Enhancement: Include Redis and Postgres chart so it can be deployed though Authelia chart

[samip5]

The thinking is that you could specify things like:

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: authentik
  namespace: security
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://charts.goauthentik.io
      chart: authentik
      version: 2.0.0
      sourceRef:
        kind: HelmRepository
        name: authentik-charts
        namespace: flux-system
      interval: 5m
  values:
    outposts:
      docker_image_base: ghcr.io/goauthentik/%(type)s
    fullnameOverride: authentik
    image:
      repository: ghcr.io/goauthentik/server
      tag: latest
      pullPolicy: Always

    authentik:
      secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
      postgresql:
        host: "authentik-postgresql"
        name: "authentik"
        user: "authentik"
        password: "${SECRET_AUTHENTIK_POSTGRES_PASSWORD}"
      redis:
        host: "authentik-redis-master"
      email:
        host: "smtp.eu.mailgun.org"
        port: 587
        use_tls: true
        username: "authentik@mg.${MAIN_DOMAIN}"
        password: "${SECRET_MAILGUN_PASSWORD}"
        from: "no-reply@mg.${MAIN_DOMAIN}"
    volumeMounts:
    - name: media
      mountPath: /media
    volumes:
    - name: media
      persistentVolumeClaim:
        claimName: authentik-media-v1

    ingress:
      enabled: true
      ingressClassName: "traefik"
      annotations:
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
#        traefik.ingress.kubernetes.io/router.middlewares: "networking-cloudflare-ips@kubernetescrd"
      hosts:
      - host: "id.${MAIN_DOMAIN}"
        paths:
        - path: "/"
          pathType: Prefix
      tls:
      - hosts:
        - "id.${MAIN_DOMAIN}"
        secretName: ${MAIN_DOMAIN}-tls
    postgresql:
      enabled: true
      image:
        repository: postgres
        tag: '11.12'
      postgresqlUsername: authentik
      postgresqlDatabase: authentik
      postgresqlPassword: "${SECRET_AUTHENTIK_POSTGRES_PASSWORD}"
      postgresqlDataDir: "/data/pgdata"
      persistence:
       enabled: true
       size: 8Gi
       mountPath: "/data/"
    redis:
      enabled: true
      image:
       repository: redis
       tag: 'latest'

Basically that means that this chart would deployed redis too if it's enabled and use it. Same with the storage backend.

[trallnag]

This increases the complexity of this chart quite a lot is my feeling

• Redis single node vs cluster vs sentinel
• Postgres single node vs cluster

And technically you could also add OpenLDAP as an option. I think what would be best is to provide more concrete examples

[james-d-elliott]

The plan is to add an auxiliary chart that includes this chart as an example for anyone wanting to do a full stack. The alternative is making the stack parts optional. Some have suggested the later approach may be better but I'm not entirely convinced since no compelling reasons have been provided.

[djjudas21]

Sorry to comment on this old thread :slightly_smiling_face: I'm looking at Authelia for the first time today and was surprised that the chart did not include postgres/redis as optional dependencies. It's an outlier in this regard, because almost every other chart I use does include its dependencies (and Helm describes itself as a package manager, which implies dependency resolution).

A satisfactory option could be to provide an umbrella chart that manages the whole stack, but I definitely think you need to do more than simply provide examples, because otherwise it defies the point of a "package manager" if you have to manually install dependencies before installing Authelia.

[djjudas21]

This should have been closed via #223 and #225 but it's still open

[samip5]

I thought it's fixed so this should be closed?

[james-d-elliott]

The issue will be closed once the 0.9.0 version is merged, it's not released yet just available for testing. It'll automatically be closed when this occurs, sorry for confusion.

[djjudas21]

Sorry, that's my fault. I assumed it would be closed when the PR was merged, rather than when the commits hit main