diff --git a/share/authentik/datas.tf b/share/authentik/datas.tf index 3a16555..6d44830 100644 --- a/share/authentik/datas.tf +++ b/share/authentik/datas.tf @@ -25,8 +25,8 @@ data "kustomization_overlay" "data" { resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] images { name = "ghcr.io/goauthentik/server" - new_name = "${var.image.registry}/${var.image.repository}" - new_tag = "${var.image.tag}" + new_name = "${var.image.app.registry}/${var.image.app.repository}" + new_tag = "${var.image.app.tag}" } config_map_generator { name = var.component @@ -41,7 +41,7 @@ data "kustomization_overlay" "data" { "AUTHENTIK_ERROR_REPORTING__SEND_PII=${var.error_reporting.send_pii}", "AUTHENTIK_GEOIP=${var.geoip}", "AUTHENTIK_LOG_LEVEL=${var.loglevel}", - "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.image.registry}/${var.image.project}/%(type)s:%(version)s", + "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.image.app.registry}/${var.image.app.project}/%(type)s:%(version)s", "AUTHENTIK_POSTGRESQL__NAME=${var.component}", "AUTHENTIK_POSTGRESQL__PORT=5432", "AUTHENTIK_POSTGRESQL__USER=${var.component}", @@ -64,8 +64,8 @@ data "kustomization_overlay" "data" { spec: containers: - name: authentik - image: "${var.image.registry}/${var.image.repository}:${var.image.tag}" - imagePullPolicy: "${var.image.pullPolicy}" + image: "${var.image.app.registry}/${var.image.app.repository}:${var.image.app.tag}" + imagePullPolicy: "${var.image.app.pullPolicy}" env: - name: "AUTHENTIK_POSTGRESQL__HOST" value: "${var.instance}-${var.component}-pool.${var.namespace}.svc" @@ -96,8 +96,8 @@ data "kustomization_overlay" "data" { spec: containers: - name: authentik - image: "${var.image.registry}/${var.image.repository}:${var.image.tag}" - imagePullPolicy: "${var.image.pullPolicy}" + image: "${var.image.app.registry}/${var.image.app.repository}:${var.image.app.tag}" + imagePullPolicy: "${var.image.app.pullPolicy}" env: - name: "AUTHENTIK_POSTGRESQL__HOST" value: "${var.instance}-${var.component}-pool.${var.namespace}.svc" diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index dd5b825..5947996 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,11 +6,21 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - domain: - default: your-company + loglevel: + default: info examples: - - your-company + - info type: string + admin: + default: + email: auth-admin + examples: + - email: auth-admin + properties: + email: + default: auth-admin + type: string + type: object backups: default: enable: false @@ -70,6 +80,72 @@ options: default: false type: boolean type: object + redis: + default: + exporter: + enabled: true + examples: + - exporter: + enabled: true + properties: + exporter: + default: + enabled: true + properties: + enabled: + default: true + type: boolean + type: object + type: object + ingress_class: + default: traefik + examples: + - traefik + type: string + storage: + default: + postgres: + size: 8Gi + redis: + size: 8Gi + examples: + - postgres: + size: 8Gi + redis: + size: 8Gi + properties: + postgres: + default: + size: 8Gi + properties: + size: + default: 8Gi + type: string + type: object + redis: + default: + size: 8Gi + properties: + size: + default: 8Gi + type: string + type: object + type: object + geoip: + default: /geoip/GeoLite2-City.mmdb + examples: + - /geoip/GeoLite2-City.mmdb + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object error_reporting: default: enabled: false @@ -90,129 +166,153 @@ options: default: false type: boolean type: object - postgres: + images: default: - replicas: 1 - storage: 8Gi - version: '14' + app: + project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.8.3 + postgresql: + registry: ghcr.io + repository: cloudnative-pg/postgresql + tag: 15.3 + redis: + pullPolicy: IfNotPresent + registry: quay.io + repository: opstree/redis + tag: v7.0.12 + redis_exporter: + pullPolicy: IfNotPresent + registry: quay.io + repository: opstree/redis-exporter + tag: v1.44.0 examples: - - replicas: 1 - storage: 8Gi - version: '14' + - app: + project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.8.3 + postgresql: + registry: ghcr.io + repository: cloudnative-pg/postgresql + tag: 15.3 + redis: + pullPolicy: IfNotPresent + registry: quay.io + repository: opstree/redis + tag: v7.0.12 + redis_exporter: + pullPolicy: IfNotPresent + registry: quay.io + repository: opstree/redis-exporter + tag: v1.44.0 properties: - replicas: - default: 1 - type: integer - storage: - default: 8Gi - type: string - version: - default: '14' - type: string - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ingress_class: - default: traefik - examples: - - traefik - type: string - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 8Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 8Gi - properties: - exporter: + app: default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 + project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.8.3 properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 + project: + default: goauthentik + type: string + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: ghcr.io + type: string + repository: + default: goauthentik/server + type: string + tag: + default: 2023.8.3 + type: string + type: object + postgresql: + default: + registry: ghcr.io + repository: cloudnative-pg/postgresql + tag: 15.3 + properties: + registry: + default: ghcr.io + type: string + repository: + default: cloudnative-pg/postgresql + type: string + tag: + default: 15.3 + type: number + type: object + redis: + default: + pullPolicy: IfNotPresent + registry: quay.io + repository: opstree/redis + tag: v7.0.12 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: opstree/redis + type: string + tag: + default: v7.0.12 + type: string + type: object + redis_exporter: + default: + pullPolicy: IfNotPresent + registry: quay.io + repository: opstree/redis-exporter + tag: v1.44.0 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: quay.io + type: string + repository: + default: opstree/redis-exporter + type: string + tag: + default: v1.44.0 type: string type: object - image: - default: quay.io/opstree/redis:v7.0.12 - type: string - storage: - default: 8Gi - type: string type: object - image: - default: - project: goauthentik - pullPolicy: IfNotPresent - registry: ghcr.io - repository: goauthentik/server - tag: 2023.8.3 + domain: + default: your-company examples: - - project: goauthentik - pullPolicy: IfNotPresent - registry: ghcr.io - repository: goauthentik/server - tag: 2023.8.3 - properties: - project: - default: goauthentik - type: string - pullPolicy: - default: IfNotPresent - type: string - registry: - default: ghcr.io - type: string - repository: - default: goauthentik/server - type: string - tag: - default: 2023.8.3 - type: string - type: object + - your-company + type: string domain_name: default: your_company.com examples: - your_company.com type: string - admin: - default: - email: auth-admin - examples: - - email: auth-admin - properties: - email: - default: auth-admin - type: string - type: object - sub_domain: - default: auth - examples: - - auth - type: string - geoip: - default: /geoip/GeoLite2-City.mmdb - examples: - - /geoip/GeoLite2-City.mmdb - type: string - loglevel: - default: info - examples: - - info - type: string email: default: port: 587 @@ -238,6 +338,16 @@ options: default: false type: boolean type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + sub_domain: + default: auth + examples: + - auth + type: string dependencies: - dist: null category: core diff --git a/share/authentik/postgresql.tf b/share/authentik/postgresql.tf index 7359b43..a313245 100644 --- a/share/authentik/postgresql.tf +++ b/share/authentik/postgresql.tf @@ -20,8 +20,9 @@ resource "kubectl_manifest" "prj_pg" { "k8up.io/file-extension": ".sql" spec: instances: ${var.postgres.replicas} + imageName: "${var.images.postgres.registry}/${var.images.postgres.repository}:${var.images.postgres.tag}" storage: - size: "${var.postgres.storage}" + size: "${var.storage.postgres}" bootstrap: initdb: database: "${var.component}" diff --git a/share/authentik/redis.tf b/share/authentik/redis.tf index 50b6cf6..5ee06ef 100644 --- a/share/authentik/redis.tf +++ b/share/authentik/redis.tf @@ -9,7 +9,7 @@ resource "kubectl_manifest" "authentik_redis" { spec: kubernetesConfig: image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" - imagePullPolicy: "IfNotPresent" + imagePullPolicy: "${var.images.redis.pullPolicy}" redisSecret: name: "${var.component}" key: "AUTHENTIK_REDIS__PASSWORD"