Skip to content

Commit

Permalink
Add authentik
Browse files Browse the repository at this point in the history
  • Loading branch information
@waaaaargh
waaaaargh committed Dec 8, 2024
1 parent 03d839e commit fc6cbc2
Show file tree
Hide file tree
Showing 3 changed files with 138 additions and 0 deletions.
113 changes: 113 additions & 0 deletions applications/authentik.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authentik
spec:
project: "default"
syncPolicy:
syncOptions:
- CreateNamespace=true

destination:
namespace: authentik
server: "https://kubernetes.default.svc"
sources:
- path: manifests/authentik
repoURL: "https://github.com/openlab-aux/k8s"
targetRevision: main
directory:
recurse: true

- repoURL: "https://charts.goauthentik.io"
targetRevision: 2024.10.4
chart: "authentik"
helm:
values: |
worker:
env:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secret-key
key: secret_key
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: db-app
key: user
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: db-app
key: password
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: db-app
key: host
- name: AUTHENTIK_POSTGRESQL__NAME
valueFrom:
secretKeyRef:
name: db-app
key: dbname
- name: AUTHENTIK_POSTGRESQL__PORT
valueFrom:
secretKeyRef:
name: db-app
key: port
redis:
enabled: true
server:
volumes:
- name: media
persistentVolumeClaim:
claimName: media
volumeMounts:
- mountPath: "/media"
name: media
ingress:
enabled: true
hosts:
- auth.openlab-augsburg.de
tls:
- secretName: authentik-tls
hosts:
- auth.openlab-augsburg.de
annotations:
cert-manager.io/cluster-issuer: le-prod
env:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secret-key
key: secret_key
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: db-app
key: user
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: db-app
key: password
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: db-app
key: host
- name: AUTHENTIK_POSTGRESQL__NAME
valueFrom:
secretKeyRef:
name: db-app
key: dbname
- name: AUTHENTIK_POSTGRESQL__PORT
valueFrom:
secretKeyRef:
name: db-app
key: port
envFrom:
- secretRef:
name: smtp-credentials
14 changes: 14 additions & 0 deletions manifests/authentik/db.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: db
spec:
instances: 1
primaryUpdateStrategy: unsupervised
inheritedMetadata:
annotations:
k8up.io/backupcommand: "pg_dump app"
k8up.io/backupcommand-container: postgres
storage:
storageClass: openebs-hostpath
size: 5Gi
11 changes: 11 additions & 0 deletions manifests/authentik/media-pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: media
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

0 comments on commit fc6cbc2

Please sign in to comment.