From bb8bc273e0c95d2f884f01d8f095b5e2e7bc1c31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simen=20R=C3=B8stvik?= <simen.rostvik@crayon.com>
Date: Thu, 15 Dec 2022 14:59:38 +0100
Subject: [PATCH] authentik

---
 MetaObjects/authentik-keys.yml | 32 +++++++++++++++
 apps/templates/authentik.yaml  | 75 ++++++++++++++++++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 MetaObjects/authentik-keys.yml
 create mode 100644 apps/templates/authentik.yaml

diff --git a/MetaObjects/authentik-keys.yml b/MetaObjects/authentik-keys.yml
new file mode 100644
index 0000000..d4e9169
--- /dev/null
+++ b/MetaObjects/authentik-keys.yml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: SecretStore
+metadata:
+  name: ext-authentik-backend
+  namespace: authentik
+spec:
+  provider:
+    vault:
+      server: "http://vault.vault:8200"
+      path: "kv"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "kube-role"
+---
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: ext-authentik
+  namespace: authentik
+spec:
+  secretStoreRef:
+    name: ext-authentik-backend
+    kind: SecretStore
+  target:
+    name: authentik-secret
+  data:
+    - secretKey: AUTHENTIK_SECRET_KEY
+      remoteRef:
+        key: authentik/authentik
+        property: secret_key
diff --git a/apps/templates/authentik.yaml b/apps/templates/authentik.yaml
new file mode 100644
index 0000000..6856dc6
--- /dev/null
+++ b/apps/templates/authentik.yaml
@@ -0,0 +1,75 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik
+  namespace: argo-cd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: authentik
+  project: default
+  source:
+    chart: authentik
+    helm:
+      values: |
+
+        image:
+          repository: ghcr.io/goauthentik/server
+          tag: 2022.11.3
+
+        authentik:
+          error_reporting:
+            enabled: true
+
+        ingress:
+          enabled: true
+          ingressClassName: traefik
+          annotations:
+            cert-manager.io/acme-challenge-type: dns01
+            cert-manager.io/cluster-issuer: roxedus.com-cloudflare
+          hosts:
+            - host: authentik.roxedus.com
+              paths:
+                - path: "/"
+                  pathType: Prefix
+
+          tls:
+          - hosts:
+            - authentik.roxedus.com
+            secretName: authentik-roxedus-com-cert
+
+          AUTHENTIK_SECRET_KEY:
+            secretKeyRef:
+              key: AUTHENTIK_SECRET_KEY
+              name: authentik-secret
+
+        postgresql:
+          image:
+            registry: ghcr.io
+            repository: zcube/bitnami-compat/postgresql
+            tag: 11.18.0-debian-11-r39
+          enabled: true
+          # auth:
+          #   existingSecret: authentik-postgresql
+          persistence:
+            enabled: true
+            storageClass: longhorn
+            accessModes:
+              - ReadWriteOnce
+        redis:
+          enabled: true
+          image:
+            registry: ghcr.io
+            repository: zcube/bitnami-compat/redis
+            tag: 6.2.7-debian-11-r39
+
+    repoURL: https://charts.goauthentik.io
+    targetRevision: 2022.11.3
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true