wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity
helm-charts/authentik-application/README.adoc

274 lines
5.3 KiB
Text
Raw Blame History

= authentik-application
image::https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square[Version: 0.4.1]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
## Pre-Requirement
Usage of https://github.com/goauthentik/helm/pull/146
## or manual:
Install authentik with this `values.yaml`:
```yaml
serviceAccount:
create: true
additionalContainers:
- name: sidecar-blueprints
image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
env:
- name: "FOLDER"
value: "/blueprints/sidecar"
- name: "LABEL"
value: "goauthentik_blueprint"
- name: "LABEL_VALUE"
value: "1"
# - name: "NAMESPACE"
# value: "ALL"
- name: "RESOURCE"
value: "both"
- name: "UNIQUE_FILENAMES"
value: "true"
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
volumes:
- name: sidecar-blueprints
emptyDir: {}
```
And create an Role and bind them on to the ServiceAccount to read secrets:
```yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: authentik-blueprint-sidecar
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: authentik-blueprint-sidecar
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: authentik-blueprint-sidecar
subjects:
- kind: ServiceAccount
name: authentik
```
== Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's https://helm.sh/docs[documentation] to get started.
Once Helm has been set up correctly, fetch the charts as follows:
[source,bash]
----
helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application
----
You can install a chart release using the following command:
[source,bash]
----
helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml
----
To uninstall a chart release use `helm`'s delete command:
[source,bash]
----
helm uninstall authentik-application-release
----
== Values
.Values
|===
| Key | Type | Default | Description
| blueprint.application.bindPolicyID
| string
| `nil`
| uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled)
| blueprint.application.description
| string
| `""`
| description of application
| blueprint.application.group
| string
| `""`
| put this application in authentik in group
| blueprint.application.icon
| string
| `""`
| icon of application (url)
| blueprint.application.launchURL
| string
| `""`
|
| blueprint.application.name
| string
| `""`
| application name in menu
| blueprint.application.openInNewTab
| bool
| `false`
| open application in new tab
| blueprint.application.policyEngineMode
| string
| `"any"`
|
| blueprint.application.publisher
| string
| `""`
| publisher of application
| blueprint.application.slug
| string
| `"app-name"`
| application slug
| blueprint.authentik.domain
| string
| `"https://auth.wrenix.eu"`
| domain to authentik, used in generated url (like issuer)
| blueprint.groups
| string
| `nil`
| authentik groups created / give access to this application disable any groups by set groups: [] (to a slice) example: - slug: "app: grafana-admin" parent: "app: infra" bindID: uuid
| blueprint.labels
| object
| `{"goauthentik_blueprint":"1"}`
| label of generated secret with blueprint
| blueprint.provider.authorizationFlow
| string
| `"default-provider-authorization-implicit-consent"`
|
| blueprint.provider.enabled
| bool
| `true`
| creat an provider for authentification (otherwise just a like in menu is created)
| blueprint.provider.name
| string
| `""`
|
| blueprint.provider.oidc.clientID
| string
| `nil`
| client id - generated if secret enabled
| blueprint.provider.oidc.clientSecret
| string
| `nil`
| client secret - generated if secret enabled
| blueprint.provider.oidc.clientType
| string
| `"confidential"`
|
| blueprint.provider.oidc.redirectURL
| string
| `""`
|
| blueprint.provider.oidc.scopes
| string
| `nil`
| Scope
| blueprint.provider.oidc.signingKey
| string
| `""`
| Need for non-curve / RSA
| blueprint.provider.proxy.cookieDomain
| string
| `""`
|
| blueprint.provider.proxy.externalHost
| string
| `nil`
|
| blueprint.provider.proxy.ingress.backend
| string
| `"authentik"`
| service backend to authentik
| blueprint.provider.proxy.ingress.domain
| string
| `nil`
| domain of application (where outpost should be deployed)
| blueprint.provider.proxy.ingress.enabled
| bool
| `false`
| deploy ingress on application domain for e.g. logout (WIP)
| blueprint.provider.proxy.skipPathRegex
| string
| `""`
|
| blueprint.provider.saml
| string
| `nil`
|
| blueprint.provider.type
| string
| `"oidc"`
| type of application connection, current support: oidc, saml and proxy
| secret.labels
| object
| `{}`
| label of secret to store generated secret
| secret.name
| string
| `""`
| name of secret to store generated secret (like clientI)
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
Reference in a new issue View git blame Copy permalink