diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index 82da9b2..856e451 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,164 +6,6 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - ingress-class: - default: traefik - examples: - - traefik - type: string - domain: - default: your-company - examples: - - your-company - type: string - error_reporting: - default: - enabled: false - environment: k8s - send_pii: false - examples: - - enabled: false - environment: k8s - send_pii: false - properties: - enabled: - default: false - type: boolean - environment: - default: k8s - type: string - send_pii: - default: false - type: boolean - type: object - postgres: - default: - replicas: 1 - storage: 8Gi - version: '14' - examples: - - replicas: 1 - storage: 8Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 8Gi - type: string - version: - default: '14' - type: string - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - geoip: - default: /geoip/GeoLite2-City.mmdb - examples: - - /geoip/GeoLite2-City.mmdb - type: string - email: - default: - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - examples: - - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - properties: - port: - default: 587 - type: integer - timeout: - default: 30 - type: integer - use_ssl: - default: false - type: boolean - use_tls: - default: false - type: boolean - type: object - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 8Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 8Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 8Gi - type: string - type: object - image: - default: - project: goauthentik - pullPolicy: IfNotPresent - registry: ghcr.io - repository: goauthentik/server - tag: 2023.5.4 - examples: - - project: goauthentik - pullPolicy: IfNotPresent - registry: ghcr.io - repository: goauthentik/server - tag: 2023.5.4 - properties: - project: - default: goauthentik - type: string - pullPolicy: - default: IfNotPresent - type: string - registry: - default: ghcr.io - type: string - repository: - default: goauthentik/server - type: string - tag: - default: 2023.5.4 - type: string - type: object - loglevel: - default: info - examples: - - info - type: string - sub-domain: - default: auth - examples: - - auth - type: string backups: default: enable: false @@ -218,6 +60,149 @@ options: default: backup-settings type: string type: object + domain: + default: your-company + examples: + - your-company + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + email: + default: + port: 587 + timeout: 30 + use_ssl: false + use_tls: false + examples: + - port: 587 + timeout: 30 + use_ssl: false + use_tls: false + properties: + port: + default: 587 + type: integer + timeout: + default: 30 + type: integer + use_ssl: + default: false + type: boolean + use_tls: + default: false + type: boolean + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + postgres: + default: + replicas: 1 + storage: 8Gi + version: '14' + examples: + - replicas: 1 + storage: 8Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 8Gi + type: string + version: + default: '14' + type: string + type: object + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 8Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 8Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 + type: string + storage: + default: 8Gi + type: string + type: object + geoip: + default: /geoip/GeoLite2-City.mmdb + examples: + - /geoip/GeoLite2-City.mmdb + type: string + image: + default: + project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.5.4 + examples: + - project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.5.4 + properties: + project: + default: goauthentik + type: string + pullPolicy: + default: IfNotPresent + type: string + registry: + default: ghcr.io + type: string + repository: + default: goauthentik/server + type: string + tag: + default: 2023.5.4 + type: string + type: object + sub-domain: + default: auth + examples: + - auth + type: string + loglevel: + default: info + examples: + - info + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string admin: default: email: auth-admin @@ -228,11 +213,26 @@ options: default: auth-admin type: string type: object - domain-name: - default: your_company.com + error_reporting: + default: + enabled: false + environment: k8s + send_pii: false examples: - - your_company.com - type: string + - enabled: false + environment: k8s + send_pii: false + properties: + enabled: + default: false + type: boolean + environment: + default: k8s + type: string + send_pii: + default: false + type: boolean + type: object dependencies: - dist: null category: core diff --git a/share/authentik/postgresql.tf b/share/authentik/postgresql.tf index 0582e60..25deb4a 100644 --- a/share/authentik/postgresql.tf +++ b/share/authentik/postgresql.tf @@ -52,3 +52,25 @@ resource "kubectl_manifest" "prj_pg_backup" { name: "${var.instance}-${var.component}-pg" EOF } + +resource "kubectl_manifest" "prj_pg_pool" { + depends_on = [kubectl_manifest.prj_pg] + yaml_body = <<-EOF + apiVersion: postgresql.cnpg.io/v1 + kind: Pooler + metadata: + name: "${var.instance}-${var.component}-pool" + namespace: "${var.namespace}" + labels: ${jsonencode(local.pool-labels)} + spec: + cluster: + name: "${var.instance}-${var.component}-pg" + instances: 1 + type: rw + pgbouncer: + poolMode: session + parameters: + max_client_conn: "1000" + default_pool_size: "10" + EOF +}