From 9a2529a9729bc153dd0f1d0a5312fa67d4223c13 Mon Sep 17 00:00:00 2001 From: genofire Date: Wed, 5 Apr 2023 23:52:37 +0000 Subject: [PATCH] feat(charts/authentik): add blueprints-sidecar to collect from cluster --- charts/authentik/templates/deployment.yaml | 36 +++++++++++++++++++ .../authentik/templates/service-account.yaml | 29 +++++++++++++++ charts/authentik/values.yaml | 10 ++++++ 3 files changed, 75 insertions(+) create mode 100644 charts/authentik/templates/service-account.yaml diff --git a/charts/authentik/templates/deployment.yaml b/charts/authentik/templates/deployment.yaml index 5a7adb95..446114d7 100644 --- a/charts/authentik/templates/deployment.yaml +++ b/charts/authentik/templates/deployment.yaml @@ -94,6 +94,10 @@ spec: - name: geoip-db mountPath: /geoip {{- end }} + {{- if $.Values.sidecar.blueprints.enabled }} + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + {{- end }} {{- with $.Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -151,6 +155,34 @@ spec: - name: geoip-db mountPath: /usr/share/GeoIP {{- end }} + {{- with $.Values.sidecar.blueprints }} + {{- if .enabled }} + - name: sidecar-blueprints + image: "{{ .image.repository }}:{{ .image.tag }}" + env: + - name: "FOLDER" + value: "/blueprints/sidecar" + - name: "LABEL" + value: "goauthentik_blueprint" + - name: "LABEL_VALUE" + value: "1" + {{- with .namespace }} + - name: "NAMESPACE" + value: "{{ . }}" + {{- end }} + {{- with .resource }} + - name: "RESOURCE" + value: "{{ . }}" + {{- end }} + {{- with .uniqueFilenames }} + - name: "UNIQUE_FILENAMES" + value: "{{ . }}" + {{- end }} + volumeMounts: + - name: sidecar-blueprints + mountPath: /blueprints/sidecar + {{- end }} + {{- end }} {{- with $.Values.additionalContainers }} {{- $additionalContainers := list }} {{- range $name, $container := . }} @@ -166,6 +198,10 @@ spec: - name: geoip-db emptyDir: {} {{- end }} + {{- if $.Values.sidecar.blueprints.enabled }} + - name: sidecar-blueprints + emptyDir: {} + {{- end }} {{- with $.Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/authentik/templates/service-account.yaml b/charts/authentik/templates/service-account.yaml new file mode 100644 index 00000000..15eb4567 --- /dev/null +++ b/charts/authentik/templates/service-account.yaml @@ -0,0 +1,29 @@ +{{- if .Values.serviceAccount.create }} + +{{ include "common.serviceAccount" . }} + +{{- if .Values.sidecar.blueprints.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "common.names.fullname" . }} +rules: +- apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "common.names.fullname" . }} +roleRef: + kind: ClusterRole + name: {{ include "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml index 28ee1341..1e096c86 100644 --- a/charts/authentik/values.yaml +++ b/charts/authentik/values.yaml @@ -182,6 +182,16 @@ prometheus: # -- labels additional on PrometheusRule labels: {} +sidecar: + blueprints: + enabled: false + image: + repository: "ghcr.io/kiwigrid/k8s-sidecar" + tag: "1.23.0" + namespace: "" + resource: "both" + uniqueFilenames: true + geoip: # -- optional GeoIP, deploys a cronjob to download the maxmind database enabled: false