75 lines
2.9 KiB
YAML
75 lines
2.9 KiB
YAML
{{- $clientID := include "authentik-application.staticValue" (dict "root" $ "name" "clientID" "default" (randAlphaNum 32) "overwrite" .Values.blueprint.provider.oidc.clientID) }}
|
|
{{- $clientSecret := include "authentik-application.staticValue" (dict "root" $ "name" "clientSecret" "default" (randAlphaNum 32) "overwrite" .Values.blueprint.provider.oidc.clientSecret) }}
|
|
{{- $ldapToken := include "authentik-application.staticValue" (dict "root" $ "name" "ldapToken" "default" (randAlphaNum 32) "overwrite" .Values.blueprint.provider.ldap.token) }}
|
|
{{- $bindPolicyID := include "authentik-application.staticValue" (dict "root" $ "name" "bindPolicyID" "default" (uuidv4) "overwrite" .Values.blueprint.application.bindPolicyID) }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "authentik-application.fullname" . }}
|
|
labels:
|
|
{{- include "authentik-application.labels" . | nindent 4 }}
|
|
{{- with .Values.secret.labels }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
stringData:
|
|
bindPolicyID: {{ $bindPolicyID | quote }}
|
|
|
|
{{- if .Values.blueprint.provider.enabled }}
|
|
issuerURL: {{ print .Values.blueprint.authentik.domain "/application/o/" .Values.blueprint.application.slug "/" }}
|
|
|
|
{{- with .Values.blueprint.provider.oidc }}
|
|
clientID: {{ $clientID | quote }}
|
|
clientSecret: {{ $clientSecret | quote }}
|
|
|
|
redirectURL: {{ .redirectURL }}
|
|
|
|
{{- with .tokenDuration }}
|
|
tokenDuration: {{ . | quote }}
|
|
{{- end }}
|
|
|
|
{{- with .scopes }}
|
|
customScopes: {{ . | join "," | quote }}
|
|
{{- end }}
|
|
|
|
{{- with .claimUsername }}
|
|
claimUsername: {{ . | quote }}
|
|
{{- end }}
|
|
|
|
{{- with .claimGroups }}
|
|
claimGroups: {{ . | quote }}
|
|
{{- end }}
|
|
{{- end }}{{/* end with oidc */}}
|
|
|
|
{{- with .Values.blueprint.provider.ldap }}
|
|
ldapToken: {{ $ldapToken | quote }}
|
|
{{- end }}{{/* end with ldap */}}
|
|
|
|
{{- end }}{{/* end if provider */}}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "authentik-application.fullname" . }}-blueprint
|
|
labels:
|
|
{{- include "authentik-application.labels" . | nindent 4 }}
|
|
{{- with .Values.blueprint.labels }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
stringData:
|
|
blueprint.yaml: |-
|
|
version: 1
|
|
metadata:
|
|
name: {{ include "authentik-application.fullname" . }}
|
|
entries:
|
|
{{- $tplValues := (dict "root" $ "Template" .Template "bindPolicyID" $bindPolicyID "clientID" $clientID "clientSecret" $clientSecret "ldapToken" $ldapToken) }}
|
|
{{- if .Values.blueprint.provider.enabled }}
|
|
{{- tpl (.Files.Get (printf "files/provider/%s.yaml.gotmpl" .Values.blueprint.provider.type)) $tplValues | nindent 6 }}
|
|
{{- end }}
|
|
|
|
{{- tpl (.Files.Get "files/application.yaml.gotmpl") $tplValues | nindent 6 }}
|
|
{{- tpl (.Files.Get "files/groups.yaml.gotmpl") $tplValues | nindent 6 }}
|
|
{{- tpl (.Files.Get "files/users.yaml.gotmpl") $tplValues | nindent 6 }}
|
|
{{- with .Values.blueprint.extras }}
|
|
{{- toYaml . | nindent 6 }}
|
|
{{- end }}
|