diff --git a/applications/authentik.yaml b/applications/authentik.yaml new file mode 100644 index 0000000..058cdba --- /dev/null +++ b/applications/authentik.yaml @@ -0,0 +1,113 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authentik +spec: + project: "default" + syncPolicy: + syncOptions: + - CreateNamespace=true + + destination: + namespace: authentik + server: "https://kubernetes.default.svc" + sources: + - path: manifests/authentik + repoURL: "https://github.com/openlab-aux/k8s" + targetRevision: main + directory: + recurse: true + + - repoURL: "https://charts.goauthentik.io" + targetRevision: 2024.10.4 + chart: "authentik" + helm: + values: | + worker: + env: + - name: AUTHENTIK_SECRET_KEY + valueFrom: + secretKeyRef: + name: authentik-secret-key + key: secret_key + - name: AUTHENTIK_POSTGRESQL__USER + valueFrom: + secretKeyRef: + name: db-app + key: user + - name: AUTHENTIK_POSTGRESQL__PASSWORD + valueFrom: + secretKeyRef: + name: db-app + key: password + - name: AUTHENTIK_POSTGRESQL__HOST + valueFrom: + secretKeyRef: + name: db-app + key: host + - name: AUTHENTIK_POSTGRESQL__NAME + valueFrom: + secretKeyRef: + name: db-app + key: dbname + - name: AUTHENTIK_POSTGRESQL__PORT + valueFrom: + secretKeyRef: + name: db-app + key: port + + redis: + enabled: true + + server: + volumes: + - name: media + persistentVolumeClaim: + claimName: media + volumeMounts: + - mountPath: "/media" + name: media + ingress: + enabled: true + hosts: + - auth.openlab-augsburg.de + tls: + - secretName: authentik-tls + hosts: + - auth.openlab-augsburg.de + annotations: + cert-manager.io/cluster-issuer: le-prod + env: + - name: AUTHENTIK_SECRET_KEY + valueFrom: + secretKeyRef: + name: authentik-secret-key + key: secret_key + - name: AUTHENTIK_POSTGRESQL__USER + valueFrom: + secretKeyRef: + name: db-app + key: user + - name: AUTHENTIK_POSTGRESQL__PASSWORD + valueFrom: + secretKeyRef: + name: db-app + key: password + - name: AUTHENTIK_POSTGRESQL__HOST + valueFrom: + secretKeyRef: + name: db-app + key: host + - name: AUTHENTIK_POSTGRESQL__NAME + valueFrom: + secretKeyRef: + name: db-app + key: dbname + - name: AUTHENTIK_POSTGRESQL__PORT + valueFrom: + secretKeyRef: + name: db-app + key: port + envFrom: + - secretRef: + name: smtp-credentials \ No newline at end of file diff --git a/manifests/authentik/db.yaml b/manifests/authentik/db.yaml new file mode 100644 index 0000000..06b94b1 --- /dev/null +++ b/manifests/authentik/db.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + instances: 1 + primaryUpdateStrategy: unsupervised + inheritedMetadata: + annotations: + k8up.io/backupcommand: "pg_dump app" + k8up.io/backupcommand-container: postgres + storage: + storageClass: openebs-hostpath + size: 5Gi \ No newline at end of file diff --git a/manifests/authentik/media-pvc.yaml b/manifests/authentik/media-pvc.yaml new file mode 100644 index 0000000..1de2401 --- /dev/null +++ b/manifests/authentik/media-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: media +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi \ No newline at end of file