authentik

2022-12-15 14:59:38 +01:00 · 2022-12-15 14:59:38 +01:00 · 443e3b8b4b
commit 443e3b8b4b
parent 0fad1090a1
2 changed files with 107 additions and 0 deletions
--- a/MetaObjects/authentik-keys.yml
+++ b/MetaObjects/authentik-keys.yml
@ -0,0 +1,32 @@
 apiVersion: external-secrets.io/v1alpha1
 kind: SecretStore
 metadata:
  name: ext-authentik-backend
  namespace: authentik
 spec:
  provider:
    vault:
      server: "http://vault.vault:8200"
      path: "kv"
      version: "v2"
      auth:
        kubernetes:
          mountPath: "kubernetes"
          role: "kube-role"
 ---
 apiVersion: external-secrets.io/v1alpha1
 kind: ExternalSecret
 metadata:
  name: ext-authentik
  namespace: authentik
 spec:
  secretStoreRef:
    name: ext-authentik-backend
    kind: SecretStore
  target:
    name: authentik-secret
  data:
    - secretKey: AUTHENTIK_SECRET_KEY
      remoteRef:
        key: authentik/authentik
        property: secret_key
--- a/apps/templates/authentik.yaml
+++ b/apps/templates/authentik.yaml
@ -0,0 +1,75 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: authentik
  namespace: argo-cd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: authentik
  project: default
  source:
    chart: authentik
    helm:
      values: |
        image:
          repository: ghcr.io/goauthentik/server
          tag: 2022.11.3
        authentik:
          error_reporting:
            enabled: true
        ingress:
          enabled: true
          ingressClassName: traefik
          annotations:
            cert-manager.io/acme-challenge-type: dns01
            cert-manager.io/cluster-issuer: roxedus.com-cloudflare
          hosts:
            - host: authentik.roxedus.com
              paths:
                - path: "/"
                  pathType: Prefix
          tls:
          - hosts:
            - authentik.roxedus.com
            secretName: authentik-roxedus-com-cert
          AUTHENTIK_SECRET_KEY:
            secretKeyRef:
              key: AUTHENTIK_SECRET_KEY
              name: authentik-secret
        postgresql:
          image:
            registry: ghcr.io
            repository: zcube/bitnami-compat/postgresql
            tag: 11.18.0-debian-11-r39
          enabled: true
          # auth:
          #   existingSecret: authentik-postgresql
          persistence:
            enabled: true
            storageClass: longhorn
            accessModes:
              - ReadWriteOnce
        redis:
          enabled: true
          image:
            registry: ghcr.io
            repository: zcube/bitnami-compat/redis
            tag: 6.2.7-debian-11-r39
    repoURL: https://charts.goauthentik.io
    targetRevision: 2022.11.3
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true