Nik Afiq
83f46c9748
feat(gitea): create PersistentVolume and PersistentVolumeClaim for Gitea feat(gitea): add script to create Gitea runner registration token secret feat(gitea): deploy Gitea Actions runner with Docker socket access feat(media): deploy JDownloader with Ingress configuration feat(media): set up Jellyfin media server with NFS and Ingress feat(media): configure qBittorrent deployment with Ingress feat(monitoring): add Grafana Loki datasource ConfigMap feat(monitoring): create Grafana admin credentials secret feat(monitoring): define PersistentVolumes for monitoring stack feat(network): implement DDNS CronJob for Porkbun DNS updates feat(network): create secret for Porkbun DDNS API credentials feat(network): set up Glances service and Ingress for Debian node fix(network): patch Pi-hole DNS services with external IPs feat(network): configure Traefik dashboard Ingress with Authentik auth feat(network): set up Watch Party service and Ingress for Mac Mini refactor(values): update Helm values files for various services
84 lines
2.1 KiB
YAML
84 lines
2.1 KiB
YAML
# Apply: helm upgrade --install authentik authentik/authentik -f values/authentik.yaml -n authentik --create-namespace
|
|
# Description: Helm values for Authentik SSO/identity provider
|
|
|
|
authentik:
|
|
secret_key: "" # kept blank — comes from existingSecret via env below
|
|
existingSecret:
|
|
secretName: "" # kept blank — not used directly, but required to avoid Helm validation error
|
|
log_level: info
|
|
error_reporting:
|
|
enabled: false
|
|
|
|
server:
|
|
env:
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: secret-key
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: postgresql-password
|
|
- name: AUTHENTIK_POSTGRESQL__HOST
|
|
value: "authentik-postgresql"
|
|
- name: AUTHENTIK_POSTGRESQL__USER
|
|
value: "authentik"
|
|
- name: AUTHENTIK_POSTGRESQL__NAME
|
|
value: "authentik"
|
|
|
|
worker:
|
|
env:
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: secret-key
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: postgresql-password
|
|
- name: AUTHENTIK_POSTGRESQL__HOST
|
|
value: "authentik-postgresql"
|
|
- name: AUTHENTIK_POSTGRESQL__USER
|
|
value: "authentik"
|
|
- name: AUTHENTIK_POSTGRESQL__NAME
|
|
value: "authentik"
|
|
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
username: authentik
|
|
database: authentik
|
|
existingSecret: authentik-secrets
|
|
secretKeys:
|
|
adminPasswordKey: postgresql-password
|
|
userPasswordKey: postgresql-password
|
|
primary:
|
|
persistence:
|
|
enabled: true
|
|
podAnnotations:
|
|
helm.sh/resource-policy: keep
|
|
|
|
redis:
|
|
enabled: true
|
|
auth:
|
|
enabled: false
|
|
|
|
additionalObjects:
|
|
- apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: authentik-worker
|
|
namespace: authentik
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/component: worker
|
|
app.kubernetes.io/instance: authentik
|
|
ports:
|
|
- name: http
|
|
port: 9000
|
|
targetPort: 9000
|