fix

2024-01-26 08:52:55 +01:00
parent 8c4348d215
commit 15594f64d1
4 changed files with 232 additions and 121 deletions
--- a/share/authentik/datas.tf
+++ b/share/authentik/datas.tf
@@ -25,8 +25,8 @@ data "kustomization_overlay" "data" {
  resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
  images {
    name = "ghcr.io/goauthentik/server"
-    new_name = "${var.image.registry}/${var.image.repository}"
-    new_tag  = "${var.image.tag}"
+    new_name = "${var.image.app.registry}/${var.image.app.repository}"
+    new_tag  = "${var.image.app.tag}"
  }
  config_map_generator {
    name = var.component
@@ -41,7 +41,7 @@ data "kustomization_overlay" "data" {
      "AUTHENTIK_ERROR_REPORTING__SEND_PII=${var.error_reporting.send_pii}",
      "AUTHENTIK_GEOIP=${var.geoip}",
      "AUTHENTIK_LOG_LEVEL=${var.loglevel}",
-      "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.image.registry}/${var.image.project}/%(type)s:%(version)s",
+      "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.image.app.registry}/${var.image.app.project}/%(type)s:%(version)s",
      "AUTHENTIK_POSTGRESQL__NAME=${var.component}",
      "AUTHENTIK_POSTGRESQL__PORT=5432",
      "AUTHENTIK_POSTGRESQL__USER=${var.component}",
@@ -64,8 +64,8 @@ data "kustomization_overlay" "data" {
          spec:
            containers:
              - name: authentik
-                image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
-                imagePullPolicy: "${var.image.pullPolicy}"
+                image: "${var.image.app.registry}/${var.image.app.repository}:${var.image.app.tag}"
+                imagePullPolicy: "${var.image.app.pullPolicy}"
                env:
                - name: "AUTHENTIK_POSTGRESQL__HOST"
                  value: "${var.instance}-${var.component}-pool.${var.namespace}.svc"
@@ -96,8 +96,8 @@ data "kustomization_overlay" "data" {
          spec:
            containers:
              - name: authentik
-                image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
-                imagePullPolicy: "${var.image.pullPolicy}"
+                image: "${var.image.app.registry}/${var.image.app.repository}:${var.image.app.tag}"
+                imagePullPolicy: "${var.image.app.pullPolicy}"
                env:
                - name: "AUTHENTIK_POSTGRESQL__HOST"
                  value: "${var.instance}-${var.component}-pool.${var.namespace}.svc"
--- a/share/authentik/index.yaml
+++ b/share/authentik/index.yaml
@@ -6,11 +6,21 @@ metadata:
  name: authentik
  description: authentik is an open-source Identity Provider focused on flexibility and versatility
 options:
-  domain:
-    default: your-company
+  loglevel:
+    default: info
    examples:
-    - your-company
+    - info
    type: string
+  admin:
+    default:
+      email: auth-admin
+    examples:
+    - email: auth-admin
+    properties:
+      email:
+        default: auth-admin
+        type: string
+    type: object
  backups:
    default:
      enable: false
@@ -70,6 +80,72 @@ options:
        default: false
        type: boolean
    type: object
+  redis:
+    default:
+      exporter:
+        enabled: true
+    examples:
+    - exporter:
+        enabled: true
+    properties:
+      exporter:
+        default:
+          enabled: true
+        properties:
+          enabled:
+            default: true
+            type: boolean
+        type: object
+    type: object
+  ingress_class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  storage:
+    default:
+      postgres:
+        size: 8Gi
+      redis:
+        size: 8Gi
+    examples:
+    - postgres:
+        size: 8Gi
+      redis:
+        size: 8Gi
+    properties:
+      postgres:
+        default:
+          size: 8Gi
+        properties:
+          size:
+            default: 8Gi
+            type: string
+        type: object
+      redis:
+        default:
+          size: 8Gi
+        properties:
+          size:
+            default: 8Gi
+            type: string
+        type: object
+    type: object
+  geoip:
+    default: /geoip/GeoLite2-City.mmdb
+    examples:
+    - /geoip/GeoLite2-City.mmdb
+    type: string
+  postgres:
+    default:
+      replicas: 1
+    examples:
+    - replicas: 1
+    properties:
+      replicas:
+        default: 1
+        type: integer
+    type: object
  error_reporting:
    default:
      enabled: false
@@ -90,78 +166,53 @@ options:
        default: false
        type: boolean
    type: object
-  postgres:
-    default:
-      replicas: 1
-      storage: 8Gi
-      version: '14'
-    examples:
-    - replicas: 1
-      storage: 8Gi
-      version: '14'
-    properties:
-      replicas:
-        default: 1
-        type: integer
-      storage:
-        default: 8Gi
-        type: string
-      version:
-        default: '14'
-        type: string
-    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  ingress_class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  redis:
-    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 8Gi
-    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 8Gi
-    properties:
-      exporter:
-        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
-        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
-            type: string
-        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.12
-        type: string
-      storage:
-        default: 8Gi
-        type: string
-    type: object
-  image:
+  images:
    default:
+      app:
        project: goauthentik
        pullPolicy: IfNotPresent
        registry: ghcr.io
        repository: goauthentik/server
        tag: 2023.8.3
+      postgresql:
+        registry: ghcr.io
+        repository: cloudnative-pg/postgresql
+        tag: 15.3
+      redis:
+        pullPolicy: IfNotPresent
+        registry: quay.io
+        repository: opstree/redis
+        tag: v7.0.12
+      redis_exporter:
+        pullPolicy: IfNotPresent
+        registry: quay.io
+        repository: opstree/redis-exporter
+        tag: v1.44.0
    examples:
-    - project: goauthentik
+    - app:
+        project: goauthentik
+        pullPolicy: IfNotPresent
+        registry: ghcr.io
+        repository: goauthentik/server
+        tag: 2023.8.3
+      postgresql:
+        registry: ghcr.io
+        repository: cloudnative-pg/postgresql
+        tag: 15.3
+      redis:
+        pullPolicy: IfNotPresent
+        registry: quay.io
+        repository: opstree/redis
+        tag: v7.0.12
+      redis_exporter:
+        pullPolicy: IfNotPresent
+        registry: quay.io
+        repository: opstree/redis-exporter
+        tag: v1.44.0
+    properties:
+      app:
+        default:
+          project: goauthentik
          pullPolicy: IfNotPresent
          registry: ghcr.io
          repository: goauthentik/server
@@ -172,6 +223,10 @@ options:
            type: string
          pullPolicy:
            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
            type: string
          registry:
            default: ghcr.io
@@ -183,36 +238,81 @@ options:
            default: 2023.8.3
            type: string
        type: object
+      postgresql:
+        default:
+          registry: ghcr.io
+          repository: cloudnative-pg/postgresql
+          tag: 15.3
+        properties:
+          registry:
+            default: ghcr.io
+            type: string
+          repository:
+            default: cloudnative-pg/postgresql
+            type: string
+          tag:
+            default: 15.3
+            type: number
+        type: object
+      redis:
+        default:
+          pullPolicy: IfNotPresent
+          registry: quay.io
+          repository: opstree/redis
+          tag: v7.0.12
+        properties:
+          pullPolicy:
+            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
+            type: string
+          registry:
+            default: quay.io
+            type: string
+          repository:
+            default: opstree/redis
+            type: string
+          tag:
+            default: v7.0.12
+            type: string
+        type: object
+      redis_exporter:
+        default:
+          pullPolicy: IfNotPresent
+          registry: quay.io
+          repository: opstree/redis-exporter
+          tag: v1.44.0
+        properties:
+          pullPolicy:
+            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
+            type: string
+          registry:
+            default: quay.io
+            type: string
+          repository:
+            default: opstree/redis-exporter
+            type: string
+          tag:
+            default: v1.44.0
+            type: string
+        type: object
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
  domain_name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
-  admin:
-    default:
-      email: auth-admin
-    examples:
-    - email: auth-admin
-    properties:
-      email:
-        default: auth-admin
-        type: string
-    type: object
-  sub_domain:
-    default: auth
-    examples:
-    - auth
-    type: string
-  geoip:
-    default: /geoip/GeoLite2-City.mmdb
-    examples:
-    - /geoip/GeoLite2-City.mmdb
-    type: string
-  loglevel:
-    default: info
-    examples:
-    - info
-    type: string
  email:
    default:
      port: 587
@@ -238,6 +338,16 @@ options:
        default: false
        type: boolean
    type: object
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  sub_domain:
+    default: auth
+    examples:
+    - auth
+    type: string
 dependencies:
 - dist: null
  category: core
--- a/share/authentik/postgresql.tf
+++ b/share/authentik/postgresql.tf
@@ -20,8 +20,9 @@ resource "kubectl_manifest" "prj_pg" {
        "k8up.io/file-extension": ".sql"
    spec:
      instances: ${var.postgres.replicas}
+      imageName: "${var.images.postgres.registry}/${var.images.postgres.repository}:${var.images.postgres.tag}"
      storage:
-        size: "${var.postgres.storage}"
+        size: "${var.storage.postgres}"
      bootstrap:
        initdb:
          database: "${var.component}"
--- a/share/authentik/redis.tf
+++ b/share/authentik/redis.tf
@@ -9,7 +9,7 @@ resource "kubectl_manifest" "authentik_redis" {
    spec:
      kubernetesConfig:
        image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}"
-        imagePullPolicy: "IfNotPresent"
+        imagePullPolicy: "${var.images.redis.pullPolicy}"
        redisSecret:
          name: "${var.component}"
          key: "AUTHENTIK_REDIS__PASSWORD"