root: remove old helm chart
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
6868b7722c
commit
02b06838e2
|
@ -19,16 +19,8 @@ values =
|
||||||
|
|
||||||
[bumpversion:file:website/docs/installation/docker-compose.md]
|
[bumpversion:file:website/docs/installation/docker-compose.md]
|
||||||
|
|
||||||
[bumpversion:file:website/docs/installation/kubernetes.md]
|
|
||||||
|
|
||||||
[bumpversion:file:docker-compose.yml]
|
[bumpversion:file:docker-compose.yml]
|
||||||
|
|
||||||
[bumpversion:file:helm/values.yaml]
|
|
||||||
|
|
||||||
[bumpversion:file:helm/README.md]
|
|
||||||
|
|
||||||
[bumpversion:file:helm/Chart.yaml]
|
|
||||||
|
|
||||||
[bumpversion:file:.github/workflows/release.yml]
|
[bumpversion:file:.github/workflows/release.yml]
|
||||||
|
|
||||||
[bumpversion:file:authentik/__init__.py]
|
[bumpversion:file:authentik/__init__.py]
|
||||||
|
|
|
@ -25,15 +25,6 @@ jobs:
|
||||||
docker-compose up --no-start
|
docker-compose up --no-start
|
||||||
docker-compose start postgresql redis
|
docker-compose start postgresql redis
|
||||||
docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test authentik"
|
docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test authentik"
|
||||||
- name: Install Helm
|
|
||||||
run: |
|
|
||||||
apt update && apt install -y curl
|
|
||||||
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
|
||||||
- name: Helm package
|
|
||||||
run: |
|
|
||||||
helm dependency update helm/
|
|
||||||
helm package helm/
|
|
||||||
mv authentik-*.tgz authentik-chart.tgz
|
|
||||||
- name: Extract version number
|
- name: Extract version number
|
||||||
id: get_version
|
id: get_version
|
||||||
uses: actions/github-script@0.2.0
|
uses: actions/github-script@0.2.0
|
||||||
|
@ -51,13 +42,3 @@ jobs:
|
||||||
release_name: Release ${{ steps.get_version.outputs.result }}
|
release_name: Release ${{ steps.get_version.outputs.result }}
|
||||||
draft: true
|
draft: true
|
||||||
prerelease: false
|
prerelease: false
|
||||||
- name: Upload packaged Helm Chart
|
|
||||||
id: upload-release-asset
|
|
||||||
uses: actions/upload-release-asset@v1.0.1
|
|
||||||
env:
|
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
with:
|
|
||||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
|
||||||
asset_path: ./authentik-chart.tgz
|
|
||||||
asset_name: authentik-chart.tgz
|
|
||||||
asset_content_type: application/gzip
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
|
@ -1,9 +0,0 @@
|
||||||
dependencies:
|
|
||||||
- name: postgresql
|
|
||||||
repository: https://charts.bitnami.com/bitnami
|
|
||||||
version: 9.3.2
|
|
||||||
- name: redis
|
|
||||||
repository: https://charts.bitnami.com/bitnami
|
|
||||||
version: 10.7.16
|
|
||||||
digest: sha256:fd31e2e2b9ff17a5ed906a77a4f15ffa1ab7f5aecaea1e5db77f0d199ae4f19e
|
|
||||||
generated: "2020-08-25T17:57:49.684549+02:00"
|
|
|
@ -1,17 +0,0 @@
|
||||||
apiVersion: v2
|
|
||||||
description: authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.
|
|
||||||
name: authentik
|
|
||||||
home: https://goauthentik.io
|
|
||||||
sources:
|
|
||||||
- https://github.com/goauthentik/authentik
|
|
||||||
version: "2021.4.5"
|
|
||||||
icon: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.svg
|
|
||||||
dependencies:
|
|
||||||
- name: postgresql
|
|
||||||
version: 9.4.1
|
|
||||||
repository: https://charts.bitnami.com/bitnami
|
|
||||||
condition: install.postgresql
|
|
||||||
- name: redis
|
|
||||||
version: 10.9.0
|
|
||||||
repository: https://charts.bitnami.com/bitnami
|
|
||||||
condition: install.redis
|
|
|
@ -1,47 +0,0 @@
|
||||||
# authentik Helm Chart
|
|
||||||
|
|
||||||
| Name | Default | Description |
|
|
||||||
|-----------------------------------|-------------------------|-------------|
|
|
||||||
| image.name | beryju/authentik | Image used to run the authentik server and worker |
|
|
||||||
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
|
|
||||||
| image.name_outposts | beryju/authentik-%(type)s:%(version)s | Image used for managed outposts. Placeholders: %(type)s: Outpost type; proxy, ldap, etc. %(version)s: Current version; 2021.4.1 |
|
|
||||||
| image.tag | 2021.4.5 | Image tag |
|
|
||||||
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
|
|
||||||
| serverReplicas | 1 | Replicas for the Server deployment |
|
|
||||||
| workerReplicas | 1 | Replicas for the Worker deployment |
|
|
||||||
| kubernetesIntegration | true | Enable/disable the Kubernetes integration for authentik. This will create a service account for authentik to create and update outposts in authentik |
|
|
||||||
| config.secretKey | | Secret key used to sign session cookies, generate with `pwgen 50 1` or `openssl rand -base64 36` for example. |
|
|
||||||
| config.errorReporting.enabled | false | Enable/disable error reporting |
|
|
||||||
| config.errorReporting.environment | customer | Environment sent with the error reporting |
|
|
||||||
| config.errorReporting.sendPii | false | Whether to send Personally-identifiable data with the error reporting |
|
|
||||||
| config.logLevel | warning | Log level of authentik |
|
|
||||||
| config.email.host | localhost | SMTP Host Emails are sent to |
|
|
||||||
| config.email.port | 25 | SMTP Port Emails are sent to |
|
|
||||||
| config.email.username | | SMTP Username |
|
|
||||||
| config.email.password | | SMTP Password |
|
|
||||||
| config.email.use_tls | false | Enable StartTLS |
|
|
||||||
| config.email.use_ssl | false | Enable SSL |
|
|
||||||
| config.email.timeout | 10 | SMTP Timeout |
|
|
||||||
| config.email.from | authentik@localhost | Email address authentik will send from, should have a correct @domain |
|
|
||||||
| pvc.mode | ReadWriteMany | Mode that the PVCs are created in (uploads and GeoIP, if enabled) |
|
|
||||||
| pvc.uploadsSize | 5Gi | Size for the uploads PVC |
|
|
||||||
| pvc.uploadsStorageClass | null | Storage class for the uploads PVC (default: use default storage class) |
|
|
||||||
| pvc.geoIpSize | 1Gi | Size for the GeoIP PVC |
|
|
||||||
| pvc.geoIpStorageClass | null | Storage class for the GeoIP PVC (default: use default storage class) |
|
|
||||||
| geoip.enabled | false | Optionally enable GeoIP |
|
|
||||||
| geoip.accountId | | GeoIP MaxMind Account ID |
|
|
||||||
| geoip.licenseKey | | GeoIP MaxMind License key |
|
|
||||||
| geoip.image | maxmindinc/geoipupdate:latest | GeoIP Updater image |
|
|
||||||
| backup.accessKey | | Optionally enable S3 Backup, Access Key |
|
|
||||||
| backup.secretKey | | Optionally enable S3 Backup, Secret Key |
|
|
||||||
| backup.bucket | | Optionally enable S3 Backup, Bucket |
|
|
||||||
| backup.region | | Optionally enable S3 Backup, Region |
|
|
||||||
| backup.host | | Optionally enable S3 Backup, to custom Endpoint like minio |
|
|
||||||
| ingress.annotations | {} | Annotations for the ingress object |
|
|
||||||
| ingress.hosts | [authentik.k8s.local] | Hosts which the ingress will match |
|
|
||||||
| ingress.tls | [] | TLS Configuration, same as Ingress objects |
|
|
||||||
| install.postgresql | true | Enables/disables the packaged PostgreSQL Chart
|
|
||||||
| install.redis | true | Enables/disables the packaged Redis Chart
|
|
||||||
| postgresql.postgresqlPassword | | Password used for PostgreSQL, generated automatically.
|
|
||||||
|
|
||||||
For more info, see https://goauthentik.io/ and https://goauthentik.io/docs/installation/kubernetes/
|
|
|
@ -1,11 +0,0 @@
|
||||||
Access authentik using the following URL:
|
|
||||||
{{- if .Release.IsUpgrade -}}
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else -}}
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}/if/flow/initial-setup/
|
|
||||||
{{- end }}
|
|
||||||
To configure your authentik instance, and set a password for the akadmin user.
|
|
||||||
{{- end }}
|
|
|
@ -1,28 +0,0 @@
|
||||||
{{/* vim: set filetype=mustache: */}}
|
|
||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "authentik.name" -}}
|
|
||||||
{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create a default fully qualified app name.
|
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
||||||
If release name contains chart name it will be used as a full name.
|
|
||||||
*/}}
|
|
||||||
{{- define "authentik.fullname" -}}
|
|
||||||
{{- $name := default .Chart.Name -}}
|
|
||||||
{{- if contains $name .Release.Name -}}
|
|
||||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "authentik.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
|
@ -1,27 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-config
|
|
||||||
data:
|
|
||||||
POSTGRESQL__HOST: "{{ .Release.Name }}-postgresql"
|
|
||||||
POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"
|
|
||||||
POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}"
|
|
||||||
{{- if .Values.backup }}
|
|
||||||
POSTGRESQL__S3_BACKUP__ACCESS_KEY: "{{ .Values.backup.accessKey }}"
|
|
||||||
POSTGRESQL__S3_BACKUP__BUCKET: "{{ .Values.backup.bucket }}"
|
|
||||||
POSTGRESQL__S3_BACKUP__REGION: "{{ .Values.backup.region }}"
|
|
||||||
POSTGRESQL__S3_BACKUP__HOST: "{{ .Values.backup.host }}"
|
|
||||||
{{- end}}
|
|
||||||
REDIS__HOST: "{{ .Release.Name }}-redis-master"
|
|
||||||
ERROR_REPORTING__ENABLED: "{{ .Values.config.errorReporting.enabled }}"
|
|
||||||
ERROR_REPORTING__ENVIRONMENT: "{{ .Values.config.errorReporting.environment }}"
|
|
||||||
ERROR_REPORTING__SEND_PII: "{{ .Values.config.errorReporting.sendPii }}"
|
|
||||||
LOG_LEVEL: "{{ .Values.config.logLevel }}"
|
|
||||||
OUTPOSTS__DOCKER_IMAGE_BASE: "{{ .Values.image.name_outposts }}"
|
|
||||||
EMAIL__HOST: "{{ .Values.config.email.host }}"
|
|
||||||
EMAIL__PORT: "{{ .Values.config.email.port }}"
|
|
||||||
EMAIL__USERNAME: "{{ .Values.config.email.username }}"
|
|
||||||
EMAIL__USE_TLS: "{{ .Values.config.email.use_tls }}"
|
|
||||||
EMAIL__USE_SSL: "{{ .Values.config.email.use_ssl }}"
|
|
||||||
EMAIL__TIMEOUT: "{{ .Values.config.email.timeout }}"
|
|
||||||
EMAIL__FROM: "{{ .Values.config.email.from }}"
|
|
|
@ -1,11 +0,0 @@
|
||||||
{{- if .Values.geoip.enabled -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-geoip-config
|
|
||||||
data:
|
|
||||||
GEOIPUPDATE_ACCOUNT_ID: "{{ .Values.geoip.accountId }}"
|
|
||||||
GEOIPUPDATE_LICENSE_KEY: "{{ .Values.geoip.licenseKey }}"
|
|
||||||
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
|
|
||||||
GEOIPUPDATE_FREQUENCY: "8"
|
|
||||||
{{- end }}
|
|
|
@ -1,39 +0,0 @@
|
||||||
{{- if .Values.geoip.enabled -}}
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-geoip
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
k8s.goauthentik.io/component: geoip
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: geoip
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: geoip
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: geoip
|
|
||||||
image: "{{ .Values.geoip.image }}"
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: {{ include "authentik.fullname" . }}-geoip-config
|
|
||||||
volumeMounts:
|
|
||||||
- name: geoip
|
|
||||||
mountPath: /usr/share/GeoIP
|
|
||||||
volumes:
|
|
||||||
- name: geoip
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ include "authentik.fullname" . }}-geoip
|
|
||||||
{{- end }}
|
|
|
@ -1,18 +0,0 @@
|
||||||
{{- if .Values.geoip.enabled -}}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-geoip
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- {{ .Values.pvc.mode }}
|
|
||||||
storageClassName: {{ .Values.pvc.geoIpStorageClass }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.pvc.geoIpSize }}
|
|
||||||
{{- end }}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{{- $fullName := include "authentik.fullname" . -}}
|
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: {{ $fullName }}
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- with .Values.ingress.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{ toYaml . | indent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.ingress.tls }}
|
|
||||||
tls:
|
|
||||||
{{- range .Values.ingress.tls }}
|
|
||||||
- hosts:
|
|
||||||
{{- range .hosts }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
secretName: {{ .secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
rules:
|
|
||||||
{{- range .Values.ingress.hosts }}
|
|
||||||
- host: {{ . | quote }}
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
serviceName: {{ $fullName }}-web
|
|
||||||
servicePort: http
|
|
||||||
{{- end }}
|
|
|
@ -1,121 +0,0 @@
|
||||||
{{- if .Values.monitoring.enabled -}}
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: PrometheusRule
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-static-rules
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
spec:
|
|
||||||
groups:
|
|
||||||
- name: Aggregate request counters
|
|
||||||
rules:
|
|
||||||
- record: job:django_http_requests_before_middlewares_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_before_middlewares_total[30s])) by (job)
|
|
||||||
- record: job:django_http_requests_unknown_latency_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_unknown_latency_total[30s])) by (job)
|
|
||||||
- record: job:django_http_ajax_requests_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_ajax_requests_total[30s])) by (job)
|
|
||||||
- record: job:django_http_responses_before_middlewares_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_before_middlewares_total[30s])) by (job)
|
|
||||||
- record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) by (job)
|
|
||||||
- record: job:django_http_requests_body_total_bytes:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_body_total_bytes[30s])) by (job)
|
|
||||||
- record: job:django_http_responses_streaming_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_streaming_total[30s])) by (job)
|
|
||||||
- record: job:django_http_responses_body_total_bytes:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_body_total_bytes[30s])) by (job)
|
|
||||||
- record: job:django_http_requests_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_total_by_method[30s])) by (job)
|
|
||||||
- record: job:django_http_requests_total_by_method:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_total_by_method[30s])) by (job,method)
|
|
||||||
- record: job:django_http_requests_total_by_transport:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_total_by_transport[30s])) by (job,transport)
|
|
||||||
- record: job:django_http_requests_total_by_view:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view)
|
|
||||||
- record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view,transport,method)
|
|
||||||
- record: job:django_http_responses_total_by_templatename:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_total_by_templatename[30s])) by (job,templatename)
|
|
||||||
- record: job:django_http_responses_total_by_status:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_total_by_status[30s])) by (job,status)
|
|
||||||
- record: job:django_http_responses_total_by_status_name_method:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_total_by_status_name_method[30s])) by (job,status,name,method)
|
|
||||||
- record: job:django_http_responses_total_by_charset:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_responses_total_by_charset[30s])) by (job,charset)
|
|
||||||
- record: job:django_http_exceptions_total_by_type:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_exceptions_total_by_type[30s])) by (job,type)
|
|
||||||
- record: job:django_http_exceptions_total_by_view:sum_rate30s
|
|
||||||
expr: sum(rate(django_http_exceptions_total_by_view[30s])) by (job,view)
|
|
||||||
- name: Aggregate latency histograms
|
|
||||||
rules:
|
|
||||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "50"
|
|
||||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "95"
|
|
||||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "99"
|
|
||||||
- record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "99.9"
|
|
||||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "50"
|
|
||||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "95"
|
|
||||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "99"
|
|
||||||
- record: job:django_http_requests_latency_seconds:quantile_rate30s
|
|
||||||
expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
|
|
||||||
labels:
|
|
||||||
quantile: "99.9"
|
|
||||||
- name: Aggregate model operations
|
|
||||||
rules:
|
|
||||||
- record: job:django_model_inserts_total:sum_rate1m
|
|
||||||
expr: sum(rate(django_model_inserts_total[1m])) by (job, model)
|
|
||||||
- record: job:django_model_updates_total:sum_rate1m
|
|
||||||
expr: sum(rate(django_model_updates_total[1m])) by (job, model)
|
|
||||||
- record: job:django_model_deletes_total:sum_rate1m
|
|
||||||
expr: sum(rate(django_model_deletes_total[1m])) by (job, model)
|
|
||||||
- name: Aggregate database operations
|
|
||||||
rules:
|
|
||||||
- record: job:django_db_new_connections_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_db_new_connections_total[30s])) by (alias, vendor)
|
|
||||||
- record: job:django_db_new_connection_errors_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_db_new_connection_errors_total[30s])) by (alias, vendor)
|
|
||||||
- record: job:django_db_execute_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_db_execute_total[30s])) by (alias, vendor)
|
|
||||||
- record: job:django_db_execute_many_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_db_execute_many_total[30s])) by (alias, vendor)
|
|
||||||
- record: job:django_db_errors_total:sum_rate30s
|
|
||||||
expr: sum(rate(django_db_errors_total[30s])) by (alias, vendor, type)
|
|
||||||
- name: Aggregate migrations
|
|
||||||
rules:
|
|
||||||
- record: job:django_migrations_applied_total:max
|
|
||||||
expr: max(django_migrations_applied_total) by (job, connection)
|
|
||||||
- record: job:django_migrations_unapplied_total:max
|
|
||||||
expr: max(django_migrations_unapplied_total) by (job, connection)
|
|
||||||
- name: Alerts
|
|
||||||
rules:
|
|
||||||
- alert: UnappliedMigrations
|
|
||||||
expr: job:django_migrations_unapplied_total:max > 0
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: testing
|
|
||||||
{{- end }}
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-uploads
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- {{ .Values.pvc.mode }}
|
|
||||||
storageClassName: {{ .Values.pvc.uploadsStorageClass }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.pvc.uploadsSize }}
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
type: Opaque
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-secret-key
|
|
||||||
data:
|
|
||||||
monitoring_username: bW9uaXRvcg== # monitor in base64
|
|
||||||
{{- if .Values.config.secretKey }}
|
|
||||||
SECRET_KEY: {{ .Values.config.secretKey | b64enc | quote }}
|
|
||||||
{{- else }}
|
|
||||||
SECRET_KEY: {{ randAlphaNum 50 | b64enc | quote}}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.backup }}
|
|
||||||
POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey | b64enc }}"
|
|
||||||
{{- end}}
|
|
||||||
EMAIL__PASSWORD: "{{ .Values.config.email.password | b64enc }}"
|
|
|
@ -1,64 +0,0 @@
|
||||||
{{- if .Values.kubernetesIntegration }}
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-sa-role
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
- services
|
|
||||||
verbs:
|
|
||||||
- "get"
|
|
||||||
- "create"
|
|
||||||
- "delete"
|
|
||||||
- "read"
|
|
||||||
- "patch"
|
|
||||||
- apiGroups:
|
|
||||||
- "extensions"
|
|
||||||
- "apps"
|
|
||||||
resources:
|
|
||||||
- "deployments"
|
|
||||||
verbs:
|
|
||||||
- "get"
|
|
||||||
- "create"
|
|
||||||
- "delete"
|
|
||||||
- "read"
|
|
||||||
- "patch"
|
|
||||||
- apiGroups:
|
|
||||||
- "extensions"
|
|
||||||
- "networking.k8s.io"
|
|
||||||
resources:
|
|
||||||
- "ingresses"
|
|
||||||
verbs:
|
|
||||||
- "get"
|
|
||||||
- "create"
|
|
||||||
- "delete"
|
|
||||||
- "read"
|
|
||||||
- "patch"
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- namespaces
|
|
||||||
verbs:
|
|
||||||
- list
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-sa
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-sa-role-binding
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: {{ include "authentik.fullname" . }}-sa-role
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: {{ include "authentik.fullname" . }}-sa
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
{{- end }}
|
|
|
@ -1,114 +0,0 @@
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-web
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
k8s.goauthentik.io/component: web
|
|
||||||
spec:
|
|
||||||
replicas: {{ .Values.serverReplicas }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: web
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: web
|
|
||||||
spec:
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- weight: 1
|
|
||||||
podAffinityTerm:
|
|
||||||
labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/name
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- {{ include "authentik.name" . }}
|
|
||||||
- key: app.kubernetes.io/instance
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- {{ .Release.Name }}
|
|
||||||
- key: k8s.goauthentik.io/component
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- web
|
|
||||||
topologyKey: "kubernetes.io/hostname"
|
|
||||||
containers:
|
|
||||||
- name: {{ .Chart.Name }}
|
|
||||||
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
|
|
||||||
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
|
|
||||||
args: [server]
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: {{ include "authentik.fullname" . }}-config
|
|
||||||
prefix: AUTHENTIK_
|
|
||||||
- secretRef:
|
|
||||||
name: {{ include "authentik.fullname" . }}-secret-key
|
|
||||||
prefix: AUTHENTIK_
|
|
||||||
env:
|
|
||||||
- name: AUTHENTIK_REDIS__PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: "{{ .Release.Name }}-redis"
|
|
||||||
key: "redis-password"
|
|
||||||
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: "{{ .Release.Name }}-postgresql"
|
|
||||||
key: "postgresql-password"
|
|
||||||
{{ if .Values.geoip.enabled -}}
|
|
||||||
- name: AUTHENTIK_AUTHENTIK__GEOIP
|
|
||||||
value: /geoip/GeoLite2-City.mmdb
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: authentik-uploads
|
|
||||||
mountPath: /media
|
|
||||||
{{ if .Values.geoip.enabled -}}
|
|
||||||
- name: geoip
|
|
||||||
mountPath: /geoip
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
containerPort: 9000
|
|
||||||
protocol: TCP
|
|
||||||
- name: https
|
|
||||||
containerPort: 9443
|
|
||||||
protocol: TCP
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /-/health/live/
|
|
||||||
port: http
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
periodSeconds: 30
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /-/health/ready/
|
|
||||||
port: http
|
|
||||||
initialDelaySeconds: 15
|
|
||||||
periodSeconds: 30
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 300M
|
|
||||||
limits:
|
|
||||||
cpu: 300m
|
|
||||||
memory: 600M
|
|
||||||
volumes:
|
|
||||||
- name: authentik-uploads
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ include "authentik.fullname" . }}-uploads
|
|
||||||
{{ if .Values.geoip.enabled -}}
|
|
||||||
- name: geoip
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ include "authentik.fullname" . }}-geoip
|
|
||||||
{{- end }}
|
|
|
@ -1,21 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-web
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
k8s.goauthentik.io/component: web
|
|
||||||
spec:
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- port: 9000
|
|
||||||
targetPort: http
|
|
||||||
protocol: TCP
|
|
||||||
name: http
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: web
|
|
|
@ -1,26 +0,0 @@
|
||||||
{{- if .Values.monitoring.enabled -}}
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
name: {{ include "authentik.fullname" . }}-web-monitoring
|
|
||||||
spec:
|
|
||||||
endpoints:
|
|
||||||
- basicAuth:
|
|
||||||
password:
|
|
||||||
name: {{ include "authentik.fullname" . }}-secret-key
|
|
||||||
key: SECRET_KEY
|
|
||||||
username:
|
|
||||||
name: {{ include "authentik.fullname" . }}-secret-key
|
|
||||||
key: monitoring_username
|
|
||||||
port: http
|
|
||||||
path: /metrics/
|
|
||||||
interval: 10s
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
k8s.goauthentik.io/component: web
|
|
||||||
{{- end }}
|
|
|
@ -1,94 +0,0 @@
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "authentik.fullname" . }}-worker
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
helm.sh/chart: {{ include "authentik.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
k8s.goauthentik.io/component: worker
|
|
||||||
spec:
|
|
||||||
replicas: {{ .Values.workerReplicas }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: worker
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "authentik.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
k8s.goauthentik.io/component: worker
|
|
||||||
spec:
|
|
||||||
{{- if .Values.kubernetesIntegration }}
|
|
||||||
serviceAccountName: {{ include "authentik.fullname" . }}-sa
|
|
||||||
{{- else }}
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
{{- end }}
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- weight: 1
|
|
||||||
podAffinityTerm:
|
|
||||||
labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/name
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- {{ include "authentik.name" . }}
|
|
||||||
- key: app.kubernetes.io/instance
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- {{ .Release.Name }}
|
|
||||||
- key: k8s.goauthentik.io/component
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- worker
|
|
||||||
topologyKey: "kubernetes.io/hostname"
|
|
||||||
containers:
|
|
||||||
- name: {{ .Chart.Name }}
|
|
||||||
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
|
|
||||||
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
|
|
||||||
args: [worker]
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: "{{ include "authentik.fullname" . }}-config"
|
|
||||||
prefix: "AUTHENTIK_"
|
|
||||||
- secretRef:
|
|
||||||
name: {{ include "authentik.fullname" . }}-secret-key
|
|
||||||
prefix: AUTHENTIK_
|
|
||||||
env:
|
|
||||||
- name: AUTHENTIK_REDIS__PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: "{{ .Release.Name }}-redis"
|
|
||||||
key: "redis-password"
|
|
||||||
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: "{{ .Release.Name }}-postgresql"
|
|
||||||
key: "postgresql-password"
|
|
||||||
{{ if .Values.geoip.enabled -}}
|
|
||||||
- name: AUTHENTIK_AUTHENTIK__GEOIP
|
|
||||||
value: /geoip/GeoLite2-City.mmdb
|
|
||||||
{{- end }}
|
|
||||||
{{ if .Values.geoip.enabled -}}
|
|
||||||
volumeMounts:
|
|
||||||
- name: geoip
|
|
||||||
mountPath: /geoip
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 150m
|
|
||||||
memory: 400M
|
|
||||||
limits:
|
|
||||||
cpu: 300m
|
|
||||||
memory: 600M
|
|
||||||
{{ if .Values.geoip.enabled -}}
|
|
||||||
volumes:
|
|
||||||
- name: geoip
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ include "authentik.fullname" . }}-geoip
|
|
||||||
{{- end -}}
|
|
100
helm/values.yaml
100
helm/values.yaml
|
@ -1,100 +0,0 @@
|
||||||
###################################
|
|
||||||
# Values directly affecting authentik
|
|
||||||
###################################
|
|
||||||
image:
|
|
||||||
name: beryju/authentik
|
|
||||||
name_static: beryju/authentik-static
|
|
||||||
# Image used for managed outposts. Placeholders:
|
|
||||||
# %(type)s: Outpost type; proxy, ldap, etc
|
|
||||||
# %(version)s: Current version; 2021.4.1
|
|
||||||
name_outposts: "beryju/authentik-%(type)s:%(version)s"
|
|
||||||
tag: 2021.4.5
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
serverReplicas: 1
|
|
||||||
workerReplicas: 1
|
|
||||||
|
|
||||||
# Enable the Kubernetes integration which lets authentik deploy outposts into kubernetes
|
|
||||||
kubernetesIntegration: true
|
|
||||||
|
|
||||||
monitoring:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
pvc:
|
|
||||||
mode: ReadWriteMany
|
|
||||||
uploadsSize: 5Gi
|
|
||||||
uploadsStorageClass: null
|
|
||||||
geoIpSize: 1Gi
|
|
||||||
geoIpStorageClass: null
|
|
||||||
|
|
||||||
config:
|
|
||||||
# Optionally specify fixed secret_key, otherwise generated automatically
|
|
||||||
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
|
||||||
# Enable error reporting
|
|
||||||
errorReporting:
|
|
||||||
enabled: false
|
|
||||||
environment: customer
|
|
||||||
sendPii: false
|
|
||||||
# Log level used by web and worker
|
|
||||||
# Can be either debug, info, warning, error
|
|
||||||
logLevel: warning
|
|
||||||
# Global Email settings
|
|
||||||
email:
|
|
||||||
# SMTP Host Emails are sent to
|
|
||||||
host: localhost
|
|
||||||
port: 25
|
|
||||||
# Optionally authenticate
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
# Use StartTLS
|
|
||||||
useTls: false
|
|
||||||
# Use SSL
|
|
||||||
useSsl: false
|
|
||||||
timeout: 10
|
|
||||||
# Email address authentik will send from, should have a correct @domain
|
|
||||||
from: authentik@localhost
|
|
||||||
|
|
||||||
# Enable MaxMind GeoIP
|
|
||||||
geoip:
|
|
||||||
enabled: false
|
|
||||||
accountId: ""
|
|
||||||
licenseKey: ""
|
|
||||||
image: maxmindinc/geoipupdate:latest
|
|
||||||
|
|
||||||
# Enable Database Backups to S3
|
|
||||||
# backup:
|
|
||||||
# accessKey: access-key
|
|
||||||
# secretKey: secret-key
|
|
||||||
# bucket: s3-bucket
|
|
||||||
# region: eu-central-1
|
|
||||||
# host: s3-host
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
annotations: {}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
|
||||||
- authentik.k8s.local
|
|
||||||
tls: []
|
|
||||||
# - secretName: chart-example-tls
|
|
||||||
# hosts:
|
|
||||||
# - authentik.k8s.local
|
|
||||||
|
|
||||||
###################################
|
|
||||||
# Values controlling dependencies
|
|
||||||
###################################
|
|
||||||
|
|
||||||
install:
|
|
||||||
postgresql: true
|
|
||||||
redis: true
|
|
||||||
|
|
||||||
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
|
|
||||||
postgresql:
|
|
||||||
postgresqlDatabase: authentik
|
|
||||||
|
|
||||||
redis:
|
|
||||||
cluster:
|
|
||||||
enabled: false
|
|
||||||
master:
|
|
||||||
# https://stackoverflow.com/a/59189742
|
|
||||||
disableCommands: []
|
|
|
@ -15,13 +15,14 @@ redis:
|
||||||
password: "<another password you generated>"
|
password: "<another password you generated>"
|
||||||
config:
|
config:
|
||||||
secretKey: "<another password you generated>"
|
secretKey: "<another password you generated>"
|
||||||
# Optionally configure more things, as seen in the full values.yaml file below.
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
See all configurable values on [artifacthub](https://artifacthub.io/packages/helm/goauthentik/authentik).
|
||||||
|
|
||||||
Afterwards, run these commands to install authentik:
|
Afterwards, run these commands to install authentik:
|
||||||
|
|
||||||
```
|
```
|
||||||
helm repo add authentik https://docker.beryju.org/chartrepo/authentik
|
helm repo add authentik https://helm.goauthentik.io
|
||||||
helm repo update
|
helm repo update
|
||||||
helm install authentik/authentik -f values.yaml
|
helm install authentik/authentik -f values.yaml
|
||||||
```
|
```
|
||||||
|
@ -29,95 +30,3 @@ helm install authentik/authentik -f values.yaml
|
||||||
This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/`, to set a password for the akadmin user.
|
This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/`, to set a password for the akadmin user.
|
||||||
|
|
||||||
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](flow/stages/email/index.md) to send verification/recovery emails.
|
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](flow/stages/email/index.md) to send verification/recovery emails.
|
||||||
|
|
||||||
```yaml
|
|
||||||
###################################
|
|
||||||
# Values directly affecting authentik
|
|
||||||
###################################
|
|
||||||
image:
|
|
||||||
name: beryju/authentik
|
|
||||||
name_static: beryju/authentik-static
|
|
||||||
# Image used for managed outposts. Placeholders:
|
|
||||||
# %(type)s: Outpost type; proxy, ldap, etc
|
|
||||||
# %(version)s: Current version; 2021.4.1
|
|
||||||
name_outposts: "beryju/authentik-%(type)s:%(version)s"
|
|
||||||
tag: 2021.4.5
|
|
||||||
|
|
||||||
serverReplicas: 1
|
|
||||||
workerReplicas: 1
|
|
||||||
|
|
||||||
# Enable the Kubernetes integration which lets authentik deploy outposts into kubernetes
|
|
||||||
kubernetesIntegration: true
|
|
||||||
|
|
||||||
monitoring: # Optionally deploy Prometheus Rules and ServiceMonitors
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
pvc:
|
|
||||||
mode: ReadWriteMany
|
|
||||||
uploadsSize: 5Gi
|
|
||||||
uploadsStorageClass: null # null uses the default storage class
|
|
||||||
geoIpSize: 1Gi
|
|
||||||
geoIpStorageClass: null
|
|
||||||
|
|
||||||
config:
|
|
||||||
# Optionally specify fixed secret_key, otherwise generated automatically
|
|
||||||
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
|
||||||
# Enable error reporting
|
|
||||||
errorReporting:
|
|
||||||
enabled: false
|
|
||||||
environment: customer
|
|
||||||
sendPii: false
|
|
||||||
# Log level used by web and worker
|
|
||||||
# Can be either debug, info, warning, error
|
|
||||||
logLevel: warning
|
|
||||||
# Global Email settings
|
|
||||||
email:
|
|
||||||
# SMTP Host Emails are sent to
|
|
||||||
host: localhost
|
|
||||||
port: 25
|
|
||||||
# Optionally authenticate
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
# Use StartTLS
|
|
||||||
useTls: false
|
|
||||||
# Use SSL
|
|
||||||
useSsl: false
|
|
||||||
timeout: 10
|
|
||||||
# Email address authentik will send from, should have a correct @domain
|
|
||||||
from: authentik@localhost
|
|
||||||
|
|
||||||
# Enable MaxMind GeoIP
|
|
||||||
# geoip:
|
|
||||||
# enabled: false
|
|
||||||
# accountId: ""
|
|
||||||
# licenseKey: ""
|
|
||||||
# image: maxmindinc/geoipupdate:latest
|
|
||||||
|
|
||||||
# Enable Database Backups to S3
|
|
||||||
# backup:
|
|
||||||
# accessKey: access-key
|
|
||||||
# secretKey: secret-key
|
|
||||||
# bucket: s3-bucket
|
|
||||||
# region: eu-central-1
|
|
||||||
# host: s3-host
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
annotations:
|
|
||||||
{}
|
|
||||||
# kubernetes.io/ingress.class: nginx
|
|
||||||
# kubernetes.io/tls-acme: "true"
|
|
||||||
hosts:
|
|
||||||
- authentik.k8s.local
|
|
||||||
tls: []
|
|
||||||
# - secretName: chart-example-tls
|
|
||||||
# hosts:
|
|
||||||
# - authentik.k8s.local
|
|
||||||
|
|
||||||
###################################
|
|
||||||
# Values controlling dependencies
|
|
||||||
###################################
|
|
||||||
|
|
||||||
install:
|
|
||||||
postgresql: true
|
|
||||||
redis: true
|
|
||||||
```
|
|
||||||
|
|
|
@ -14,10 +14,10 @@ module.exports = {
|
||||||
items: [
|
items: [
|
||||||
"installation/index",
|
"installation/index",
|
||||||
"installation/docker-compose",
|
"installation/docker-compose",
|
||||||
"installation/configuration",
|
|
||||||
"installation/reverse-proxy",
|
|
||||||
"installation/kubernetes",
|
"installation/kubernetes",
|
||||||
"installation/beta",
|
"installation/beta",
|
||||||
|
"installation/configuration",
|
||||||
|
"installation/reverse-proxy",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Reference in New Issue