remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 3 Packages Projects Releases Wiki Activity

initial migration

Browse Source
This commit is contained in:
Remy Moll
2023-10-05 14:34:37 +02:00
parent 5cb41fd5e4
commit 41f0153fd0
145 changed files with 17441 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
unused/authentik/ingress.yml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: authentik-ingress
namespace: authentik
spec:
entryPoints:
- websecure
routes:
- match: Host(`authentik.kluster.moll.re`)
kind: Rule
middlewares:
- name: authentik-websocket
services:
- name: authentik
port: 80
tls:
certResolver: default-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: authentik-websocket
namespace: authentik
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
Upgrade: "websocket"

37
unused/authentik/pvc.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
namespace: authentik
name: authentik-postgres-nfs
labels:
directory: authentik
spec:
storageClassName: slow
capacity:
storage: "5Gi"
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
nfs:
path: /export/kluster/authentik
server: 192.168.1.157
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: authentik
name: authentik-postgres-nfs
spec:
storageClassName: slow
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "5Gi"
selector:
matchLabels:
directory: authentik

172
unused/authentik/values.yaml Normal file
View File

@@ -0,0 +1,172 @@
# -- Server replicas
replicas: 1
# -- Custom priority class for different treatment by the scheduler
priorityClassName:
# -- server securityContext
securityContext: {}
worker:
# -- worker replicas
replicas: 1
# -- Custom priority class for different treatment by the scheduler
priorityClassName:
# -- worker securityContext
securityContext: {}
image:
repository: ghcr.io/goauthentik/server
tag: 2023.4.1
pullPolicy: IfNotPresent
pullSecrets: []
# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values
initContainers: {}
# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values
additionalContainers: {}
authentik:
# -- Log level for server and worker
log_level: info
# -- Secret key used for cookie singing and unique user IDs,
# don't change this after the first install
secret_key: "K9F5uNx1gzsk3q5tnjwFabBYgjBJcAv0qM135QRgzL81hRg4"
# -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
geoip: /geoip/GeoLite2-City.mmdb
# -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none'
avatars: gravatar
outposts:
# -- Template used for managed outposts. The following placeholders can be used
# %(type)s - the type of the outpost
# %(version)s - version of your authentik install
# %(build_hash)s - only for beta versions, the build hash of the image
container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
error_reporting:
# -- This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.beryju.org, and is fully opt-in
enabled: false
# -- This is a string that is sent to sentry with your error reports
environment: "k8s"
# -- Send PII (Personally identifiable information) data to sentry
send_pii: false
postgresql:
# -- set the postgresql hostname to talk to
# if unset and .Values.postgresql.enabled == true, will generate the default
# @default -- `{{ .Release.Name }}-postgresql`
host: 'postgres-postgresql.postgres'
# -- postgresql Database name
# @default -- `authentik`
name: "authentik"
# -- postgresql Username
# @default -- `authentik`
user: "authentik"
password: "authentik"
port: 5432
redis:
# -- set the redis hostname to talk to
# @default -- `{{ .Release.Name }}-redis-master`
host: '{{ .Release.Name }}-redis-master'
password: ""
# -- see configuration options at https://goauthentik.io/docs/installation/configuration/
env: {}
# AUTHENTIK_VAR_NAME: VALUE
envFrom: []
# - configMapRef:
# name: special-config
envValueFrom: {}
# AUTHENTIK_VAR_NAME:
# secretKeyRef:
# key: password
# name: my-secret
service:
# -- Service that is created to access authentik
enabled: true
type: ClusterIP
port: 80
name: http
protocol: TCP
labels: {}
annotations: {}
volumes: []
volumeMounts: []
# -- affinity applied to the deployments
affinity: {}
# -- nodeSelector applied to the deployments
resources:
server: {}
worker: {}
# WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe
# failure, but will continue on reboot. You can disable this during deployment if this is not desired
livenessProbe:
# -- enables or disables the livenessProbe
enabled: true
httpGet:
# -- liveness probe url path
path: /-/health/live/
port: http
initialDelaySeconds: 50
periodSeconds: 10
readinessProbe:
enabled: true
httpGet:
path: /-/health/ready/
port: http
initialDelaySeconds: 50
periodSeconds: 10
serviceAccount:
# -- Service account is needed for managed outposts
create: true
prometheus:
serviceMonitor:
create: false
interval: 30s
scrapeTimeout: 3s
rules:
create: false
geoip:
# -- optional GeoIP, deploys a cronjob to download the maxmind database
enabled: false
# -- sign up under https://www.maxmind.com/en/geolite2/signup
accountId: ""
# -- sign up under https://www.maxmind.com/en/geolite2/signup
licenseKey: ""
editionIds: "GeoLite2-City"
image: maxmindinc/geoipupdate:v4.8
# -- number of hours between update runs
updateInterval: 8
postgresql:
# -- enable the bundled bitnami postgresql chart
enabled: false
postgresqlUsername: "authentik"
postgresqlPassword: "authentik"
postgresqlDatabase: "authentik"
# persistence:
# enabled: true
# existingClaim: authentik-postgres-nfs
redis:
# -- enable the bundled bitnami redis chart
enabled: true
architecture: standalone
auth:
enabled: false