helm: add initial geoip

helm/templates/geoip-configmap.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.geoip.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "authentik.fullname" . }}-geoip-config
+data:
+  GEOIPUPDATE_ACCOUNT_ID: "{{ .Values.geoip.accountId }}"
+  GEOIPUPDATE_LICENSE_KEY: "{{ .Values.geoip.licenseKey }}"
+  GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
+  GEOIPUPDATE_FREQUENCY: "8"
+{{- end }}

helm/templates/geoip-deployment.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.geoip.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "authentik.fullname" . }}-geoip
+  labels:
+    app.kubernetes.io/name: {{ include "authentik.name" . }}
+    helm.sh/chart: {{ include "authentik.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    k8s.goauthentik.io/component: geoip
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "authentik.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      k8s.goauthentik.io/component: geoip
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "authentik.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        k8s.goauthentik.io/component: geoip
+    spec:
+      containers:
+        - name: geoip
+          image: "{{ .Values.geoip.image }}"
+          envFrom:
+            - configMapRef:
+                name: {{ include "authentik.fullname" . }}-geoip-config
+          volumeMounts:
+            - name: geoip
+              mountPath: /usr/share/GeoIP
+      volumes:
+        - name: geoip
+          persistentVolumeClaim:
+            claimName: {{ include "authentik.fullname" . }}-geoip
+{{- end }}

helm/templates/geoip-pvc.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.geoip.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "authentik.fullname" . }}-geoip
+  labels:
+    app.kubernetes.io/name: {{ include "authentik.name" . }}
+    helm.sh/chart: {{ include "authentik.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end }}

helm/templates/web-deployment.yaml

@@ -88,9 +88,17 @@ spec:
                 secretKeyRef:
                   name: "{{ .Release.Name }}-postgresql"
                   key: "postgresql-password"
+            {{ if .Values.geoip.enabled -}}
+            - name: AUTHENTIK_AUTHENTIK__GEOIP
+              value: /geoip/GeoLite2-City.mmdb
+            {{- end }}
           volumeMounts:
             - name: authentik-uploads
               mountPath: /media
+            {{ if .Values.geoip.enabled -}}
+            - name: geoip
+              mountPath: /geoip
+            {{- end }}
           ports:
             - name: http
               containerPort: 8000
@@ -116,3 +124,8 @@ spec:
         - name: authentik-uploads
           persistentVolumeClaim:
             claimName: {{ include "authentik.fullname" . }}-uploads
+        {{ if .Values.geoip.enabled -}}
+        - name: geoip
+          persistentVolumeClaim:
+            claimName: {{ include "authentik.fullname" . }}-geoip
+        {{- end }}

helm/templates/worker-deployment.yaml

@@ -68,6 +68,15 @@ spec:
                 secretKeyRef:
                   name: "{{ .Release.Name }}-postgresql"
                   key: "postgresql-password"
+            {{ if .Values.geoip.enabled -}}
+            - name: AUTHENTIK_AUTHENTIK__GEOIP
+              value: /geoip/GeoLite2-City.mmdb
+            {{- end }}
+          {{ if .Values.geoip.enabled -}}
+          volumeMounts:
+            - name: geoip
+              mountPath: /geoip
+          {{- end }}
           resources:
             requests:
               cpu: 150m
@@ -75,3 +84,9 @@ spec:
             limits:
               cpu: 300m
               memory: 600M
+      {{ if .Values.geoip.enabled -}}
+      volumes:
+        - name: geoip
+          persistentVolumeClaim:
+            claimName: {{ include "authentik.fullname" . }}-geoip
+      {{- end -}}