trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

helm: add initial geoip

This commit is contained in:
Jens Langhammer 2021-03-11 17:32:16 +01:00
parent 13fceacfe4
commit 2dfaef4220
8 changed files with 107 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
helm/README.md
View File

@ -4,7 +4,7 @@
|-----------------------------------|-------------------------|-------------| |-----------------------------------|-------------------------|-------------|
| image.name | beryju/authentik | Image used to run the authentik server and worker | | image.name | beryju/authentik | Image used to run the authentik server and worker |
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) | | image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
| image.tag | 2021.3.3 | Image tag | | image.tag | 2021.3.3 | Image tag |
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments | | image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
| serverReplicas | 1 | Replicas for the Server deployment | | serverReplicas | 1 | Replicas for the Server deployment |
| workerReplicas | 1 | Replicas for the Worker deployment | | workerReplicas | 1 | Replicas for the Worker deployment |
@ -22,6 +22,10 @@
| config.email.use_ssl | false | Enable SSL | | config.email.use_ssl | false | Enable SSL |
| config.email.timeout | 10 | SMTP Timeout | | config.email.timeout | 10 | SMTP Timeout |
| config.email.from | authentik@localhost | Email address authentik will send from, should have a correct @domain | | config.email.from | authentik@localhost | Email address authentik will send from, should have a correct @domain |
| geoip.enabled | false | Optionally enable GeoIP |
| geoip.accountId | | GeoIP MaxMind Account ID |
| geoip.licenseKey | | GeoIP MaxMind License key |
| geoip.image | maxmindinc/geoipupdate:latest | GeoIP Updater image |
| backup.accessKey | | Optionally enable S3 Backup, Access Key | | backup.accessKey | | Optionally enable S3 Backup, Access Key |
| backup.secretKey | | Optionally enable S3 Backup, Secret Key | | backup.secretKey | | Optionally enable S3 Backup, Secret Key |
| backup.bucket | | Optionally enable S3 Backup, Bucket | | backup.bucket | | Optionally enable S3 Backup, Bucket |

11
helm/templates/geoip-configmap.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if .Values.geoip.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "authentik.fullname" . }}-geoip-config
data:
GEOIPUPDATE_ACCOUNT_ID: "{{ .Values.geoip.accountId }}"
GEOIPUPDATE_LICENSE_KEY: "{{ .Values.geoip.licenseKey }}"
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
GEOIPUPDATE_FREQUENCY: "8"
{{- end }}

39
helm/templates/geoip-deployment.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if .Values.geoip.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "authentik.fullname" . }}-geoip
labels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
k8s.goauthentik.io/component: geoip
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.goauthentik.io/component: geoip
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.goauthentik.io/component: geoip
spec:
containers:
- name: geoip
image: "{{ .Values.geoip.image }}"
envFrom:
- configMapRef:
name: {{ include "authentik.fullname" . }}-geoip-config
volumeMounts:
- name: geoip
mountPath: /usr/share/GeoIP
volumes:
- name: geoip
persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-geoip
{{- end }}

17
helm/templates/geoip-pvc.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.geoip.enabled -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "authentik.fullname" . }}-geoip
labels:
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: Gi
{{- end }}

13
helm/templates/web-deployment.yaml
View File

@ -88,9 +88,17 @@ spec:
secretKeyRef: secretKeyRef:
name: "{{ .Release.Name }}-postgresql" name: "{{ .Release.Name }}-postgresql"
key: "postgresql-password" key: "postgresql-password"
{{ if .Values.geoip.enabled -}}
- name: AUTHENTIK_AUTHENTIK__GEOIP
value: /geoip/GeoLite2-City.mmdb
{{- end }}
volumeMounts: volumeMounts:
- name: authentik-uploads - name: authentik-uploads
mountPath: /media mountPath: /media
{{ if .Values.geoip.enabled -}}
- name: geoip
mountPath: /geoip
{{- end }}
ports: ports:
- name: http - name: http
containerPort: 8000 containerPort: 8000
@ -116,3 +124,8 @@ spec:
- name: authentik-uploads - name: authentik-uploads
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-uploads claimName: {{ include "authentik.fullname" . }}-uploads
{{ if .Values.geoip.enabled -}}
- name: geoip
persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-geoip
{{- end }}

15
helm/templates/worker-deployment.yaml
View File

@ -68,6 +68,15 @@ spec:
secretKeyRef: secretKeyRef:
name: "{{ .Release.Name }}-postgresql" name: "{{ .Release.Name }}-postgresql"
key: "postgresql-password" key: "postgresql-password"
{{ if .Values.geoip.enabled -}}
- name: AUTHENTIK_AUTHENTIK__GEOIP
value: /geoip/GeoLite2-City.mmdb
{{- end }}
{{ if .Values.geoip.enabled -}}
volumeMounts:
- name: geoip
mountPath: /geoip
{{- end }}
resources: resources:
requests: requests:
cpu: 150m cpu: 150m
@ -75,3 +84,9 @@ spec:
limits: limits:
cpu: 300m cpu: 300m
memory: 600M memory: 600M
{{ if .Values.geoip.enabled -}}
volumes:
- name: geoip
persistentVolumeClaim:
claimName: {{ include "authentik.fullname" . }}-geoip
{{- end -}}

22
helm/values.test.yaml
View File

@ -1,22 +0,0 @@
image:
tag: gh-master
pullPolicy: Always
serverReplicas: 1
workerReplicas: 1
config:
# Log level used by web and worker
# Can be either debug, info, warning, error
logLevel: debug
ingress:
hosts:
- authentik.127.0.0.1.nip.io
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
postgresql:
postgresqlPassword: EK-5jnKfjrGRm<77
redis:
password: password

7
helm/values.yaml
View File

@ -44,6 +44,13 @@ config:
# Email address authentik will send from, should have a correct @domain # Email address authentik will send from, should have a correct @domain
from: authentik@localhost from: authentik@localhost
# Enable MaxMind GeoIP
geoip:
enabled: false
accountId: ""
licenseKey: ""
image: maxmindinc/geoipupdate:latest
# Enable Database Backups to S3 # Enable Database Backups to S3
# backup: # backup:
# accessKey: access-key # accessKey: access-key