47,3 @@ A Helm Chart to install hydrogen-web (a nextgen Matrix Webclient)
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
jellyfin/README.md
View file

@ -48,6 +48,3 @@ The Free Software Media System
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
miniserve/README.md
View file

@ -73,6 +73,3 @@ A Helm chart for Kubernetes
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
monitoring/README.md
View file

@ -32,6 +32,3 @@ Deploy helper for probes and scrapeconfig of prometheus-operator
| scrapes[1].metricsPath | string | `"/minio/v2/metrics/node"` | metric path on scrape | | scrapes[1].metricsPath | string | `"/minio/v2/metrics/node"` | metric path on scrape |
| scrapes[1].name | string | `"minio"` | name of scrape | | scrapes[1].name | string | `"minio"` | name of scrape |
| scrapes[1].scheme | string | `"http"` | schema on scrape | | scrapes[1].scheme | string | `"http"` | schema on scrape |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
ntfy/README.md
View file

@ -100,6 +100,3 @@ A Helm chart for Kubernetes
| serviceAccount.create | bool | `true` | | | serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
postgresql/README.md
View file

@ -39,6 +39,3 @@ A Helm chart for running PostgreSQL (Postgres) database
| serviceAccount.create | bool | `false` | | | serviceAccount.create | bool | `false` | |
| serviceAccount.name | string | `""` | | | serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | | | tolerations | list | `[]` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

3
publish.sh
View file

@ -2,13 +2,14 @@
HELM_REPO=${HELM_REPO:-oci://codeberg.org/wrenix/helm-charts} HELM_REPO=${HELM_REPO:-oci://codeberg.org/wrenix/helm-charts}
helm-docs -t ./README.md.gotmpl
for p in * ; do for p in * ; do
if [ ! -d $p ]; then if [ ! -d $p ]; then
continue; continue;
fi fi
echo "${p}:"; echo "${p}:";
helm-docs -t ../README.md.gotmpl
# last pkg # last pkg
lastTag=$(git tag -l "${p}-v*" | tail -1) lastTag=$(git tag -l "${p}-v*" | tail -1)