SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

fix(authentik): fix helm chart after many fields were deprecated

This commit is contained in:
SeanOMik 2024-04-19 13:57:21 -04:00
parent b42c309248
commit c4953f349d
Signed by: SeanOMik
GPG Key ID: FEC9E2FC15235964
3 changed files with 60 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
cluster/apps/authentik/helm-release.yaml
View File

@ -16,23 +16,70 @@ spec:
name: authentik-charts
namespace: flux-system
values:
containerSecurityContext: &securityContext
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
global:
env:
- name: AUTHENTIK_HOST
value: &host "auth.${SECRET_NEW_DOMAIN}"
- name: AUTHENTIK_HOST_BROWSER
value: *host
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
key: authentikSecretKey
name: authentik-secrets
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
key: pgsqlUserPassword
name: authentik-secrets
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
key: redisUserPassword
name: authentik-secrets
server:
# containerSecurityContext: &securityContext
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
worker:
containerSecurityContext: *securityContext
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- *host
paths:
- /
pathType: Prefix
tls:
- hosts:
- *host
geoip:
containerSecurityContext: *securityContext
metrics:
enabled: true
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
prometheus:
rules:
enabled: true
# worker:
# containerSecurityContext: *securityContext
#
# geoip:
# containerSecurityContext: *securityContext
authentik:
# secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
# This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.beryju.org, and is fully opt-in
#log_level: debug
log_level: debug
error_reporting:
enabled: true
environment: "k3s"
@ -40,53 +87,5 @@ spec:
host: "postgresql.database"
name: "authentik" # database name
user: "authentik"
# password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
# port: 5432
redis:
host: "redis-master.database"
# password: "${SECRET_DATABASE_REDIS_PASS}"
# prometheus:
# serviceMonitor:
# create: true
# labels:
# release: kube-prometheus-stack
# rules:
# create: true
# labels:
# release: kube-prometheus-stack
env:
AUTHENTIK_HOST: &host "auth.${SECRET_NEW_DOMAIN}"
AUTHENTIK_HOST_BROWSER: *host
envValueFrom:
AUTHENTIK_SECRET_KEY:
secretKeyRef:
key: authentikSecretKey
name: authentik-secrets
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: pgsqlUserPassword
name: authentik-secrets
AUTHENTIK_REDIS__PASSWORD:
secretKeyRef:
key: redisUserPassword
name: authentik-secrets
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: *host
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
monitoring:
enabled: false # temporarily disable monitoring
host: "redis-master.database"

3
cluster/apps/authentik/kustomization.yaml
View File

@ -7,5 +7,4 @@ resources:
- ./helm-release.yaml
#- ./network_policy.yaml
- ./traefik-middleware.yaml
- ./dashboard.yaml
- ./service-monitor.yaml
- ./dashboard.yaml

17
cluster/apps/authentik/service-monitor.yaml
View File

@ -1,17 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: authentik
namespace: authentik
labels:
release: kube-prometheus-stack
spec:
selector:
matchLabels:
app.kubernetes.io/instance: authentik
app.kubernetes.io/name: authentik
endpoints:
- port: http-metrics
interval: 30s
scrapeTimeout: 3s
path: /metrics