diff --git a/enterprise/authentik/7.1.0/CHANGELOG.md b/enterprise/authentik/7.1.0/CHANGELOG.md deleted file mode 100644 index ff497d12a9..0000000000 --- a/enterprise/authentik/7.1.0/CHANGELOG.md +++ /dev/null @@ -1,99 +0,0 @@ -# Changelog - - - -## [authentik-7.1.0](https://github.com/truecharts/charts/compare/authentik-7.0.2...authentik-7.1.0) (2022-10-01) - -### Feat - -- cleanup GUI from unnecessary services/ingresses and add serviceMonitor and prometheusRule ([#3961](https://github.com/truecharts/charts/issues/3961)) - - - - -## [authentik-7.0.1](https://github.com/truecharts/charts/compare/authentik-7.0.0...authentik-7.0.1) (2022-09-27) - -### Chore - -- Auto-update chart README [skip ci] - - update helm general non-major ([#3918](https://github.com/truecharts/charts/issues/3918)) - - - - -## [authentik-7.0.0](https://github.com/truecharts/charts/compare/authentik-6.0.7...authentik-7.0.0) (2022-09-25) - -### Feat - -- move to enterprise ([#3902](https://github.com/truecharts/charts/issues/3902)) - - - - -## [authentik-6.0.7](https://github.com/truecharts/charts/compare/authentik-6.0.6...authentik-6.0.7) (2022-09-25) - -### Chore - -- Auto-update chart README [skip ci] - - update helm general non-major ([#3898](https://github.com/truecharts/charts/issues/3898)) - - - - -## [authentik-6.0.6](https://github.com/truecharts/charts/compare/authentik-6.0.5...authentik-6.0.6) (2022-09-24) - -### Chore - -- Auto-update chart README [skip ci] - - update docker general non-major ([#3860](https://github.com/truecharts/charts/issues/3860)) - - - - -## [authentik-6.0.5](https://github.com/truecharts/charts/compare/authentik-6.0.3...authentik-6.0.5) (2022-09-22) - -### Chore - -- Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - refactor Services SCALE GUI - - fix prometheus annotations ([#3841](https://github.com/truecharts/charts/issues/3841)) - - update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) - - split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) - - - - -## [authentik-6.0.4](https://github.com/truecharts/charts/compare/authentik-6.0.3...authentik-6.0.4) (2022-09-21) - -### Chore - -- Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - refactor Services SCALE GUI - - update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) - - split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) - - - diff --git a/enterprise/authentik/7.1.0/Chart.lock b/enterprise/authentik/7.1.0/Chart.lock deleted file mode 100644 index 0acb6eb85e..0000000000 --- a/enterprise/authentik/7.1.0/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: common - repository: https://library-charts.truecharts.org - version: 10.6.4 -- name: postgresql - repository: https://charts.truecharts.org/ - version: 8.0.88 -- name: redis - repository: https://charts.truecharts.org - version: 3.0.85 -digest: sha256:30efd46858717b8c1689ca9990a510b87c2e9eb223e6297bcd93fdafbf86ec1e -generated: "2022-10-01T12:24:45.894049262Z" diff --git a/enterprise/authentik/7.1.0/Chart.yaml b/enterprise/authentik/7.1.0/Chart.yaml deleted file mode 100644 index 6eaf6aa484..0000000000 --- a/enterprise/authentik/7.1.0/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v2 -appVersion: "2022.9.0" -dependencies: - - name: common - repository: https://library-charts.truecharts.org - version: 10.6.4 - - condition: postgresql.enabled - name: postgresql - repository: https://charts.truecharts.org/ - version: 8.0.88 - - condition: redis.enabled - name: redis - repository: https://charts.truecharts.org - version: 3.0.85 -description: authentik is an open-source Identity Provider focused on flexibility and versatility. -home: https://truecharts.org/docs/charts/enterprise/authentik -icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png -keywords: - - authentik -kubeVersion: ">=1.16.0-0" -maintainers: - - email: info@truecharts.org - name: TrueCharts - url: https://truecharts.org -name: authentik -sources: - - https://github.com/truecharts/charts/tree/master/charts/enterprise/authentik - - https://github.com/goauthentik/authentik - - https://goauthentik.io/docs/ -version: 7.1.0 -annotations: - truecharts.org/catagories: | - - authentication - truecharts.org/SCALE-support: "true" - truecharts.org/grade: U diff --git a/enterprise/authentik/7.1.0/README.md b/enterprise/authentik/7.1.0/README.md deleted file mode 100644 index a2cecc2105..0000000000 --- a/enterprise/authentik/7.1.0/README.md +++ /dev/null @@ -1,109 +0,0 @@ -# authentik - -authentik is an open-source Identity Provider focused on flexibility and versatility. - -TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. - -This readme is just an automatically generated general guide on installing our Helm Charts and Apps. -For more information, please click here: [authentik](https://truecharts.org/docs/charts/enterprise/authentik) - -**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** - -## Source Code - -* -* -* - -## Requirements - -Kubernetes: `>=1.16.0-0` - -## Dependencies - -| Repository | Name | Version | -|------------|------|---------| -| https://charts.truecharts.org/ | postgresql | 8.0.88 | -| https://charts.truecharts.org | redis | 3.0.85 | -| https://library-charts.truecharts.org | common | 10.6.4 | - -## Installing the Chart - -### TrueNAS SCALE - -To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App). - -### Helm - -To install the chart with the release name `authentik` - -```console -helm repo add TrueCharts https://charts.truecharts.org -helm repo update -helm install authentik TrueCharts/authentik -``` - -## Uninstall - -### TrueNAS SCALE - -**Upgrading, Rolling Back and Uninstalling the Chart** - -To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App). - -### Helm - -To uninstall the `authentik` deployment - -```console -helm uninstall authentik -``` - -## Configuration - -### Helm - -#### Available Settings - -Read through the values.yaml file. It has several commented out suggested values. -Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). - -#### Configure using the command line - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -```console -helm install authentik \ - --set env.TZ="America/New York" \ - TrueCharts/authentik -``` - -#### Configure using a yaml file - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. - -```console -helm install authentik TrueCharts/authentik -f values.yaml -``` - -#### Connecting to other charts - -If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide. - -## Support - -- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ). -- See the [Website](https://truecharts.org) -- Check our [Discord](https://discord.gg/tVsPTHWTtr) -- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) - ---- - -## Sponsor TrueCharts - -TrueCharts can only exist due to the incredible effort of our staff. -Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! - ---- - -All Rights Reserved - The TrueCharts Project diff --git a/enterprise/authentik/7.1.0/app-readme.md b/enterprise/authentik/7.1.0/app-readme.md deleted file mode 100644 index 018a3b30e0..0000000000 --- a/enterprise/authentik/7.1.0/app-readme.md +++ /dev/null @@ -1,8 +0,0 @@ -authentik is an open-source Identity Provider focused on flexibility and versatility. - -This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/enterprise/authentik](https://truecharts.org/docs/charts/enterprise/authentik) - ---- - -TrueCharts can only exist due to the incredible effort of our staff. -Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/authentik/7.1.0/charts/common-10.6.4.tgz b/enterprise/authentik/7.1.0/charts/common-10.6.4.tgz deleted file mode 100644 index 2a39fa03ab..0000000000 Binary files a/enterprise/authentik/7.1.0/charts/common-10.6.4.tgz and /dev/null differ diff --git a/enterprise/authentik/7.1.0/charts/postgresql-8.0.88.tgz b/enterprise/authentik/7.1.0/charts/postgresql-8.0.88.tgz deleted file mode 100644 index f2b0731118..0000000000 Binary files a/enterprise/authentik/7.1.0/charts/postgresql-8.0.88.tgz and /dev/null differ diff --git a/enterprise/authentik/7.1.0/charts/redis-3.0.85.tgz b/enterprise/authentik/7.1.0/charts/redis-3.0.85.tgz deleted file mode 100644 index 4ce310cfc2..0000000000 Binary files a/enterprise/authentik/7.1.0/charts/redis-3.0.85.tgz and /dev/null differ diff --git a/enterprise/authentik/7.1.0/ix_values.yaml b/enterprise/authentik/7.1.0/ix_values.yaml deleted file mode 100644 index f869883d90..0000000000 --- a/enterprise/authentik/7.1.0/ix_values.yaml +++ /dev/null @@ -1,258 +0,0 @@ -image: - repository: tccr.io/truecharts/authentik - tag: 2022.9.0@sha256:e3ccba4164bd4f8715eba5f28e1dfeb80b090a60875732b68a1e7e857c6e27a1 - pullPolicy: IfNotPresent - -geoipImage: - repository: tccr.io/truecharts/geoipupdate - tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce - pullPolicy: IfNotPresent - -ldapImage: - repository: tccr.io/truecharts/authentik-ldap - tag: 2022.9.0@sha256:7a105527dfd259a7d77a1516ee9729658809279101070a11172c4aa7dc398d33 - pullPolicy: IfNotPresent - -proxyImage: - repository: tccr.io/truecharts/authentik-proxy - tag: 2022.9.0@sha256:b3756005a151b03de939f1c7f3034ab0ec16d18c9f11e025e60831707d5188b8 - pullPolicy: IfNotPresent - -args: ["server"] - -podSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - -securityContext: - readOnlyRootFilesystem: false - -workerContainer: - enabled: true - -authentik: - credentials: - password: "supersecret" - general: - disable_update_check: false - disable_startup_analytics: true - allow_user_name_change: true - allow_user_mail_change: true - allow_user_username_change: true - gdpr_compliance: true - impersonation: true - avatars: "gravatar" - token_length: 128 - # Use single quotes for footer_links - footer_links: '[{"name": "Link Name", "href": "https://mylink.com"}]' - mail: - host: "" - port: 25 - tls: false - ssl: false - timeout: 10 - user: "" - pass: "" - from: "" - error_reporting: - enabled: false - send_pii: false - environment: "customer" - logging: - log_level: "info" - ldap: - tls_ciphers: "null" -geoip: - enabled: false - account_id: "" - license_key: "" - proxy: "" - proxy_user_pass: "" - edition_ids: "GeoLite2-City" - frequency: 8 - host_server: "updates.maxmind.com" - preserve_file_times: false - verbose: false - -outposts: - ldap: - # -- First you have to create an Outpost in the GUI. Applications > Outposts - enabled: false - # -- Host Browser by default is set to the first ingress host you set - # host_browser: "" - # -- Host should not need to be overridden. Defaults to https://localhost:9443 - # host: "" - # -- As we use https://localhost:9443 it's an unsecure connection - # insecure: false - # -- Token is only needed if you accidentally deleted the token within the UI - # token: "" - proxy: - # -- First you have to create an Outpost in the GUI. Applications > Outposts - enabled: false - # -- Host Browser by default is set to the first ingress host you set - # host_browser: "" - # -- As we use https://localhost:9443 it's an unsecure connection - # insecure: false - # -- Host should not need to be overridden. Defaults to https://localhost:9443 - # host: "" - # -- Token is only needed if you accidentally deleted the token within the UI - # token: "" - -metrics: - # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. - # @default -- See values.yaml - enabled: false - serviceMonitor: - interval: 1m - scrapeTimeout: 30s - labels: {} - # -- Enable and configure Prometheus Rules for the chart under this key. - # @default -- See values.yaml - prometheusRule: - enabled: false - useDefault: true - labels: {} - # -- Configure additional rules for the chart under this key. - # @default -- See prometheusrules.yaml - rules: - [] - # - alert: UnifiPollerAbsent - # annotations: - # description: Unifi Poller has disappeared from Prometheus service discovery. - # summary: Unifi Poller is down. - # expr: | - # absent(up{job=~".*unifi-poller.*"} == 1) - # for: 5m - # labels: - # severity: critical - -envFrom: - - secretRef: - name: '{{ include "tc.common.names.fullname" . }}-authentik-secret' - - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-authentik-config' - - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-authentik-server-config' - -probes: - liveness: - type: HTTPS - path: /-/health/live/ - port: "{{ .Values.service.main.ports.main.targetPort }}" - readiness: - type: HTTPS - path: /-/health/ready/ - port: "{{ .Values.service.main.ports.main.targetPort }}" - startup: - type: HTTPS - path: /-/health/ready/ - port: "{{ .Values.service.main.ports.main.targetPort }}" - -service: - main: - ports: - main: - protocol: HTTPS - port: 10229 - targetPort: 9443 - http: - enabled: true - type: ClusterIP - ports: - http: - enabled: true - protocol: HTTP - port: 10230 - targetPort: 9000 - # LDAP Outpost Services - ldapldaps: - enabled: true - ports: - ldapldaps: - enabled: true - port: 636 - targetPort: 6636 - ldapldap: - enabled: true - ports: - ldapldap: - enabled: true - port: 389 - targetPort: 3389 - # Proxy Outpost Services - proxyhttps: - enabled: true - ports: - proxyhttps: - enabled: true - port: 10233 - protocol: HTTPS - targetPort: 9444 - proxyhttp: - enabled: true - type: ClusterIP - ports: - proxyhttp: - enabled: true - port: 10234 - protocol: HTTP - targetPort: 9001 - # Metrics Services - metrics: - enabled: true - type: ClusterIP - ports: - metrics: - enabled: true - protocol: HTTP - port: 10231 - targetPort: 9301 - ldapmetrics: - enabled: true - type: ClusterIP - ports: - ldapmetrics: - enabled: true - port: 10232 - protocol: HTTP - targetPort: 9302 - proxymetrics: - enabled: true - type: ClusterIP - ports: - proxymetrics: - enabled: true - port: 10235 - protocol: HTTP - targetPort: 9303 - -ingress: - proxyhttps: - autoLink: true - -persistence: - media: - enabled: true - mountPath: "/media" - templates: - enabled: true - mountPath: "/templates" - certs: - enabled: true - mountPath: "/certs" - geoip: - enabled: true - mountPath: "/geoip" - -postgresql: - enabled: true - existingSecret: "dbcreds" - postgresqlUsername: authentik - postgresqlDatabase: authentik - -redis: - enabled: true - existingSecret: "rediscreds" - -portal: - enabled: true diff --git a/enterprise/authentik/7.1.0/questions.yaml b/enterprise/authentik/7.1.0/questions.yaml deleted file mode 100644 index 74f8d99c76..0000000000 --- a/enterprise/authentik/7.1.0/questions.yaml +++ /dev/null @@ -1,4091 +0,0 @@ -groups: - - name: Container Image - description: Image to be used for container - - name: Controller - description: Configure Workload Deployment - - name: Container Configuration - description: Additional Container Configuration - - name: App Configuration - description: App Specific Config Options - - name: Networking and Services - description: Configure Network and Services for Container - - name: Storage and Persistence - description: Persist and Share Data that is Separate from the Container - - name: Ingress - description: Ingress Configuration - - name: Security and Permissions - description: Configure Security Context and Permissions - - name: Resources and Devices - description: "Specify Resources/Devices to be Allocated to Workload" - - name: Middlewares - description: Traefik Middlewares - - name: Metrics - description: Metrics - - name: Addons - description: Addon Configuration - - name: Advanced - description: Advanced Configuration - - name: Documentation - description: Documentation -portals: - open: - protocols: - - "$kubernetes-resource_configmap_portal_protocol" - host: - - "$kubernetes-resource_configmap_portal_host" - ports: - - "$kubernetes-resource_configmap_portal_port" -questions: - - variable: global - label: Global Settings - group: Controller - schema: - type: dict - hidden: true - attrs: - - variable: isSCALE - label: Flag this is SCALE - schema: - type: boolean - default: true - hidden: true - - variable: controller - group: Controller - label: "" - schema: - additional_attrs: true - type: dict - attrs: - - variable: advanced - label: Show Advanced Controller Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: type - description: Please specify type of workload to deploy - label: (Advanced) Controller Type - schema: - type: string - required: true - enum: - - value: deployment - description: Deployment - - value: statefulset - description: Statefulset - - value: daemonset - description: Daemonset - default: deployment - - variable: replicas - description: Number of desired pod replicas - label: Desired Replicas - schema: - type: int - required: true - default: 1 - - variable: strategy - description: Please specify type of workload to deploy - label: (Advanced) Update Strategy - schema: - type: string - required: true - enum: - - value: Recreate - description: "Recreate: Kill existing pods before creating new ones" - - value: RollingUpdate - description: "RollingUpdate: Create new pods and then kill old ones" - - value: OnDelete - description: "(Legacy) OnDelete: ignore .spec.template changes" - default: Recreate - - variable: expert - label: Show Expert Configuration Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: labelsList - label: Controller Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Controller Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: customextraargs - group: Controller - label: "Extra Args" - description: "Do not click this unless you know what you are doing" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: extraArgs - label: Extra Args - schema: - type: list - default: [] - items: - - variable: arg - label: Arg - schema: - type: string - - variable: authentik - group: Container Configuration - label: Authentik Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: credentials - label: Credentials - schema: - additional_attrs: true - type: dict - attrs: - - variable: password - label: Password (Initial install only) - description: Password for user. Can be used for any flow executor - schema: - type: string - private: true - required: true - default: "" - - variable: general - label: General - schema: - additional_attrs: true - type: dict - attrs: - - variable: disable_update_check - label: Disable Update Check - description: Disable the inbuilt update-checker - schema: - type: boolean - default: false - - variable: disable_startup_analytics - label: Disable Startup Analytics - description: Disable startup analytics - schema: - type: boolean - default: true - - variable: allow_user_name_change - label: Allow User Name Change - description: Enable the ability for users to change their Name - schema: - type: boolean - default: true - - variable: allow_user_mail_change - label: Allow User Mail Change - description: Enable the ability for users to change their Email address - schema: - type: boolean - default: true - - variable: allow_user_username_change - label: Allow User Username Change - description: Enable the ability for users to change their Usernames - schema: - type: boolean - default: true - - variable: gdpr_compliance - label: GDPR Compliance - description: When enabled, all the events caused by a user will be deleted upon the user's deletion - schema: - type: boolean - default: true - - variable: impersonation - label: Impersonation - description: Globally enable / disable impersonation - schema: - type: boolean - default: true - - variable: avatars - label: Avatars - description: Configure how authentik should show avatars for users - schema: - type: string - default: gravatar - - variable: token_length - label: Token Length - description: Configure the length of generated tokens - schema: - type: int - default: 128 - - variable: footer_links - label: Footer Links - description: This option configures the footer links on the flow executor pages - schema: - type: string - default: "" - - variable: mail - label: e-Mail - schema: - additional_attrs: true - type: dict - attrs: - - variable: host - label: Mail Server Host - description: Sets host of mail server - schema: - type: string - default: "" - - variable: port - label: Mail Server Port - description: Sets port of mail server - schema: - type: int - default: 25 - - variable: tls - label: Use TLS for authentication - description: Sets tls for mail server authentication - schema: - type: boolean - default: false - - variable: ssl - label: Use SSL for authentication - description: Sets ssl for mail server authentication - schema: - type: boolean - default: false - - variable: timeout - label: Timeout of authentication - description: Sets timeout for mail server authentication - schema: - type: int - default: 10 - - variable: user - label: Username - description: Sets username of mail server - schema: - type: string - default: "" - - variable: pass - label: Password - description: Sets password of mail server - schema: - type: string - private: true - default: "" - - variable: from - label: From Address - description: Email address authentik will send from - schema: - type: string - default: "" - - variable: error_reporting - label: Error Reporting - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable Reporting - description: Enables error reporting - schema: - type: boolean - default: false - show_subquestions_if: - subquestions: - - variable: send_pii - label: Send Personal Data - description: Whether or not to send personal data, like usernames - schema: - type: boolean - default: false - - variable: environment - label: Environment - description: Unique environment that is attached to your error reports, should be set to your email address for example. - schema: - type: string - default: customer - - variable: logging - label: Logging - schema: - additional_attrs: true - type: dict - attrs: - - variable: log_level - label: Log Level - description: Log level for the server and worker containers - schema: - type: string - default: info - enum: - - value: trace - description: trace - - value: debug - description: debug - - value: info - description: info - - value: warning - description: warning - - value: error - description: error - - variable: ldap - label: LDAP - schema: - additional_attrs: true - type: dict - attrs: - - variable: tls_ciphers - label: TLS Ciphers - description: Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources. Setting applies to all sources - schema: - type: string - default: "null" - - variable: outposts - group: Container Configuration - label: Outpost Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: ldap - label: LDAP - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable LDAP outpost - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: overrideHost - label: Override Host - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: host - label: Authentik Host - description: "URL of your Authentik server. (e.g. https://auth.domain.com)" - schema: - type: string - required: true - default: "" - - variable: insecure - label: Insecure - description: Check only if you accessing Authentik in an unsecure way - schema: - type: boolean - default: false - - variable: overrideToken - label: Override Token - description: Overrides the random generated token to provide your own - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: token - label: API Token - description: You can get this from Applications > Outposts > View Deployment Info - schema: - type: string - private: true - required: true - default: "" - - variable: overrideBrowserHost - label: Override Host Browser - description: Overrides the Browser Host, by default the first ingress host is used - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: host_browser - label: Host Browser - description: URL to use in the browser, when it differs from << host >> - schema: - type: string - required: true - default: "" - - variable: proxy - label: Proxy - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable Proxy outpost - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: overrideHost - label: Override Host - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: host - label: Authentik Host - description: "URL of your Authentik server. (e.g. https://auth.domain.com)" - schema: - type: string - required: true - default: "" - - variable: insecure - label: Insecure - description: Check only if you accessing Authentik in an unsecure way - schema: - type: boolean - default: false - - variable: overrideToken - label: Override Token - description: Overrides the random generated token to provide your own - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: token - label: API Token - description: You can get this from Applications > Outposts > View Deployment Info - schema: - type: string - private: true - required: true - default: "" - - variable: overrideBrowserHost - label: Override Host Browser - description: Overrides the Browser Host, by default the first ingress host is used - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: host_browser - label: Host Browser - description: URL to use in the browser, when it differs from << host >> - schema: - type: string - required: true - default: "" - - variable: geoip - group: Container Configuration - label: GeoIP Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable GeoIP Container - description: Enables GeoIP container - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: account_id - label: Account ID - description: Your MaxMind account ID - schema: - type: string - private: true - required: true - default: "" - - variable: license_key - label: License Key - description: Your case-sensitive MaxMind license key - schema: - type: string - private: true - required: true - default: "" - - variable: edition_ids - label: Edition IDs - description: List of space-separated database edition IDs. Edition IDs may consist of letters, digits, and dashes - schema: - type: string - required: true - default: GeoLite2-City - - variable: frequency - label: Frequency - description: The number of hours between geoipupdate runs - schema: - type: int - min: 1 - default: 8 - - variable: host_server - label: Host Server - description: The host name of the server to use - schema: - type: string - default: updates.maxmind.com - - variable: preserve_file_times - label: Preserve File Times - description: Whether to preserve modification times of files downloaded from the server - schema: - type: boolean - default: false - - variable: verbose - label: Verbose - description: Enable verbose mode. Prints out the steps that geoipupdate takes - schema: - type: boolean - default: false - - variable: proxy - label: Proxy - description: The proxy host name or IP address - schema: - type: string - default: "" - - variable: proxy_user_pass - label: Proxy Pass - description: The proxy user name and password, separated by a colon - schema: - type: string - private: true - default: "" - - variable: TZ - label: Timezone - group: Container Configuration - schema: - type: string - default: "Etc/UTC" - $ref: - - "definitions/timezone" - - variable: envList - label: Extra Environment Variables - description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." - group: Container Configuration - schema: - type: list - default: [] - items: - - variable: envItem - label: Environment Variable - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: expertpodconf - group: Container Configuration - label: Show Expert Configuration - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: tty - label: Enable TTY - description: Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled. - group: Workload Details - schema: - type: boolean - default: false - - variable: stdin - label: Enable STDIN - description: Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled. - group: Workload Details - schema: - type: boolean - default: false - - variable: termination - group: Container Configuration - label: Termination settings - schema: - additional_attrs: true - type: dict - attrs: - - variable: gracePeriodSeconds - label: Grace Period Seconds - schema: - type: int - default: 10 - - variable: podLabelsList - group: Container Configuration - label: Pod Labels - schema: - type: list - default: [] - items: - - variable: podLabelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: podAnnotationsList - group: Container Configuration - label: Pod Annotations - schema: - type: list - default: [] - items: - - variable: podAnnotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: service - group: Networking and Services - label: Configure Service(s) - schema: - additional_attrs: true - type: dict - attrs: - - variable: main - label: Main Service - description: The Primary service on which the healthcheck runs, often the webUI - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the Service - schema: - type: boolean - default: true - hidden: true - - variable: type - label: Service Type - description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" - schema: - type: string - default: LoadBalancer - enum: - - value: LoadBalancer - description: LoadBalancer (Expose Ports) - - value: ClusterIP - description: ClusterIP (Do Not Expose Ports) - - value: Simple - description: Deprecated CHANGE THIS - - variable: loadBalancerIP - label: LoadBalancer IP - description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" - schema: - show_if: [["type", "=", "LoadBalancer"]] - type: string - default: "" - - variable: advancedsvcset - label: Show Advanced Service Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: externalIPs - label: "External IP's" - description: "External IP's" - schema: - type: list - default: [] - items: - - variable: externalIP - label: External IP - schema: - type: string - - variable: ipFamilyPolicy - label: IP Family Policy - description: Specify the IP Policy - schema: - type: string - default: SingleStack - enum: - - value: SingleStack - description: SingleStack - - value: PreferDualStack - description: PreferDualStack - - value: RequireDualStack - description: RequireDualStack - - variable: ipFamilies - label: IP Families - description: The IP Families that should be used - schema: - type: list - default: [] - items: - - variable: ipFamily - label: IP Family - schema: - type: string - - variable: ports - label: "Service's Port(s) Configuration" - schema: - additional_attrs: true - type: dict - attrs: - - variable: main - label: Main Service Port Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: port - label: Port - description: This port exposes the container port on the service - schema: - type: int - default: 10229 - required: true - - variable: advanced - label: Show Advanced Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: enabled - label: Enable the Port - schema: - type: boolean - hidden: true - default: true - - variable: protocol - label: Port Type - schema: - type: string - default: HTTPS - enum: - - value: HTTP - description: HTTP - - value: HTTPS - description: HTTPS - - value: TCP - description: TCP - - value: UDP - description: UDP - - variable: nodePort - label: Node Port (Optional) - description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer - schema: - type: int - min: 9000 - max: 65535 - - variable: targetPort - label: Target Port - description: The internal(!) port on the container the Application runs on - schema: - type: int - default: 9443 - - variable: ldapldaps - label: LDAPS Service - description: The LDAPS service. - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the Service - schema: - type: boolean - default: true - hidden: true - - variable: type - label: Service Type - description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" - schema: - type: string - default: LoadBalancer - enum: - - value: LoadBalancer - description: LoadBalancer (Expose Ports) - - value: ClusterIP - description: ClusterIP (Do Not Expose Ports) - - value: Simple - description: Deprecated CHANGE THIS - - variable: loadBalancerIP - label: LoadBalancer IP - description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" - schema: - show_if: [["type", "=", "LoadBalancer"]] - type: string - default: "" - - variable: advancedsvcset - label: Show Advanced Service Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: externalIPs - label: "External IP's" - description: "External IP's" - schema: - type: list - default: [] - items: - - variable: externalIP - label: External IP - schema: - type: string - - variable: ipFamilyPolicy - label: IP Family Policy - description: Specify the IP Policy - schema: - type: string - default: SingleStack - enum: - - value: SingleStack - description: SingleStack - - value: PreferDualStack - description: PreferDualStack - - value: RequireDualStack - description: RequireDualStack - - variable: ipFamilies - label: IP Families - description: The IP Families that should be used - schema: - type: list - default: [] - items: - - variable: ipFamily - label: IP Family - schema: - type: string - - variable: ports - label: "Service's Port(s) Configuration" - schema: - additional_attrs: true - type: dict - attrs: - - variable: ldapldaps - label: LDAPS Service Port Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: port - label: Port - description: This port exposes the container port on the service - schema: - type: int - default: 636 - required: true - - variable: advanced - label: Show Advanced Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: enabled - label: Enable the Port - schema: - type: boolean - hidden: true - default: true - - variable: protocol - label: Port Type - schema: - type: string - default: TCP - enum: - - value: HTTP - description: HTTP - - value: HTTPS - description: HTTPS - - value: TCP - description: TCP - - value: UDP - description: UDP - - variable: nodePort - label: Node Port (Optional) - description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer - schema: - type: int - min: 9000 - max: 65535 - - variable: targetPort - label: Target Port - description: The internal(!) port on the container the Application runs on - schema: - type: int - default: 6636 - - variable: ldapldap - label: LDAP Service - description: The LDAPS service. - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the Service - schema: - type: boolean - default: true - hidden: true - - variable: type - label: Service Type - description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" - schema: - type: string - default: LoadBalancer - enum: - - value: LoadBalancer - description: LoadBalancer (Expose Ports) - - value: ClusterIP - description: ClusterIP (Do Not Expose Ports) - - value: Simple - description: Deprecated CHANGE THIS - - variable: loadBalancerIP - label: LoadBalancer IP - description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" - schema: - show_if: [["type", "=", "LoadBalancer"]] - type: string - default: "" - - variable: advancedsvcset - label: Show Advanced Service Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: externalIPs - label: "External IP's" - description: "External IP's" - schema: - type: list - default: [] - items: - - variable: externalIP - label: External IP - schema: - type: string - - variable: ipFamilyPolicy - label: IP Family Policy - description: Specify the IP Policy - schema: - type: string - default: SingleStack - enum: - - value: SingleStack - description: SingleStack - - value: PreferDualStack - description: PreferDualStack - - value: RequireDualStack - description: RequireDualStack - - variable: ipFamilies - label: IP Families - description: The IP Families that should be used - schema: - type: list - default: [] - items: - - variable: ipFamily - label: IP Family - schema: - type: string - - variable: ports - label: "Service's Port(s) Configuration" - schema: - additional_attrs: true - type: dict - attrs: - - variable: ldapldap - label: LDAP Service Port Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: port - label: Port - description: This port exposes the container port on the service - schema: - type: int - default: 389 - required: true - - variable: advanced - label: Show Advanced Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: enabled - label: Enable the Port - schema: - type: boolean - hidden: true - default: true - - variable: protocol - label: Port Type - schema: - type: string - default: TCP - enum: - - value: HTTP - description: HTTP - - value: HTTPS - description: HTTPS - - value: TCP - description: TCP - - value: UDP - description: UDP - - variable: nodePort - label: Node Port (Optional) - description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer - schema: - type: int - min: 9000 - max: 65535 - - variable: targetPort - label: Target Port - description: The internal(!) port on the container the Application runs on - schema: - type: int - default: 3389 - - variable: proxyhttps - label: Proxy HTTPS Service - description: The Proxy HTTPS service. - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the Service - schema: - type: boolean - default: true - hidden: true - - variable: type - label: Service Type - description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" - schema: - type: string - default: LoadBalancer - enum: - - value: LoadBalancer - description: LoadBalancer (Expose Ports) - - value: ClusterIP - description: ClusterIP (Do Not Expose Ports) - - value: Simple - description: Deprecated CHANGE THIS - - variable: loadBalancerIP - label: LoadBalancer IP - description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" - schema: - show_if: [["type", "=", "LoadBalancer"]] - type: string - default: "" - - variable: advancedsvcset - label: Show Advanced Service Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: externalIPs - label: "External IP's" - description: "External IP's" - schema: - type: list - default: [] - items: - - variable: externalIP - label: External IP - schema: - type: string - - variable: ipFamilyPolicy - label: IP Family Policy - description: Specify the IP Policy - schema: - type: string - default: SingleStack - enum: - - value: SingleStack - description: SingleStack - - value: PreferDualStack - description: PreferDualStack - - value: RequireDualStack - description: RequireDualStack - - variable: ipFamilies - label: IP Families - description: The IP Families that should be used - schema: - type: list - default: [] - items: - - variable: ipFamily - label: IP Family - schema: - type: string - - variable: ports - label: "Service's Port(s) Configuration" - schema: - additional_attrs: true - type: dict - attrs: - - variable: proxyhttps - label: Proxy HTTPS Service Port Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: port - label: Port - description: This port exposes the container port on the service - schema: - type: int - default: 10233 - required: true - - variable: advanced - label: Show Advanced Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: enabled - label: Enable the Port - schema: - type: boolean - hidden: true - default: true - - variable: protocol - label: Port Type - schema: - type: string - default: HTTPS - enum: - - value: HTTP - description: HTTP - - value: HTTPS - description: HTTPS - - value: TCP - description: TCP - - value: UDP - description: UDP - - variable: nodePort - label: Node Port (Optional) - description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer - schema: - type: int - min: 9000 - max: 65535 - - variable: targetPort - label: Target Port - description: The internal(!) port on the container the Application runs on - schema: - type: int - default: 9444 - - variable: serviceexpert - group: Networking and Services - label: Show Expert Config - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostNetwork - group: Networking and Services - label: Host-Networking (Complicated) - schema: - type: boolean - default: false - - variable: externalInterfaces - description: Add External Interfaces - label: Add external Interfaces - group: Networking - schema: - type: list - items: - - variable: interfaceConfiguration - description: Interface Configuration - label: Interface Configuration - schema: - type: dict - $ref: - - "normalize/interfaceConfiguration" - attrs: - - variable: hostInterface - description: Please Specify Host Interface - label: Host Interface - schema: - type: string - required: true - $ref: - - "definitions/interface" - - variable: ipam - description: Define how IP Address will be managed - label: IP Address Management - schema: - type: dict - required: true - attrs: - - variable: type - description: Specify type for IPAM - label: IPAM Type - schema: - type: string - required: true - enum: - - value: dhcp - description: Use DHCP - - value: static - description: Use Static IP - show_subquestions_if: static - subquestions: - - variable: staticIPConfigurations - label: Static IP Addresses - schema: - type: list - items: - - variable: staticIP - label: Static IP - schema: - type: ipaddr - cidr: true - - variable: staticRoutes - label: Static Routes - schema: - type: list - items: - - variable: staticRouteConfiguration - label: Static Route Configuration - schema: - additional_attrs: true - type: dict - attrs: - - variable: destination - label: Destination - schema: - type: ipaddr - cidr: true - required: true - - variable: gateway - label: Gateway - schema: - type: ipaddr - cidr: false - required: true - - variable: dnsPolicy - group: Networking and Services - label: dnsPolicy - schema: - type: string - default: "" - enum: - - value: "" - description: Default - - value: ClusterFirst - description: ClusterFirst - - value: ClusterFirstWithHostNet - description: ClusterFirstWithHostNet - - value: None - description: None - - variable: dnsConfig - label: DNS Configuration - group: Networking and Services - description: Specify custom DNS configuration which will be applied to the pod - schema: - additional_attrs: true - type: dict - attrs: - - variable: nameservers - label: Name Servers - schema: - default: [] - type: list - items: - - variable: nameserver - label: Name Server - schema: - type: string - - variable: options - label: Options - schema: - default: [] - type: list - items: - - variable: option - label: Option Entry - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: searches - label: Searches - schema: - default: [] - type: list - items: - - variable: search - label: Search Entry - schema: - type: string - - variable: serviceList - label: Add Manual Custom Services - group: Networking and Services - schema: - type: list - default: [] - items: - - variable: serviceListEntry - label: Custom Service - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the service - schema: - type: boolean - default: true - hidden: true - - variable: name - label: Name - schema: - type: string - default: "" - - variable: type - label: Service Type - description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" - schema: - type: string - default: LoadBalancer - enum: - - value: LoadBalancer - description: LoadBalancer (Expose Ports) - - value: ClusterIP - description: ClusterIP (Do Not Expose Ports) - - value: Simple - description: Deprecated CHANGE THIS - - variable: loadBalancerIP - label: LoadBalancer IP - description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" - schema: - show_if: [["type", "=", "LoadBalancer"]] - type: string - default: "" - - variable: advancedsvcset - label: Show Advanced Service Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: externalIPs - label: "External IP's" - description: "External IP's" - schema: - type: list - default: [] - items: - - variable: externalIP - label: External IP - schema: - type: string - - variable: ipFamilyPolicy - label: IP Family Policy - description: Specify the IP Policy - schema: - type: string - default: SingleStack - enum: - - value: SingleStack - description: SingleStack - - value: PreferDualStack - description: PreferDualStack - - value: RequireDualStack - description: RequireDualStack - - variable: ipFamilies - label: IP Families - description: (Advanced) The IP Families that should be used - schema: - type: list - default: [] - items: - - variable: ipFamily - label: IP Family - schema: - type: string - - variable: portsList - label: Additional Service Ports - schema: - type: list - default: [] - items: - - variable: portsListEntry - label: Custom ports - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the Port - schema: - type: boolean - default: true - hidden: true - - variable: name - label: Port Name - schema: - type: string - default: "" - - variable: protocol - label: Port Type - schema: - type: string - default: TCP - enum: - - value: HTTP - description: HTTP - - value: HTTPS - description: HTTPS - - value: TCP - description: TCP - - value: UDP - description: UDP - - variable: targetPort - label: Target Port - description: This port exposes the container port on the service - schema: - type: int - required: true - - variable: port - label: Container Port - schema: - type: int - required: true - - variable: persistence - label: Integrated Persistent Storage - description: Integrated Persistent Storage - group: Storage and Persistence - schema: - additional_attrs: true - type: dict - attrs: - - variable: media - label: App Media Storage - description: Stores the Application Media. - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: Type of Storage - description: Sets the persistence type, Anything other than PVC could break rollback! - schema: - type: string - default: simplePVC - enum: - - value: simplePVC - description: PVC (simple) - - value: simpleHP - description: Host Path (simple) - - value: emptyDir - description: emptyDir - - value: pvc - description: PVC - - value: hostPath - description: Host Path - - value: nfs - description: NFS Share - - variable: server - label: NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: path - label: Path on NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: setPermissionsSimple - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "simpleHP"]] - type: boolean - default: false - - variable: setPermissions - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "hostPath"]] - type: boolean - default: false - - variable: readOnly - label: Read Only - schema: - type: boolean - default: false - - variable: hostPathSimple - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "simpleHP"]] - type: hostpath - - variable: hostPath - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: medium - label: EmptyDir Medium - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: Memory - description: Memory - - variable: size - label: Size quotum of Storage - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: 256Gi - - variable: hostPathType - label: (Advanced) hostPath Type - schema: - show_if: [["type", "=", "hostPath"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: DirectoryOrCreate - description: DirectoryOrCreate - - value: Directory - description: Directory - - value: FileOrCreate - description: FileOrCreate - - value: File - description: File - - value: Socket - description: Socket - - value: CharDevice - description: CharDevice - - value: BlockDevice - description: BlockDevice - - variable: storageClass - label: (Advanced) storageClass - description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: SCALE-ZFS - - variable: accessMode - label: (Advanced) Access Mode - description: Allow or disallow multiple PVC's writhing to the same PV - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: ReadWriteOnce - enum: - - value: ReadWriteOnce - description: ReadWriteOnce - - value: ReadOnlyMany - description: ReadOnlyMany - - value: ReadWriteMany - description: ReadWriteMany - - variable: advanced - label: Show Advanced Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: templates - label: App Templates Storage - description: Stores the Application Templates. - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: Type of Storage - description: Sets the persistence type, Anything other than PVC could break rollback! - schema: - type: string - default: simplePVC - enum: - - value: simplePVC - description: PVC (simple) - - value: simpleHP - description: Host Path (simple) - - value: emptyDir - description: emptyDir - - value: pvc - description: PVC - - value: hostPath - description: Host Path - - value: nfs - description: NFS Share - - variable: server - label: NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: path - label: Path on NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: setPermissionsSimple - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "simpleHP"]] - type: boolean - default: false - - variable: setPermissions - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "hostPath"]] - type: boolean - default: false - - variable: readOnly - label: Read Only - schema: - type: boolean - default: false - - variable: hostPathSimple - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "simpleHP"]] - type: hostpath - - variable: hostPath - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: medium - label: EmptyDir Medium - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: Memory - description: Memory - - variable: size - label: Size quotum of Storage - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: 256Gi - - variable: hostPathType - label: (Advanced) hostPath Type - schema: - show_if: [["type", "=", "hostPath"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: DirectoryOrCreate - description: DirectoryOrCreate - - value: Directory - description: Directory - - value: FileOrCreate - description: FileOrCreate - - value: File - description: File - - value: Socket - description: Socket - - value: CharDevice - description: CharDevice - - value: BlockDevice - description: BlockDevice - - variable: storageClass - label: (Advanced) storageClass - description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: SCALE-ZFS - - variable: accessMode - label: (Advanced) Access Mode - description: Allow or disallow multiple PVC's writhing to the same PV - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: ReadWriteOnce - enum: - - value: ReadWriteOnce - description: ReadWriteOnce - - value: ReadOnlyMany - description: ReadOnlyMany - - value: ReadWriteMany - description: ReadWriteMany - - variable: advanced - label: Show Advanced Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: certs - label: App Certs Storage - description: Stores the Application Certs. - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: Type of Storage - description: Sets the persistence type, Anything other than PVC could break rollback! - schema: - type: string - default: simplePVC - enum: - - value: simplePVC - description: PVC (simple) - - value: simpleHP - description: Host Path (simple) - - value: emptyDir - description: emptyDir - - value: pvc - description: PVC - - value: hostPath - description: Host Path - - value: nfs - description: NFS Share - - variable: server - label: NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: path - label: Path on NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: setPermissionsSimple - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "simpleHP"]] - type: boolean - default: false - - variable: setPermissions - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "hostPath"]] - type: boolean - default: false - - variable: readOnly - label: Read Only - schema: - type: boolean - default: false - - variable: hostPathSimple - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "simpleHP"]] - type: hostpath - - variable: hostPath - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: medium - label: EmptyDir Medium - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: Memory - description: Memory - - variable: size - label: Size quotum of Storage - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: 256Gi - - variable: hostPathType - label: (Advanced) hostPath Type - schema: - show_if: [["type", "=", "hostPath"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: DirectoryOrCreate - description: DirectoryOrCreate - - value: Directory - description: Directory - - value: FileOrCreate - description: FileOrCreate - - value: File - description: File - - value: Socket - description: Socket - - value: CharDevice - description: CharDevice - - value: BlockDevice - description: BlockDevice - - variable: storageClass - label: (Advanced) storageClass - description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: SCALE-ZFS - - variable: accessMode - label: (Advanced) Access Mode - description: Allow or disallow multiple PVC's writhing to the same PV - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: ReadWriteOnce - enum: - - value: ReadWriteOnce - description: ReadWriteOnce - - value: ReadOnlyMany - description: ReadOnlyMany - - value: ReadWriteMany - description: ReadWriteMany - - variable: advanced - label: Show Advanced Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: geoip - label: App GeoIP Storage - description: Stores the Application GeoIP. - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: Type of Storage - description: Sets the persistence type, Anything other than PVC could break rollback! - schema: - type: string - default: simplePVC - enum: - - value: simplePVC - description: PVC (simple) - - value: simpleHP - description: Host Path (simple) - - value: emptyDir - description: emptyDir - - value: pvc - description: PVC - - value: hostPath - description: Host Path - - value: nfs - description: NFS Share - - variable: server - label: NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: path - label: Path on NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: setPermissionsSimple - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "simpleHP"]] - type: boolean - default: false - - variable: setPermissions - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "hostPath"]] - type: boolean - default: false - - variable: readOnly - label: Read Only - schema: - type: boolean - default: false - - variable: hostPathSimple - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "simpleHP"]] - type: hostpath - - variable: hostPath - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: medium - label: EmptyDir Medium - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: Memory - description: Memory - - variable: size - label: Size quotum of Storage - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: 256Gi - - variable: hostPathType - label: (Advanced) hostPath Type - schema: - show_if: [["type", "=", "hostPath"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: DirectoryOrCreate - description: DirectoryOrCreate - - value: Directory - description: Directory - - value: FileOrCreate - description: FileOrCreate - - value: File - description: File - - value: Socket - description: Socket - - value: CharDevice - description: CharDevice - - value: BlockDevice - description: BlockDevice - - variable: storageClass - label: (Advanced) storageClass - description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: SCALE-ZFS - - variable: accessMode - label: (Advanced) Access Mode - description: Allow or disallow multiple PVC's writhing to the same PV - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: ReadWriteOnce - enum: - - value: ReadWriteOnce - description: ReadWriteOnce - - value: ReadOnlyMany - description: ReadOnlyMany - - value: ReadWriteMany - description: ReadWriteMany - - variable: advanced - label: Show Advanced Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: persistenceList - label: Additional App Storage - group: Storage and Persistence - schema: - type: list - default: [] - items: - - variable: persistenceListEntry - label: Custom Storage - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the storage - schema: - type: boolean - default: true - hidden: true - - variable: name - label: Name (Optional) - description: "Not required, please set to config when mounting /config or temp when mounting /tmp" - schema: - type: string - - variable: type - label: Type of Storage - description: Sets the persistence type, Anything other than PVC could break rollback! - schema: - type: string - default: simpleHP - enum: - - value: simplePVC - description: PVC (Simple) - - value: simpleHP - description: Host Path (Simple) - - value: emptyDir - description: emptyDir - - value: pvc - description: PVC - - value: hostPath - description: Host Path - - value: nfs - description: NFS Share - - variable: server - label: NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: path - label: Path on NFS Server - schema: - show_if: [["type", "=", "nfs"]] - type: string - default: "" - - variable: setPermissionsSimple - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "simpleHP"]] - type: boolean - default: false - - variable: setPermissions - label: Automatic Permissions - description: Automatically set permissions on install - schema: - show_if: [["type", "=", "hostPath"]] - type: boolean - default: false - - variable: readOnly - label: Read Only - schema: - type: boolean - default: false - - variable: hostPathSimple - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "simpleHP"]] - type: hostpath - - variable: hostPath - label: Host Path - description: Path inside the container the storage is mounted - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: mountPath - label: Mount Path - description: Path inside the container the storage is mounted - schema: - type: string - default: "" - required: true - valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' - - variable: medium - label: EmptyDir Medium - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: Memory - description: Memory - - variable: size - label: Size Quotum of Storage - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: 256Gi - - variable: hostPathType - label: (Advanced) Host Path Type - schema: - show_if: [["type", "=", "hostPath"]] - type: string - default: "" - enum: - - value: "" - description: Default - - value: DirectoryOrCreate - description: DirectoryOrCreate - - value: Directory - description: Directory - - value: FileOrCreate - description: FileOrCreate - - value: File - description: File - - value: Socket - description: Socket - - value: CharDevice - description: CharDevice - - value: BlockDevice - description: BlockDevice - - variable: storageClass - label: (Advanced) StorageClass - description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: SCALE-ZFS - - variable: accessMode - label: (Advanced) Access Mode - description: Allow or disallow multiple PVC's writhing to the same PV - schema: - show_if: [["type", "=", "pvc"]] - type: string - default: ReadWriteOnce - enum: - - value: ReadWriteOnce - description: ReadWriteOnce - - value: ReadOnlyMany - description: ReadOnlyMany - - value: ReadWriteMany - description: ReadWriteMany - - variable: advanced - label: Show Advanced Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: ingress - label: "" - group: Ingress - schema: - additional_attrs: true - type: dict - attrs: - - variable: main - label: Main (HTTPS) Ingress - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable Ingress - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hosts - label: Hosts - schema: - type: list - default: [] - items: - - variable: hostEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: host - label: HostName - schema: - type: string - default: "" - required: true - - variable: paths - label: Paths - schema: - type: list - default: [] - items: - - variable: pathEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: path - label: Path - schema: - type: string - required: true - default: "/" - - variable: pathType - label: Path Type - schema: - type: string - required: true - default: Prefix - - variable: tls - label: TLS-Settings - schema: - type: list - default: [] - items: - - variable: tlsEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: hosts - label: Certificate Hosts - schema: - type: list - default: [] - items: - - variable: host - label: Host - schema: - type: string - default: "" - required: true - - variable: scaleCert - label: Select TrueNAS SCALE Certificate - schema: - type: int - $ref: - - "definitions/certificate" - - variable: entrypoint - label: (Advanced) Traefik Entrypoint - description: Entrypoint used by Traefik when using Traefik as Ingress Provider - schema: - type: string - default: websecure - required: true - - variable: middlewares - label: Traefik Middlewares - description: Add previously created Traefik Middlewares to this Ingress - schema: - type: list - default: [] - items: - - variable: name - label: Name - schema: - type: string - default: "" - required: true - - variable: expert - label: Show Expert Configuration Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: enableFixedMiddlewares - description: These middlewares enforce a number of best practices. - label: Enable Default Middlewares - schema: - type: boolean - default: true - - variable: ingressClassName - label: IngressClass Name - schema: - type: string - default: "" - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: proxyhttps - label: Proxy HTTPS Ingress - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable Ingress - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hosts - label: Hosts - schema: - type: list - default: [] - items: - - variable: hostEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: host - label: HostName - schema: - type: string - default: "" - required: true - - variable: paths - label: Paths - schema: - type: list - default: [] - items: - - variable: pathEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: path - label: Path - schema: - type: string - required: true - default: "/" - - variable: pathType - label: Path Type - schema: - type: string - required: true - default: Prefix - - variable: tls - label: TLS-Settings - schema: - type: list - default: [] - items: - - variable: tlsEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: hosts - label: Certificate Hosts - schema: - type: list - default: [] - items: - - variable: host - label: Host - schema: - type: string - default: "" - required: true - - variable: scaleCert - label: Select TrueNAS SCALE Certificate - schema: - type: int - $ref: - - "definitions/certificate" - - variable: entrypoint - label: (Advanced) Traefik Entrypoint - description: Entrypoint used by Traefik when using Traefik as Ingress Provider - schema: - type: string - default: websecure - required: true - - variable: middlewares - label: Traefik Middlewares - description: Add previously created Traefik Middlewares to this Ingress - schema: - type: list - default: [] - items: - - variable: name - label: Name - schema: - type: string - default: "" - required: true - - variable: expert - label: Show Expert Configuration Options - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: enableFixedMiddlewares - description: These middlewares enforce a number of best practices. - label: Enable Default Middlewares - schema: - type: boolean - default: true - - variable: ingressClassName - label: IngressClass Name - schema: - type: string - default: "" - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: ingressList - label: Add Manual Custom Ingresses - group: Ingress - schema: - type: list - default: [] - items: - - variable: ingressListEntry - label: Custom Ingress - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable Ingress - schema: - type: boolean - default: true - hidden: true - - variable: name - label: Name - schema: - type: string - default: "" - - variable: ingressClassName - label: IngressClass Name - schema: - type: string - default: "" - - variable: labelsList - label: Labels - schema: - type: list - default: [] - items: - - variable: labelItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: annotationsList - label: Annotations - schema: - type: list - default: [] - items: - - variable: annotationItem - label: Label - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - - variable: value - label: Value - schema: - type: string - - variable: hosts - label: Hosts - schema: - type: list - default: [] - items: - - variable: hostEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: host - label: HostName - schema: - type: string - default: "" - required: true - - variable: paths - label: Paths - schema: - type: list - default: [] - items: - - variable: pathEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: path - label: Path - schema: - type: string - required: true - default: "/" - - variable: pathType - label: Path Type - schema: - type: string - required: true - default: Prefix - - variable: service - label: Linked Service - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Service Name - schema: - type: string - default: "" - - variable: port - label: Service Port - schema: - type: int - - variable: tls - label: TLS-Settings - schema: - type: list - default: [] - items: - - variable: tlsEntry - label: Host - schema: - additional_attrs: true - type: dict - attrs: - - variable: hosts - label: Certificate Hosts - schema: - type: list - default: [] - items: - - variable: host - label: Host - schema: - type: string - default: "" - required: true - - variable: scaleCert - label: Select TrueNAS SCALE Certificate - schema: - type: int - $ref: - - "definitions/certificate" - - variable: entrypoint - label: Traefik Entrypoint - description: Entrypoint used by Traefik when using Traefik as Ingress Provider - schema: - type: string - default: websecure - required: true - - variable: middlewares - label: Traefik Middlewares - description: Add previously created Traefik Middlewares to this Ingress - schema: - type: list - default: [] - items: - - variable: name - label: Name - schema: - type: string - default: "" - required: true - - variable: security - label: Container Security Settings - group: Security and Permissions - schema: - type: dict - additional_attrs: true - attrs: - - variable: editsecurity - label: Change PUID / UMASK values - description: By enabling this you override default set values. - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: PUID - label: Process User ID - PUID - description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps - schema: - type: int - default: 568 - - variable: UMASK - label: UMASK - description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps - schema: - type: string - default: "002" - - variable: advancedSecurity - label: Show Advanced Security Settings - group: Security and Permissions - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: securityContext - label: Security Context - schema: - additional_attrs: true - type: dict - attrs: - - variable: privileged - label: Privileged mode - schema: - type: boolean - default: false - - variable: readOnlyRootFilesystem - label: ReadOnly Root Filesystem - schema: - type: boolean - default: true - - variable: allowPrivilegeEscalation - label: Allow Privilege Escalation - schema: - type: boolean - default: false - - variable: runAsNonRoot - label: runAsNonRoot - schema: - type: boolean - default: true - - variable: capabilities - label: Capabilities - schema: - additional_attrs: true - type: dict - attrs: - - variable: drop - label: Drop Capability - schema: - type: list - default: [] - items: - - variable: dropEntry - label: "" - schema: - type: string - - variable: add - label: Add Capability - schema: - type: list - default: [] - items: - - variable: addEntry - label: "" - schema: - type: string - - variable: podSecurityContext - group: Security and Permissions - label: Pod Security Context - schema: - additional_attrs: true - type: dict - attrs: - - variable: runAsUser - label: runAsUser - description: The UserID of the user running the application - schema: - type: int - default: 1000 - - variable: runAsGroup - label: runAsGroup - description: The groupID this App of the user running the application - schema: - type: int - default: 1000 - - variable: fsGroup - label: fsGroup - description: The group that should own ALL storage. - schema: - type: int - default: 568 - - variable: fsGroupChangePolicy - label: "When should we take ownership?" - schema: - type: string - default: OnRootMismatch - enum: - - value: OnRootMismatch - description: OnRootMismatch - - value: Always - description: Always - - variable: supplementalGroups - label: Supplemental Groups - schema: - type: list - default: [] - items: - - variable: supplementalGroupsEntry - label: Supplemental Group - schema: - type: int - - - variable: advancedresources - label: Set Custom Resource Limits/Requests (Advanced) - group: Resources and Devices - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: resources - label: "" - schema: - additional_attrs: true - type: dict - attrs: - - variable: limits - label: Advanced Limit Resource Consumption - schema: - additional_attrs: true - type: dict - attrs: - - variable: cpu - label: CPU - description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" - schema: - type: string - default: 4000m - valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' - - variable: memory - label: RAM - description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" - schema: - type: string - default: 8Gi - valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' - - variable: requests - label: "Minimum Resources Required (request)" - schema: - additional_attrs: true - type: dict - attrs: - - variable: cpu - label: CPU - description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" - schema: - type: string - default: 10m - valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' - - variable: memory - label: "RAM" - description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" - schema: - type: string - default: 50Mi - valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' - - variable: deviceList - label: Mount USB Devices - group: Resources and Devices - schema: - type: list - default: [] - items: - - variable: deviceListEntry - label: Device - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enable the Storage - schema: - type: boolean - default: true - - variable: type - label: (Advanced) Type of Storage - description: Sets the persistence type - schema: - type: string - default: hostPath - hidden: true - - variable: readOnly - label: readOnly - schema: - type: boolean - default: false - - variable: hostPath - label: Host Device Path - description: Path to the device on the host system - schema: - type: path - - variable: mountPath - label: Container Device Path - description: Path inside the container the device is mounted - schema: - type: string - default: "/dev/ttyACM0" - # Specify GPU configuration - - variable: scaleGPU - label: GPU Configuration - group: Resources and Devices - schema: - type: dict - $ref: - - "definitions/gpuConfiguration" - attrs: [] - - variable: metrics - group: Metrics - label: Prometheus Metrics - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enabled - description: Enable Prometheus Metrics - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: serviceMonitor - label: Service Monitor Settings - schema: - additional_attrs: true - type: dict - attrs: - - variable: interval - label: Scrape Interval - description: Scrape interval time - schema: - type: string - default: 1m - required: true - - variable: scrapeTimeout - label: Scrape Timeout - description: Scrape timeout Time - schema: - type: string - default: 30s - required: true -# - variable: autoscaling -# group: Advanced -# label: (Advanced) Horizontal Pod Autoscaler -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: enabled -# label: Enabled -# schema: -# type: boolean -# default: false -# show_subquestions_if: true -# subquestions: -# - variable: target -# label: Target -# description: Deployment name, Defaults to Main Deployment -# schema: -# type: string -# default: "" -# - variable: minReplicas -# label: Minimum Replicas -# schema: -# type: int -# default: 1 -# - variable: maxReplicas -# label: Maximum Replicas -# schema: -# type: int -# default: 5 -# - variable: targetCPUUtilizationPercentage -# label: Target CPU Utilization Percentage -# schema: -# type: int -# default: 80 -# - variable: targetMemoryUtilizationPercentage -# label: Target Memory Utilization Percentage -# schema: -# type: int -# default: 80 -# - variable: networkPolicy -# group: Advanced -# label: (Advanced) Network Policy -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: enabled -# label: Enabled -# schema: -# type: boolean -# default: false -# show_subquestions_if: true -# subquestions: -# - variable: policyType -# label: Policy Type -# schema: -# type: string -# default: "" -# enum: -# - value: "" -# description: Default -# - value: ingress -# description: Ingress -# - value: egress -# description: Egress -# - value: ingress-egress -# description: Ingress and Egress -# - variable: egress -# label: Egress -# schema: -# type: list -# default: [] -# items: -# - variable: egressEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: to -# label: To -# schema: -# type: list -# default: [] -# items: -# - variable: toEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: ipBlock -# label: IP Block -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: cidr -# label: CIDR -# schema: -# type: string -# default: "" -# - variable: except -# label: Except -# schema: -# type: list -# default: [] -# items: -# - variable: exceptint -# label: "" -# schema: -# type: string -# - variable: namespaceSelector -# label: Namespace Selector -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: matchExpressions -# label: Match Expressions -# schema: -# type: list -# default: [] -# items: -# - variable: expressionEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: key -# label: Key -# schema: -# type: string -# - variable: operator -# label: Operator -# schema: -# type: string -# default: TCP -# enum: -# - value: In -# description: In -# - value: NotIn -# description: NotIn -# - value: Exists -# description: Exists -# - value: DoesNotExist -# description: DoesNotExist -# - variable: values -# label: Values -# schema -# type: list -# default: [] -# items: -# - variable: value -# label: "" -# schema: -# type: string -# - variable: podSelector -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: matchExpressions -# label: Match Expressions -# schema: -# type: list -# default: [] -# items: -# - variable: expressionEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: key -# label: Key -# schema: -# type: string -# - variable: operator -# label: Operator -# schema: -# type: string -# default: TCP -# enum: -# - value: In -# description: In -# - value: NotIn -# description: NotIn -# - value: Exists -# description: Exists -# - value: DoesNotExist -# description: DoesNotExist -# - variable: values -# label: Values -# schema: -# type: list -# default: [] -# items: -# - variable: value -# label: "" -# schema: -# type: string -# - variable: ports -# label: Ports -# schema: -# type: list -# default: [] -# items: -# - variable: portsEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: port -# label: Port -# schema: -# type: int -# - variable: endPort -# label: End Port -# schema: -# type: int -# - variable: protocol -# label: Protocol -# schema: -# type: string -# default: TCP -# enum: -# - value: TCP -# description: TCP -# - value: UDP -# description: UDP -# - value: SCTP -# description: SCTP -# - variable: ingress -# label: Ingress -# schema: -# type: list -# default: [] -# items: -# - variable: ingressEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: from -# label: From -# schema: -# type: list -# default: [] -# items: -# - variable: fromEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: ipBlock -# label: IP Block -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: cidr -# label: CIDR -# schema: -# type: string -# default: "" -# - variable: except -# label: Except -# schema: -# type: list -# default: [] -# items: -# - variable: exceptint -# label: "" -# schema: -# type: string -# - variable: namespaceSelector -# label: Namespace Selector -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: matchExpressions -# label: Match Expressions -# schema: -# type: list -# default: [] -# items: -# - variable: expressionEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: key -# label: Key -# schema: -# type: string -# - variable: operator -# label: Operator -# schema: -# type: string -# default: TCP -# enum: -# - value: In -# description: In -# - value: NotIn -# description: NotIn -# - value: Exists -# description: Exists -# - value: DoesNotExist -# description: DoesNotExist -# - variable: values -# label: Values -# schema: -# type: list -# default: [] -# items: -# - variable: value -# label: "" -# schema: -# type: string -# - variable: podSelector -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: matchExpressions -# label: Match Expressions -# schema: -# type: list -# default: [] -# items: -# - variable: expressionEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: key -# label: Key -# schema: -# type: string -# - variable: operator -# label: Operator -# schema: -# type: string -# default: TCP -# enum: -# - value: In -# description: In -# - value: NotIn -# description: NotIn -# - value: Exists -# description: Exists -# - value: DoesNotExist -# description: DoesNotExist -# - variable: values -# label: Values -# schema: -# type: list -# default: [] -# items: -# - variable: value -# label: "" -# schema: -# type: string -# - variable: ports -# label: Ports -# schema: -# type: list -# default: [] -# items: -# - variable: portsEntry -# label: "" -# schema: -# additional_attrs: true -# type: dict -# attrs: -# - variable: port -# label: Port -# schema: -# type: int -# - variable: endPort -# label: End Port -# schema: -# type: int -# - variable: protocol -# label: Protocol -# schema: -# type: string -# default: TCP -# enum: -# - value: TCP -# description: TCP -# - value: UDP -# description: UDP -# - value: SCTP -# description: SCTP - - - variable: addons - group: Addons - label: "" - schema: - additional_attrs: true - type: dict - attrs: - - variable: vpn - label: VPN - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: Type - schema: - type: string - default: disabled - enum: - - value: disabled - description: disabled - - value: openvpn - description: OpenVPN - - value: wireguard - description: Wireguard - - value: tailscale - description: Tailscale - - variable: openvpn - label: OpenVPN Settings - schema: - type: dict - show_if: [["type", "=", "openvpn"]] - attrs: - - variable: username - label: Authentication Username (Optional) - description: Authentication Username, Optional - schema: - type: string - default: "" - - variable: password - label: Authentication Password - description: Authentication Credentials - schema: - type: string - default: "" - required: true - - variable: tailscale - label: Tailscale Settings - schema: - type: dict - show_if: [["type", "=", "tailscale"]] - attrs: - - variable: authkey - label: Authentication Key - description: Provide an auth key to automatically authenticate the node as your user account. - schema: - type: string - private: true - default: "" - - variable: accept_dns - label: Accept DNS - description: Accept DNS configuration from the admin console. - schema: - type: boolean - default: false - - variable: userspace - label: Userspace - description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. - schema: - type: boolean - default: false - - variable: routes - label: Routes - description: Expose physical subnet routes to your entire Tailscale network. - schema: - type: string - default: "" - - variable: dest_ip - label: Destination IP - description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. - schema: - type: string - default: "" - - variable: sock5_server - label: Sock5 Server - description: Sock5 Server - schema: - type: string - default: "" - - variable: extra_args - label: Extra Args - description: Extra Args - schema: - type: string - default: "" - - variable: daemon_extra_args - label: Tailscale Daemon Extra Args - description: Tailscale Daemon Extra Args - schema: - type: string - default: "" - - variable: killSwitch - label: Enable Killswitch - schema: - type: boolean - show_if: [["type", "!=", "disabled"]] - default: true - - variable: excludedNetworks_IPv4 - label: Killswitch Excluded IPv4 networks - description: List of Killswitch Excluded IPv4 Addresses - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: networkv4 - label: IPv4 Network - schema: - type: string - required: true - - variable: excludedNetworks_IPv6 - label: Killswitch Excluded IPv6 networks - description: "List of Killswitch Excluded IPv6 Addresses" - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: networkv6 - label: IPv6 Network - schema: - type: string - required: true - - variable: configFile - label: VPN Config File Location - schema: - type: dict - show_if: [["type", "!=", "disabled"]] - attrs: - - variable: enabled - label: Enabled - schema: - type: boolean - default: true - hidden: true - - variable: type - label: Type - schema: - type: string - default: hostPath - hidden: true - - variable: hostPathType - label: hostPathType - schema: - type: string - default: File - hidden: true - - variable: noMount - label: noMount - schema: - type: boolean - default: true - hidden: true - - variable: hostPath - label: Full Path to File - description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" - schema: - type: string - default: "" - - variable: envList - label: VPN Environment Variables - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: envItem - label: Environment Variable - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - required: true - - variable: value - label: Value - schema: - type: string - required: true - - variable: codeserver - label: Codeserver - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enabled - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: git - label: Git Settings - schema: - additional_attrs: true - type: dict - attrs: - - variable: deployKey - description: Raw SSH Private Key - label: Deploy Key - schema: - type: string - - variable: deployKeyBase64 - description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence - label: Deploy Key Base64 - schema: - type: string - - variable: service - label: "" - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: Service Type - description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" - schema: - type: string - default: LoadBalancer - enum: - - value: NodePort - description: Deprecated CHANGE THIS - - value: ClusterIP - description: ClusterIP - - value: LoadBalancer - description: LoadBalancer - - variable: loadBalancerIP - label: LoadBalancer IP - description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" - schema: - show_if: [["type", "=", "LoadBalancer"]] - type: string - default: "" - - variable: advancedsvcset - label: Show Advanced Service Settings - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: externalIPs - label: "External IP's" - description: "External IP's" - schema: - type: list - default: [] - items: - - variable: externalIP - label: External IP - schema: - type: string - - variable: ipFamilyPolicy - label: IP Family Policy - description: Specify the IP Policy - schema: - type: string - default: SingleStack - enum: - - value: SingleStack - description: SingleStack - - value: PreferDualStack - description: PreferDualStack - - value: RequireDualStack - description: RequireDualStack - - variable: ipFamilies - label: IP Families - description: (Advanced) The IP Families that should be used - schema: - type: list - default: [] - items: - - variable: ipFamily - label: IP Family - schema: - type: string - - variable: ports - label: "" - schema: - additional_attrs: true - type: dict - attrs: - - variable: codeserver - label: "" - schema: - additional_attrs: true - type: dict - attrs: - - variable: port - label: Port - schema: - type: int - default: 36107 - - variable: nodePort - description: Leave Empty to Disable - label: nodePort DEPRECATED - schema: - type: int - default: 36107 - - variable: envList - label: Codeserver Environment Variables - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: envItem - label: Environment Variable - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - required: true - - variable: value - label: Value - schema: - type: string - required: true - - variable: promtail - label: Promtail - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enabled - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: loki - label: Loki URL - schema: - type: string - required: true - - variable: logs - label: Log Paths - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - required: true - - variable: path - label: Path - schema: - type: string - required: true - - variable: args - label: Promtail Command Line Arguments - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: arg - label: Arg - schema: - type: string - required: true - - variable: envList - label: Promtail Environment Variables - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: envItem - label: Environment Variable - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - required: true - - variable: value - label: Value - schema: - type: string - required: true - - variable: netshoot - label: Netshoot - schema: - additional_attrs: true - type: dict - attrs: - - variable: enabled - label: Enabled - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: envList - label: Netshoot Environment Variables - schema: - type: list - show_if: [["type", "!=", "disabled"]] - default: [] - items: - - variable: envItem - label: Environment Variable - schema: - additional_attrs: true - type: dict - attrs: - - variable: name - label: Name - schema: - type: string - required: true - - variable: value - label: Value - schema: - type: string - required: true - - variable: docs - group: Documentation - label: Please read the documentation at https://truecharts.org - description: Please read the documentation at -
https://truecharts.org - schema: - additional_attrs: true - type: dict - attrs: - - variable: confirmDocs - label: I have checked the documentation - schema: - type: boolean - default: true - - variable: donateNag - group: Documentation - label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor - description: Please consider supporting TrueCharts, see -
https://truecharts.org/sponsor - schema: - additional_attrs: true - type: dict - attrs: - - variable: confirmDonate - label: I have considered donating - schema: - type: boolean - default: true - hidden: true diff --git a/enterprise/authentik/7.1.0/templates/_config.tpl b/enterprise/authentik/7.1.0/templates/_config.tpl deleted file mode 100644 index cc02f68e54..0000000000 --- a/enterprise/authentik/7.1.0/templates/_config.tpl +++ /dev/null @@ -1,143 +0,0 @@ -{{/* Define the configmap */}} -{{- define "authentik.config" -}} - -{{- $authServerWorkerConfigName := printf "%s-authentik-config" (include "tc.common.names.fullname" .) }} -{{- $authServerConfigName := printf "%s-authentik-server-config" (include "tc.common.names.fullname" .) }} -{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.common.names.fullname" .) }} -{{- $ldapConfigName := printf "%s-ldap-config" (include "tc.common.names.fullname" .) }} -{{- $proxyConfigName := printf "%s-proxy-config" (include "tc.common.names.fullname" .) }} -{{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }} -{{- if .Values.ingress.main.enabled }} - {{ $first := (first .Values.ingress.main.hosts) }} - {{- if $first }} - {{ $host = printf "https://%s" $first.host }} - {{- end }} -{{- end }} - ---- - -{{/* This configmap are loaded on both main authentik container and worker */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $authServerWorkerConfigName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{/* Dependencies */}} - AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }} - AUTHENTIK_REDIS__PORT: "6379" - AUTHENTIK_POSTGRESQL__NAME: {{ .Values.postgresql.postgresqlDatabase }} - AUTHENTIK_POSTGRESQL__USER: {{ .Values.postgresql.postgresqlUsername }} - AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }} - AUTHENTIK_POSTGRESQL__PORT: "5432" - {{/* Mail */}} - {{- with .Values.authentik.mail.port }} - AUTHENTIK_EMAIL__PORT: {{ . | quote }} - {{- end }} - AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }} - AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }} - {{- with .Values.authentik.mail.timeout }} - AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }} - {{- end }} - {{/* Logging */}} - {{- with .Values.authentik.logging.log_level }} - AUTHENTIK_LOG_LEVEL: {{ . }} - {{- end }} - {{/* General */}} - AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }} - AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }} - {{- with .Values.authentik.general.avatars }} - AUTHENTIK_AVATARS: {{ . }} - {{- end }} - AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }} - AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }} - AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }} - AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }} - AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }} - AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }} - {{- with .Values.authentik.general.footer_links }} - AUTHENTIK_FOOTER_LINKS: {{ . | squote }} - {{- end }} - {{/* Error Reporting */}} - AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }} - AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }} - {{- with .Values.authentik.error_reporting.environment }} - AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }} - {{- end }} - {{/* LDAP */}} - {{- with .Values.authentik.ldap.tls_ciphers }} - AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }} - {{- end }} - {{/* Outposts */}} - AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }} - ---- - -{{/* This configmap are loaded on both main authentik container and worker */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $authServerConfigName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{/* Listen */}} - AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }} - AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }} - AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }} - ---- - -{{/* This configmap is loaded on ldap container */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $ldapConfigName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }} - AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }} - AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }} - AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }} - AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }} - AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }} - ---- - -{{/* This configmap is loaded on ldap container */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $proxyConfigName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }} - AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }} - AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }} - AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }} - AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }} - AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }} - ---- - -{{/* This configmap is loaded on geoip container */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $geoipConfigName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{- with .Values.geoip.edition_ids }} - GEOIPUPDATE_EDITION_IDS: {{ . }} - {{- end }} - GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }} - {{- with .Values.geoip.host_server }} - GEOIPUPDATE_HOST: {{ . }} - {{- end }} - GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }} - GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }} -{{- end -}} diff --git a/enterprise/authentik/7.1.0/templates/_geoip.tpl b/enterprise/authentik/7.1.0/templates/_geoip.tpl deleted file mode 100644 index 054ec15477..0000000000 --- a/enterprise/authentik/7.1.0/templates/_geoip.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* Define the geoip container */}} -{{- define "authentik.geoip" -}} -image: {{ .Values.geoipImage.repository }}:{{ .Values.geoipImage.tag }} -imagePullPolicy: {{ .Values.geoipImage.pullPolicy }} -securityContext: - runAsUser: 0 - runAsGroup: 0 - readOnlyRootFilesystem: false - runAsNonRoot: false -volumeMounts: - - name: geoip - mountPath: "/usr/share/GeoIP" -envFrom: - - secretRef: - name: '{{ include "tc.common.names.fullname" . }}-geoip-secret' - - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-geoip-config' -{{/* TODO: Add healthchecks */}} -{{/* TODO: https://github.com/maxmind/geoipupdate/issues/105 */}} -{{- end -}} diff --git a/enterprise/authentik/7.1.0/templates/_ldap.tpl b/enterprise/authentik/7.1.0/templates/_ldap.tpl deleted file mode 100644 index 0d8f42742b..0000000000 --- a/enterprise/authentik/7.1.0/templates/_ldap.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* Define the ldap container */}} -{{- define "authentik.ldap" -}} -image: {{ .Values.ldapImage.repository }}:{{ .Values.ldapImage.tag }} -imagePullPolicy: {{ .Values.ldapImage.pullPolicy }} -securityContext: - runAsUser: {{ .Values.podSecurityContext.runAsUser }} - runAsGroup: {{ .Values.podSecurityContext.runAsGroup }} - readOnlyRootFilesystem: true - runAsNonRoot: true -envFrom: - - secretRef: - name: '{{ include "tc.common.names.fullname" . }}-ldap-secret' - - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-ldap-config' -ports: - - containerPort: {{ .Values.service.ldapldaps.ports.ldapldaps.targetPort }} - name: ldapldaps - - containerPort: {{ .Values.service.ldapldap.ports.ldapldap.targetPort }} - name: ldapldap -{{- if .Values.metrics.enabled }} - - containerPort: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} - name: ldapmetrics -{{- end }} -readinessProbe: - httpGet: - path: /outpost.goauthentik.io/ping - port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} - initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} -livenessProbe: - httpGet: - path: /outpost.goauthentik.io/ping - port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} - initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} -startupProbe: - httpGet: - path: /outpost.goauthentik.io/ping - port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }} - initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} -{{- end -}} diff --git a/enterprise/authentik/7.1.0/templates/_proxy.tpl b/enterprise/authentik/7.1.0/templates/_proxy.tpl deleted file mode 100644 index c28161c585..0000000000 --- a/enterprise/authentik/7.1.0/templates/_proxy.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* Define the proxy container */}} -{{- define "authentik.proxy" -}} -image: {{ .Values.proxyImage.repository }}:{{ .Values.proxyImage.tag }} -imagePullPolicy: {{ .Values.proxyImage.pullPolicy }} -securityContext: - runAsUser: {{ .Values.podSecurityContext.runAsUser }} - runAsGroup: {{ .Values.podSecurityContext.runAsGroup }} - readOnlyRootFilesystem: true - runAsNonRoot: true -envFrom: - - secretRef: - name: '{{ include "tc.common.names.fullname" . }}-proxy-secret' - - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-proxy-config' -ports: - - containerPort: {{ .Values.service.proxyhttps.ports.proxyhttps.targetPort }} - name: proxyhttps - - containerPort: {{ .Values.service.proxyhttp.ports.proxyhttp.targetPort }} - name: proxyhttp -{{- if .Values.metrics.enabled }} - - containerPort: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} - name: proxymetrics -{{- end }} -readinessProbe: - httpGet: - path: /outpost.goauthentik.io/ping - port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} - initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} -livenessProbe: - httpGet: - path: /outpost.goauthentik.io/ping - port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} - initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} -startupProbe: - httpGet: - path: /outpost.goauthentik.io/ping - port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }} - initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} -{{- end -}} diff --git a/enterprise/authentik/7.1.0/templates/_secret.tpl b/enterprise/authentik/7.1.0/templates/_secret.tpl deleted file mode 100644 index 5f78c0dc3b..0000000000 --- a/enterprise/authentik/7.1.0/templates/_secret.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* Define the secret */}} -{{- define "authentik.secret" -}} - -{{- $authentikSecretName := printf "%s-authentik-secret" (include "tc.common.names.fullname" .) }} -{{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.common.names.fullname" .) }} -{{- $ldapSecretName := printf "%s-ldap-secret" (include "tc.common.names.fullname" .) }} -{{- $proxySecretName := printf "%s-proxy-secret" (include "tc.common.names.fullname" .) }} -{{- $token := randAlphaNum 128 | b64enc }} - ---- - -{{/* This secrets are loaded on both main authentik container and worker */}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: {{ $authentikSecretName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{/* Secret Key */}} - {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }} - AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" }} - {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" }} - {{- else }} - AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 | b64enc }} - {{- end }} - AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }} - {{/* Dependencies */}} - AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }} - AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" | b64enc }} - {{/* Credentials */}} - {{- with .Values.authentik.credentials.password }} - AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . | b64enc }} - {{- end }} - {{/* Mail */}} - {{- with .Values.authentik.mail.host }} - AUTHENTIK_EMAIL__HOST: {{ . | b64enc }} - {{- end }} - {{- with .Values.authentik.mail.user }} - AUTHENTIK_EMAIL__USERNAME: {{ . | b64enc }} - {{- end }} - {{- with .Values.authentik.mail.pass }} - AUTHENTIK_EMAIL__PASSWORD: {{ . | b64enc }} - {{- end }} - {{- with .Values.authentik.mail.from }} - AUTHENTIK_EMAIL__FROM: {{ . | b64enc }} - {{- end }} - ---- - -{{/* This secrets are loaded on geoip container */}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: {{ $geoipSecretName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{/* Credentials */}} - {{- with .Values.geoip.account_id }} - GEOIPUPDATE_ACCOUNT_ID: {{ . | b64enc }} - {{- end }} - {{- with .Values.geoip.license_key }} - GEOIPUPDATE_LICENSE_KEY: {{ . | b64enc }} - {{- end }} - {{/* Proxy */}} - {{- with .Values.geoip.proxy }} - GEOIPUPDATE_PROXY: {{ . | b64enc }} - {{- end }} - {{- with .Values.geoip.proxy_user_pass }} - GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . | b64enc }} - {{- end }} - ---- - -{{/* This secrets are loaded on ldap container */}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: {{ $ldapSecretName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{- with .Values.outposts.ldap.token }} - AUTHENTIK_TOKEN: {{ . | b64enc }} - {{- else }} - AUTHENTIK_TOKEN: {{ $token }} - {{- end }} - ---- - -{{/* This secrets are loaded on ldap container */}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: {{ $proxySecretName }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} -data: - {{- with .Values.outposts.proxy.token }} - AUTHENTIK_TOKEN: {{ . | b64enc }} - {{- else }} - AUTHENTIK_TOKEN: {{ $token }} - {{- end }} -{{- end }} diff --git a/enterprise/authentik/7.1.0/templates/_worker.tpl b/enterprise/authentik/7.1.0/templates/_worker.tpl deleted file mode 100644 index 64c3b583b0..0000000000 --- a/enterprise/authentik/7.1.0/templates/_worker.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* Define the worker container */}} -{{- define "authentik.worker" -}} -image: {{ .Values.image.repository }}:{{ .Values.image.tag }} -imagePullPolicy: {{ .Values.image.pullPolicy }} -securityContext: - runAsUser: {{ .Values.podSecurityContext.runAsUser }} - runAsGroup: {{ .Values.podSecurityContext.runAsGroup }} - readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} - runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} -args: ["worker"] -envFrom: - - secretRef: - name: '{{ include "tc.common.names.fullname" . }}-authentik-secret' - - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-authentik-config' -volumeMounts: - - name: media - mountPath: "/media" - - name: templates - mountPath: "/templates" - - name: certs - mountPath: "/certs" - - name: geoip - mountPath: "/geoip" -readinessProbe: - exec: - command: - - /lifecycle/ak - - healthcheck - initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }} -livenessProbe: - exec: - command: - - /lifecycle/ak - - healthcheck - initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }} -startupProbe: - exec: - command: - - /lifecycle/ak - - healthcheck - initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }} - timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }} - periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }} - failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }} -{{- end -}} diff --git a/enterprise/authentik/7.1.0/templates/common.yaml b/enterprise/authentik/7.1.0/templates/common.yaml deleted file mode 100644 index 8d610c2e55..0000000000 --- a/enterprise/authentik/7.1.0/templates/common.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* Make sure all variables are set properly */}} -{{- include "tc.common.loader.init" . }} - -{{/* Render secret */}} -{{- include "authentik.secret" . }} - -{{/* Render config */}} -{{- include "authentik.config" . }} - -{{- if hasKey .Values "metrics" -}} -{{- if .Values.metrics.enabled -}} -{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} -{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} -{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.metrics.ports.metrics.targetPort | default 9301 | quote) -}} -{{- end -}} -{{- end -}} - -{{- if .Values.workerContainer.enabled -}} -{{- $_ := set .Values.additionalContainers "worker" (include "authentik.worker" . | fromYaml) -}} -{{- end -}} - -{{- if .Values.geoip.enabled -}} -{{- $_ := set .Values.additionalContainers "geoip" (include "authentik.geoip" . | fromYaml) -}} -{{- end -}} - -{{- if .Values.outposts.ldap.enabled -}} -{{- $_ := set .Values.additionalContainers "ldap-outpost" (include "authentik.ldap" . | fromYaml) -}} -{{/* - if .Values.metrics.enabled - */}} -{{/* https://github.com/prometheus/prometheus/issues/3756 */}} -{{/* TODO: Figure how the pipe works to connect it to prometheus operator */}} -{{/* We can't define multiple ports/endpoints with annotations */}} -{{/* - end - */}} -{{- end -}} - -{{- if .Values.outposts.proxy.enabled -}} -{{- $_ := set .Values.additionalContainers "proxy-outpost" (include "authentik.proxy" . | fromYaml) -}} -{{/* - if .Values.metrics.enabled - */}} -{{/* https://github.com/prometheus/prometheus/issues/3756 */}} -{{/* TODO: Figure how the pipe works to connect it to prometheus operator */}} -{{/* We can't define multiple ports/endpoints with annotations */}} -{{/* - end - */}} -{{- end -}} - -{{/* Render the templates */}} -{{ include "tc.common.loader.apply" . }} diff --git a/enterprise/authentik/7.1.0/templates/prometheusrules.yaml b/enterprise/authentik/7.1.0/templates/prometheusrules.yaml deleted file mode 100644 index b3a37c57c2..0000000000 --- a/enterprise/authentik/7.1.0/templates/prometheusrules.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- if hasKey .Values "metrics" }} -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "tc.common.names.fullname" . }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "tc.common.names.fullname" . }} - rules: - {{- with .Values.metrics.prometheusRule.rules }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.useDefault }} - - name: authentik Aggregate request counters - rules: - - record: job:django_http_requests_before_middlewares_total:sum_rate30s - expr: sum(rate(django_http_requests_before_middlewares_total[30s])) by (job) - - record: job:django_http_requests_unknown_latency_total:sum_rate30s - expr: sum(rate(django_http_requests_unknown_latency_total[30s])) by (job) - - record: job:django_http_ajax_requests_total:sum_rate30s - expr: sum(rate(django_http_ajax_requests_total[30s])) by (job) - - record: job:django_http_responses_before_middlewares_total:sum_rate30s - expr: sum(rate(django_http_responses_before_middlewares_total[30s])) by (job) - - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s - expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) by (job) - - record: job:django_http_requests_body_total_bytes:sum_rate30s - expr: sum(rate(django_http_requests_body_total_bytes[30s])) by (job) - - record: job:django_http_responses_streaming_total:sum_rate30s - expr: sum(rate(django_http_responses_streaming_total[30s])) by (job) - - record: job:django_http_responses_body_total_bytes:sum_rate30s - expr: sum(rate(django_http_responses_body_total_bytes[30s])) by (job) - - record: job:django_http_requests_total:sum_rate30s - expr: sum(rate(django_http_requests_total_by_method[30s])) by (job) - - record: job:django_http_requests_total_by_method:sum_rate30s - expr: sum(rate(django_http_requests_total_by_method[30s])) by (job,method) - - record: job:django_http_requests_total_by_transport:sum_rate30s - expr: sum(rate(django_http_requests_total_by_transport[30s])) by (job,transport) - - record: job:django_http_requests_total_by_view:sum_rate30s - expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view) - - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s - expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view,transport,method) - - record: job:django_http_responses_total_by_templatename:sum_rate30s - expr: sum(rate(django_http_responses_total_by_templatename[30s])) by (job,templatename) - - record: job:django_http_responses_total_by_status:sum_rate30s - expr: sum(rate(django_http_responses_total_by_status[30s])) by (job,status) - - record: job:django_http_responses_total_by_status_name_method:sum_rate30s - expr: sum(rate(django_http_responses_total_by_status_name_method[30s])) by (job,status,name,method) - - record: job:django_http_responses_total_by_charset:sum_rate30s - expr: sum(rate(django_http_responses_total_by_charset[30s])) by (job,charset) - - record: job:django_http_exceptions_total_by_type:sum_rate30s - expr: sum(rate(django_http_exceptions_total_by_type[30s])) by (job,type) - - record: job:django_http_exceptions_total_by_view:sum_rate30s - expr: sum(rate(django_http_exceptions_total_by_view[30s])) by (job,view) - - name: authentik Aggregate latency histograms - rules: - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "50" - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "95" - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "99" - - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s - expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "99.9" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "50" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "95" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "99" - - record: job:django_http_requests_latency_seconds:quantile_rate30s - expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le)) - labels: - quantile: "99.9" - - name: authentik Aggregate model operations - rules: - - record: job:django_model_inserts_total:sum_rate1m - expr: sum(rate(django_model_inserts_total[1m])) by (job, model) - - record: job:django_model_updates_total:sum_rate1m - expr: sum(rate(django_model_updates_total[1m])) by (job, model) - - record: job:django_model_deletes_total:sum_rate1m - expr: sum(rate(django_model_deletes_total[1m])) by (job, model) - - name: authentik Aggregate database operations - rules: - - record: job:django_db_new_connections_total:sum_rate30s - expr: sum(rate(django_db_new_connections_total[30s])) by (alias, vendor) - - record: job:django_db_new_connection_errors_total:sum_rate30s - expr: sum(rate(django_db_new_connection_errors_total[30s])) by (alias, vendor) - - record: job:django_db_execute_total:sum_rate30s - expr: sum(rate(django_db_execute_total[30s])) by (alias, vendor) - - record: job:django_db_execute_many_total:sum_rate30s - expr: sum(rate(django_db_execute_many_total[30s])) by (alias, vendor) - - record: job:django_db_errors_total:sum_rate30s - expr: sum(rate(django_db_errors_total[30s])) by (alias, vendor, type) - - name: authentik Aggregate migrations - rules: - - record: job:django_migrations_applied_total:max - expr: max(django_migrations_applied_total) by (job, connection) - - record: job:django_migrations_unapplied_total:max - expr: max(django_migrations_unapplied_total) by (job, connection) - - name: authentik Alerts - rules: - - alert: NoWorkersConnected - expr: max without (pid) (authentik_admin_workers) < 1 - annotations: - message: | - authentik instance {{ printf "{{ $labels.instance }}" }}'s worker are either not running or not connected. - summary: No workers connected - for: 10m - labels: - severity: critical - - alert: PendingMigrations - expr: max without (pid) (django_migrations_unapplied_total) > 0 - annotations: - message: | - authentik instance {{ printf "{{ $labels.instance }}" }} has pending database migrations - summary: Pending database migrations - for: 10m - labels: - severity: critical - - alert: FailedSystemTasks - expr: sum(increase(authentik_system_tasks{status="TaskResultStatus.ERROR"}[2h])) > 0 - annotations: - message: | - System task {{ printf "{{ $labels.task_name }}" }} has failed - summary: Failed system tasks - for: 2h - labels: - severity: critical - - alert: DisconnectedOutposts - expr: sum by (outpost) (max without (pid) (authentik_outposts_connected{uid!~"specific.*"})) < 1 - annotations: - message: | - Outpost {{ printf "{{ $labels.outpost }}" }} has at least 1 disconnected instance - summary: Disconnected outpost - for: 30m - labels: - severity: critical - {{- end }} -{{- end }} -{{- end }} diff --git a/enterprise/authentik/7.1.0/templates/servicemonitor.yaml b/enterprise/authentik/7.1.0/templates/servicemonitor.yaml deleted file mode 100644 index afa560ff34..0000000000 --- a/enterprise/authentik/7.1.0/templates/servicemonitor.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if hasKey .Values "metrics" }} -{{- if .Values.metrics.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "tc.common.names.fullname" . }} - labels: - {{- include "tc.common.labels" . | nindent 4 }} - {{- with .Values.metrics.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} - endpoints: - - port: metrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - path: /metrics - - - port: ldapmetrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - path: /metrics - - - port: proxymetrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - path: /metrics -{{- end }} -{{- end }} diff --git a/enterprise/authentik/7.1.0/values.yaml b/enterprise/authentik/7.1.0/values.yaml deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/enterprise/authentik/item.yaml b/enterprise/authentik/item.yaml deleted file mode 100644 index 351e1c3fe9..0000000000 --- a/enterprise/authentik/item.yaml +++ /dev/null @@ -1,4 +0,0 @@ -icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png -categories: -- authentication -