Skip to content

Commit

Permalink
feat(charts/authentik): add blueprints-sidecar to collect from cluster
Browse files Browse the repository at this point in the history
  • Loading branch information
genofire committed Apr 6, 2023
1 parent c3ef453 commit 9a2529a
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 0 deletions.
36 changes: 36 additions & 0 deletions charts/authentik/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,10 @@ spec:
- name: geoip-db
mountPath: /geoip
{{- end }}
{{- if $.Values.sidecar.blueprints.enabled }}
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
{{- end }}
{{- with $.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
Expand Down Expand Up @@ -151,6 +155,34 @@ spec:
- name: geoip-db
mountPath: /usr/share/GeoIP
{{- end }}
{{- with $.Values.sidecar.blueprints }}
{{- if .enabled }}
- name: sidecar-blueprints
image: "{{ .image.repository }}:{{ .image.tag }}"
env:
- name: "FOLDER"
value: "/blueprints/sidecar"
- name: "LABEL"
value: "goauthentik_blueprint"
- name: "LABEL_VALUE"
value: "1"
{{- with .namespace }}
- name: "NAMESPACE"
value: "{{ . }}"
{{- end }}
{{- with .resource }}
- name: "RESOURCE"
value: "{{ . }}"
{{- end }}
{{- with .uniqueFilenames }}
- name: "UNIQUE_FILENAMES"
value: "{{ . }}"
{{- end }}
volumeMounts:
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
{{- end }}
{{- end }}
{{- with $.Values.additionalContainers }}
{{- $additionalContainers := list }}
{{- range $name, $container := . }}
Expand All @@ -166,6 +198,10 @@ spec:
- name: geoip-db
emptyDir: {}
{{- end }}
{{- if $.Values.sidecar.blueprints.enabled }}
- name: sidecar-blueprints
emptyDir: {}
{{- end }}
{{- with $.Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand Down
29 changes: 29 additions & 0 deletions charts/authentik/templates/service-account.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- if .Values.serviceAccount.create }}

{{ include "common.serviceAccount" . }}

{{- if .Values.sidecar.blueprints.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "common.names.fullname" . }}
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.names.fullname" . }}
roleRef:
kind: ClusterRole
name: {{ include "common.names.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
10 changes: 10 additions & 0 deletions charts/authentik/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,16 @@ prometheus:
# -- labels additional on PrometheusRule
labels: {}

sidecar:
blueprints:
enabled: false
image:
repository: "ghcr.io/kiwigrid/k8s-sidecar"
tag: "1.23.0"
namespace: ""
resource: "both"
uniqueFilenames: true

geoip:
# -- optional GeoIP, deploys a cronjob to download the maxmind database
enabled: false
Expand Down

0 comments on commit 9a2529a

Please sign in to comment.