From 21b51d6ee212c682df12a7adcf0ccffce25e91ba Mon Sep 17 00:00:00 2001 From: William P Date: Sat, 1 Mar 2025 23:19:26 -0500 Subject: [PATCH] add authentik --- authentik/Chart.yaml | 28 ++++++++++++++ authentik/values.yaml | 87 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 authentik/Chart.yaml create mode 100644 authentik/values.yaml diff --git a/authentik/Chart.yaml b/authentik/Chart.yaml new file mode 100644 index 0000000..058f784 --- /dev/null +++ b/authentik/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: authentik +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "1.0" + +dependencies: +- name: authentik + version: 2025.2.1 + repository: https://charts.goauthentik.io \ No newline at end of file diff --git a/authentik/values.yaml b/authentik/values.yaml new file mode 100644 index 0000000..06ecc64 --- /dev/null +++ b/authentik/values.yaml @@ -0,0 +1,87 @@ +authentik: + postgresql: + enabled: true + image: + repository: bitnami/postgresql + tag: 15.8.0-debian-12-r18 + auth: + username: authentik + database: authentik + existingSecret: "authentik-credentials" + secretKeys: + adminPasswordKey: "admin-password" + userPasswordKey: "user-password" + replicationPasswordKey: "replication-password" + primary: + extendedConfiguration: | + max_connections = 500 + resourcesPreset: "none" + persistence: + enabled: true + storageClass: weyma-shared + accessModes: + - ReadWriteOnce + readReplicas: + resourcesPreset: "none" + backup: + resourcesPreset: "none" + passwordUpdateJob: + resourcesPreset: "none" + volumePermissions: + resourcesPreset: "none" + metrics: + resourcesPreset: "none" + redis: + enabled: true + architecture: standalone + auth: + enabled: false + master: + resourcesPreset: "none" + replica: + resourcesPreset: "none" + sentinel: + resourcesPreset: "none" + metrics: + resourcesPreset: "none" + volumePermissions: + resourcesPreset: "none" + sysctl: + resourcesPreset: "none" + global: + env: + - name: AUTHENTIK_SECRET_KEY + valueFrom: + secretKeyRef: + name: authentik-credentials + key: authentik-secret-key + additionalObjects: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: authentik-credentials + spec: + refreshInterval: 1h + secretStoreRef: + name: weyma-vault + kind: ClusterSecretStore + target: + name: authentik-credentials + creationPolicy: Owner + data: + - secretKey: admin-password + remoteRef: + key: authentik + property: admin-password + - secretKey: authentik-secret-key + remoteRef: + key: authentik + property: authentik-secret-key + - secretKey: replication-password + remoteRef: + key: authentik + property: replication-password + - secretKey: user-password + remoteRef: + key: authentik + property: user-password \ No newline at end of file