From 5c7094f866d5af406118e26bfa150c6e343f935f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sun, 27 Aug 2023 15:18:52 +0200 Subject: [PATCH] fix --- share/authentik/index.yaml | 293 +++++++++++++++++----------------- share/authentik/postgresql.tf | 8 +- 2 files changed, 156 insertions(+), 145 deletions(-) diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index d3c5083..9eaa074 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,135 +6,6 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - retention: - default: - db: 30d - properties: - db: - default: 30d - type: string - type: object - schedule: - default: - db: 0 3 * * * - properties: - db: - default: 0 3 * * * - type: string - type: object - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object - email: - default: - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - examples: - - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - properties: - port: - default: 587 - type: integer - timeout: - default: 30 - type: integer - use_ssl: - default: false - type: boolean - use_tls: - default: false - type: boolean - type: object - error_reporting: - default: - enabled: false - environment: k8s - send_pii: false - examples: - - enabled: false - environment: k8s - send_pii: false - properties: - enabled: - default: false - type: boolean - environment: - default: k8s - type: string - send_pii: - default: false - type: boolean - type: object - sub-domain: - default: auth - examples: - - auth - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - postgres: - default: - replicas: 1 - storage: 8Gi - version: '14' - examples: - - replicas: 1 - storage: 8Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 8Gi - type: string - version: - default: '14' - type: string - type: object redis: default: exporter: @@ -168,41 +39,145 @@ options: default: 8Gi type: string type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + email: + default: + port: 587 + timeout: 30 + use_ssl: false + use_tls: false + examples: + - port: 587 + timeout: 30 + use_ssl: false + use_tls: false + properties: + port: + default: 587 + type: integer + timeout: + default: 30 + type: integer + use_ssl: + default: false + type: boolean + use_tls: + default: false + type: boolean + type: object ingress-class: default: traefik examples: - traefik type: string + sub-domain: + default: auth + examples: + - auth + type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret-key: s3-secret + secret-name: backup-settings + use-barman: false + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret-key: s3-secret + secret-name: backup-settings + use-barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + retention: + default: + db: 30d + properties: + db: + default: 30d + type: string + type: object + schedule: + default: + db: 0 3 * * * + properties: + db: + default: 0 3 * * * + type: string + type: object + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + use-barman: + default: false + type: boolean + type: object + loglevel: + default: info + examples: + - info + type: string geoip: default: /geoip/GeoLite2-City.mmdb examples: - /geoip/GeoLite2-City.mmdb type: string - loglevel: - default: info - examples: - - info - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string domain: default: your-company examples: - your-company type: string - admin: + error_reporting: default: - email: auth-admin + enabled: false + environment: k8s + send_pii: false examples: - - email: auth-admin + - enabled: false + environment: k8s + send_pii: false properties: - email: - default: auth-admin + enabled: + default: false + type: boolean + environment: + default: k8s type: string + send_pii: + default: false + type: boolean type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string image: default: project: goauthentik @@ -233,6 +208,36 @@ options: default: 2023.5.4 type: string type: object + postgres: + default: + replicas: 1 + storage: 8Gi + version: '14' + examples: + - replicas: 1 + storage: 8Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 8Gi + type: string + version: + default: '14' + type: string + type: object + admin: + default: + email: auth-admin + examples: + - email: auth-admin + properties: + email: + default: auth-admin + type: string + type: object dependencies: - dist: null category: core diff --git a/share/authentik/postgresql.tf b/share/authentik/postgresql.tf index 3b00fd3..7359b43 100644 --- a/share/authentik/postgresql.tf +++ b/share/authentik/postgresql.tf @@ -8,13 +8,16 @@ locals { } resource "kubectl_manifest" "prj_pg" { - yaml_body = <<-EOF + yaml_body = join("", concat([<<-EOF apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: "${var.instance}-${var.component}-pg" namespace: "${var.namespace}" labels: ${jsonencode(local.pg-labels)} + annotations: + "k8up.io/backupcommand": "pg_dump -U postgres -d ${var.component} --clean" + "k8up.io/file-extension": ".sql" spec: instances: ${var.postgres.replicas} storage: @@ -25,6 +28,8 @@ resource "kubectl_manifest" "prj_pg" { owner: "${var.component}" monitoring: enablePodMonitor: true + EOF + ], var.backups.enable&&var.backups.use-barman?[<<-EOF backup: barmanObjectStore: destinationPath: "s3://${var.instance}-${var.namespace}/" @@ -37,6 +42,7 @@ resource "kubectl_manifest" "prj_pg" { name: "${var.backups.secret-name}" key: "${var.backups.secret-key}" EOF + ]:[""])) } resource "kubectl_manifest" "prj_pg_backup" {