authentik

2022-12-15 14:59:38 +01:00 · 2022-12-15 14:59:38 +01:00 · bb8bc273e0
commit bb8bc273e0
parent 4d5e90483e
2 changed files with 107 additions and 0 deletions
--- a/MetaObjects/authentik-keys.yml
+++ b/MetaObjects/authentik-keys.yml
@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: SecretStore
+metadata:
+  name: ext-authentik-backend
+  namespace: authentik
+spec:
+  provider:
+    vault:
+      server: "http://vault.vault:8200"
+      path: "kv"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "kube-role"
+---
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: ext-authentik
+  namespace: authentik
+spec:
+  secretStoreRef:
+    name: ext-authentik-backend
+    kind: SecretStore
+  target:
+    name: authentik-secret
+  data:
+    - secretKey: AUTHENTIK_SECRET_KEY
+      remoteRef:
+        key: authentik/authentik
+        property: secret_key
--- a/apps/templates/authentik.yaml
+++ b/apps/templates/authentik.yaml
@ -0,0 +1,75 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik
+  namespace: argo-cd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: authentik
+  project: default
+  source:
+    chart: authentik
+    helm:
+      values: |
+
+        image:
+          repository: ghcr.io/goauthentik/server
+          tag: 2022.11.3
+
+        authentik:
+          error_reporting:
+            enabled: true
+
+        ingress:
+          enabled: true
+          ingressClassName: traefik
+          annotations:
+            cert-manager.io/acme-challenge-type: dns01
+            cert-manager.io/cluster-issuer: roxedus.com-cloudflare
+          hosts:
+            - host: authentik.roxedus.com
+              paths:
+                - path: "/"
+                  pathType: Prefix
+
+          tls:
+          - hosts:
+            - authentik.roxedus.com
+            secretName: authentik-roxedus-com-cert
+
+          AUTHENTIK_SECRET_KEY:
+            secretKeyRef:
+              key: AUTHENTIK_SECRET_KEY
+              name: authentik-secret
+
+        postgresql:
+          image:
+            registry: ghcr.io
+            repository: zcube/bitnami-compat/postgresql
+            tag: 11.18.0-debian-11-r39
+          enabled: true
+          # auth:
+          #   existingSecret: authentik-postgresql
+          persistence:
+            enabled: true
+            storageClass: longhorn
+            accessModes:
+              - ReadWriteOnce
+        redis:
+          enabled: true
+          image:
+            registry: ghcr.io
+            repository: zcube/bitnami-compat/redis
+            tag: 6.2.7-debian-11-r39
+
+    repoURL: https://charts.goauthentik.io
+    targetRevision: 2022.11.3
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true