From 9f1e98d53bcbaeef3201d1167e92774773af3afb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Fri, 5 Apr 2024 18:07:07 +0200 Subject: [PATCH] fix --- share/authentik/datas.tf | 4 + share/authentik/index.yaml | 286 ++++++++++++++++++------------------- share/authentik/secret.tf | 4 + 3 files changed, 151 insertions(+), 143 deletions(-) diff --git a/share/authentik/datas.tf b/share/authentik/datas.tf index c772644..ea7ad02 100644 --- a/share/authentik/datas.tf +++ b/share/authentik/datas.tf @@ -8,6 +8,9 @@ locals { "app.kubernetes.io/name" = var.component "app.kubernetes.io/instance" = var.instance } + server-annotations = (var.customisation.configmap_name!="" && (var.customisation.use_icon_left || var.customisation.use_custom_css))?{ + "configmap.reloader.stakater.com/reload" = var.customisation.configmap_name + }:{} } data "kustomization_overlay" "data" { @@ -51,6 +54,7 @@ data "kustomization_overlay" "data" { kind: Deployment metadata: name: authentik-server + annotations: ${jsonencode(local.server-annotations)} spec: template: spec: diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index 7f8ab83..fa94c00 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,16 +6,41 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - admin: - default: - email: auth-admin + loglevel: + default: info examples: - - email: auth-admin + - info + type: string + email: + default: + port: 587 + timeout: 30 + use_ssl: false + use_tls: false + examples: + - port: 587 + timeout: 30 + use_ssl: false + use_tls: false properties: - email: - default: auth-admin - type: string + port: + default: 587 + type: integer + timeout: + default: 30 + type: integer + use_ssl: + default: false + type: boolean + use_tls: + default: false + type: boolean type: object + sub_domain: + default: auth + examples: + - auth + type: string error_reporting: default: enabled: false @@ -36,74 +61,25 @@ options: default: false type: boolean type: object - backups: + admin: default: - enable: false - endpoint: '' - key_id_key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret_key: s3-secret - secret_name: backup-settings - use_barman: false + email: auth-admin examples: - - enable: false - endpoint: '' - key_id_key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret_key: s3-secret - secret_name: backup-settings - use_barman: false + - email: auth-admin properties: - enable: - default: false - type: boolean - endpoint: - default: '' + email: + default: auth-admin type: string - key_id_key: - default: s3-id - type: string - retention: - default: - db: 30d - properties: - db: - default: 30d - type: string - type: object - schedule: - default: - db: 0 3 * * * - properties: - db: - default: 0 3 * * * - type: string - type: object - secret_key: - default: s3-secret - type: string - secret_name: - default: backup-settings - type: string - use_barman: - default: false - type: boolean type: object - ingress_class: - default: traefik + domain: + default: your-company examples: - - traefik + - your-company type: string - sub_domain: - default: auth + geoip: + default: /geoip/GeoLite2-City.mmdb examples: - - auth + - /geoip/GeoLite2-City.mmdb type: string images: default: @@ -272,10 +248,20 @@ options: type: string type: object type: object - domain_name: - default: your_company.com + postgres: + default: + replicas: 1 examples: - - your_company.com + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object + ingress_class: + default: traefik + examples: + - traefik type: string redis: default: @@ -294,76 +280,6 @@ options: type: boolean type: object type: object - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain: - default: your-company - examples: - - your-company - type: string - customisation: - default: - configmap_name: '' - use_custom_css: false - use_icon_left: false - examples: - - configmap_name: '' - use_custom_css: false - use_icon_left: false - properties: - configmap_name: - default: '' - type: string - use_custom_css: - default: false - type: boolean - use_icon_left: - default: false - type: boolean - type: object - email: - default: - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - examples: - - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - properties: - port: - default: 587 - type: integer - timeout: - default: 30 - type: integer - use_ssl: - default: false - type: boolean - use_tls: - default: false - type: boolean - type: object - loglevel: - default: info - examples: - - info - type: string storage: default: postgres: @@ -393,11 +309,95 @@ options: type: string type: object type: object - geoip: - default: /geoip/GeoLite2-City.mmdb + backups: + default: + enable: false + endpoint: '' + key_id_key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret_key: s3-secret + secret_name: backup-settings + use_barman: false examples: - - /geoip/GeoLite2-City.mmdb + - enable: false + endpoint: '' + key_id_key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key_id_key: + default: s3-id + type: string + retention: + default: + db: 30d + properties: + db: + default: 30d + type: string + type: object + schedule: + default: + db: 0 3 * * * + properties: + db: + default: 0 3 * * * + type: string + type: object + secret_key: + default: s3-secret + type: string + secret_name: + default: backup-settings + type: string + use_barman: + default: false + type: boolean + type: object + domain_name: + default: your_company.com + examples: + - your_company.com type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + customisation: + default: + configmap_name: '' + use_custom_css: false + use_icon_left: false + examples: + - configmap_name: '' + use_custom_css: false + use_icon_left: false + properties: + configmap_name: + default: '' + type: string + use_custom_css: + default: false + type: boolean + use_icon_left: + default: false + type: boolean + type: object dependencies: - dist: null category: core diff --git a/share/authentik/secret.tf b/share/authentik/secret.tf index 8715cc5..803f2df 100644 --- a/share/authentik/secret.tf +++ b/share/authentik/secret.tf @@ -38,6 +38,7 @@ resource "kubectl_manifest" "pre_backup_sa" { metadata: name: backup-secret namespace: "${var.namespace}" + labels: ${jsonencode(local.secrets-labels)} EOF } resource "kubectl_manifest" "pre_backup_role" { @@ -49,6 +50,7 @@ resource "kubectl_manifest" "pre_backup_role" { metadata: name: backup-secret namespace: "${var.namespace}" + labels: ${jsonencode(local.secrets-labels)} rules: - apiGroups: - "" @@ -68,6 +70,7 @@ resource "kubectl_manifest" "pre_backup_rb" { metadata: name: backup-secret namespace: "${var.namespace}" + labels: ${jsonencode(local.secrets-labels)} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -87,6 +90,7 @@ resource "kubectl_manifest" "pre_backup_pod" { metadata: name: secret namespace: "${var.namespace}" + labels: ${jsonencode(local.secrets-labels)} spec: backupCommand: kubectl get secrets -o yaml -l k8up.io/backup=true pod: