vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-26 08:52:55 +01:00
parent 8c4348d215
commit 15594f64d1
4 changed files with 232 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
share/authentik/datas.tf
View File

@@ -25,8 +25,8 @@ data "kustomization_overlay" "data" {
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images { images {
name = "ghcr.io/goauthentik/server" name = "ghcr.io/goauthentik/server"
new_name = "${var.image.registry}/${var.image.repository}" new_name = "${var.image.app.registry}/${var.image.app.repository}"
new_tag = "${var.image.tag}" new_tag = "${var.image.app.tag}"
} }
config_map_generator { config_map_generator {
name = var.component name = var.component
@@ -41,7 +41,7 @@ data "kustomization_overlay" "data" {
"AUTHENTIK_ERROR_REPORTING__SEND_PII=${var.error_reporting.send_pii}", "AUTHENTIK_ERROR_REPORTING__SEND_PII=${var.error_reporting.send_pii}",
"AUTHENTIK_GEOIP=${var.geoip}", "AUTHENTIK_GEOIP=${var.geoip}",
"AUTHENTIK_LOG_LEVEL=${var.loglevel}", "AUTHENTIK_LOG_LEVEL=${var.loglevel}",
"AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.image.registry}/${var.image.project}/%(type)s:%(version)s", "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.image.app.registry}/${var.image.app.project}/%(type)s:%(version)s",
"AUTHENTIK_POSTGRESQL__NAME=${var.component}", "AUTHENTIK_POSTGRESQL__NAME=${var.component}",
"AUTHENTIK_POSTGRESQL__PORT=5432", "AUTHENTIK_POSTGRESQL__PORT=5432",
"AUTHENTIK_POSTGRESQL__USER=${var.component}", "AUTHENTIK_POSTGRESQL__USER=${var.component}",
@@ -64,8 +64,8 @@ data "kustomization_overlay" "data" {
spec: spec:
containers: containers:
- name: authentik - name: authentik
image: "${var.image.registry}/${var.image.repository}:${var.image.tag}" image: "${var.image.app.registry}/${var.image.app.repository}:${var.image.app.tag}"
imagePullPolicy: "${var.image.pullPolicy}" imagePullPolicy: "${var.image.app.pullPolicy}"
env: env:
- name: "AUTHENTIK_POSTGRESQL__HOST" - name: "AUTHENTIK_POSTGRESQL__HOST"
value: "${var.instance}-${var.component}-pool.${var.namespace}.svc" value: "${var.instance}-${var.component}-pool.${var.namespace}.svc"
@@ -96,8 +96,8 @@ data "kustomization_overlay" "data" {
spec: spec:
containers: containers:
- name: authentik - name: authentik
image: "${var.image.registry}/${var.image.repository}:${var.image.tag}" image: "${var.image.app.registry}/${var.image.app.repository}:${var.image.app.tag}"
imagePullPolicy: "${var.image.pullPolicy}" imagePullPolicy: "${var.image.app.pullPolicy}"
env: env:
- name: "AUTHENTIK_POSTGRESQL__HOST" - name: "AUTHENTIK_POSTGRESQL__HOST"
value: "${var.instance}-${var.component}-pool.${var.namespace}.svc" value: "${var.instance}-${var.component}-pool.${var.namespace}.svc"

334
share/authentik/index.yaml
View File

@@ -6,11 +6,21 @@ metadata:
name: authentik name: authentik
description: authentik is an open-source Identity Provider focused on flexibility and versatility description: authentik is an open-source Identity Provider focused on flexibility and versatility
options: options:
domain: loglevel:
default: your-company default: info
examples: examples:
- your-company - info
type: string type: string
admin:
default:
email: auth-admin
examples:
- email: auth-admin
properties:
email:
default: auth-admin
type: string
type: object
backups: backups:
default: default:
enable: false enable: false
@@ -70,6 +80,72 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
redis:
default:
exporter:
enabled: true
examples:
- exporter:
enabled: true
properties:
exporter:
default:
enabled: true
properties:
enabled:
default: true
type: boolean
type: object
type: object
ingress_class:
default: traefik
examples:
- traefik
type: string
storage:
default:
postgres:
size: 8Gi
redis:
size: 8Gi
examples:
- postgres:
size: 8Gi
redis:
size: 8Gi
properties:
postgres:
default:
size: 8Gi
properties:
size:
default: 8Gi
type: string
type: object
redis:
default:
size: 8Gi
properties:
size:
default: 8Gi
type: string
type: object
type: object
geoip:
default: /geoip/GeoLite2-City.mmdb
examples:
- /geoip/GeoLite2-City.mmdb
type: string
postgres:
default:
replicas: 1
examples:
- replicas: 1
properties:
replicas:
default: 1
type: integer
type: object
error_reporting: error_reporting:
default: default:
enabled: false enabled: false
@@ -90,129 +166,153 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
postgres: images:
default: default:
replicas: 1 app:
storage: 8Gi project: goauthentik
version: '14' pullPolicy: IfNotPresent
registry: ghcr.io
repository: goauthentik/server
tag: 2023.8.3
postgresql:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
redis:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis
tag: v7.0.12
redis_exporter:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis-exporter
tag: v1.44.0
examples: examples:
- replicas: 1 - app:
storage: 8Gi project: goauthentik
version: '14' pullPolicy: IfNotPresent
registry: ghcr.io
repository: goauthentik/server
tag: 2023.8.3
postgresql:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
redis:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis
tag: v7.0.12
redis_exporter:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis-exporter
tag: v1.44.0
properties: properties:
replicas: app:
default: 1
type: integer
storage:
default: 8Gi
type: string
version:
default: '14'
type: string
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
ingress_class:
default: traefik
examples:
- traefik
type: string
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 8Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 8Gi
properties:
exporter:
default: default:
enabled: true project: goauthentik
image: quay.io/opstree/redis-exporter:v1.44.0 pullPolicy: IfNotPresent
registry: ghcr.io
repository: goauthentik/server
tag: 2023.8.3
properties: properties:
enabled: project:
default: true default: goauthentik
type: boolean type: string
image: pullPolicy:
default: quay.io/opstree/redis-exporter:v1.44.0 default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: ghcr.io
type: string
repository:
default: goauthentik/server
type: string
tag:
default: 2023.8.3
type: string
type: object
postgresql:
default:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
properties:
registry:
default: ghcr.io
type: string
repository:
default: cloudnative-pg/postgresql
type: string
tag:
default: 15.3
type: number
type: object
redis:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis
tag: v7.0.12
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: opstree/redis
type: string
tag:
default: v7.0.12
type: string
type: object
redis_exporter:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis-exporter
tag: v1.44.0
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: opstree/redis-exporter
type: string
tag:
default: v1.44.0
type: string type: string
type: object type: object
image:
default: quay.io/opstree/redis:v7.0.12
type: string
storage:
default: 8Gi
type: string
type: object type: object
image: domain:
default: default: your-company
project: goauthentik
pullPolicy: IfNotPresent
registry: ghcr.io
repository: goauthentik/server
tag: 2023.8.3
examples: examples:
- project: goauthentik - your-company
pullPolicy: IfNotPresent type: string
registry: ghcr.io
repository: goauthentik/server
tag: 2023.8.3
properties:
project:
default: goauthentik
type: string
pullPolicy:
default: IfNotPresent
type: string
registry:
default: ghcr.io
type: string
repository:
default: goauthentik/server
type: string
tag:
default: 2023.8.3
type: string
type: object
domain_name: domain_name:
default: your_company.com default: your_company.com
examples: examples:
- your_company.com - your_company.com
type: string type: string
admin:
default:
email: auth-admin
examples:
- email: auth-admin
properties:
email:
default: auth-admin
type: string
type: object
sub_domain:
default: auth
examples:
- auth
type: string
geoip:
default: /geoip/GeoLite2-City.mmdb
examples:
- /geoip/GeoLite2-City.mmdb
type: string
loglevel:
default: info
examples:
- info
type: string
email: email:
default: default:
port: 587 port: 587
@@ -238,6 +338,16 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub_domain:
default: auth
examples:
- auth
type: string
dependencies: dependencies:
- dist: null - dist: null
category: core category: core

3
share/authentik/postgresql.tf
View File

@@ -20,8 +20,9 @@ resource "kubectl_manifest" "prj_pg" {
"k8up.io/file-extension": ".sql" "k8up.io/file-extension": ".sql"
spec: spec:
instances: ${var.postgres.replicas} instances: ${var.postgres.replicas}
imageName: "${var.images.postgres.registry}/${var.images.postgres.repository}:${var.images.postgres.tag}"
storage: storage:
size: "${var.postgres.storage}" size: "${var.storage.postgres}"
bootstrap: bootstrap:
initdb: initdb:
database: "${var.component}" database: "${var.component}"

2
share/authentik/redis.tf
View File

@@ -9,7 +9,7 @@ resource "kubectl_manifest" "authentik_redis" {
spec: spec:
kubernetesConfig: kubernetesConfig:
image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "${var.images.redis.pullPolicy}"
redisSecret: redisSecret:
name: "${var.component}" name: "${var.component}"
key: "AUTHENTIK_REDIS__PASSWORD" key: "AUTHENTIK_REDIS__PASSWORD"