Add authentik
This commit is contained in:
parent
d88f450f12
commit
c54711590c
46
flux/cluster/apps/authentik/helm.yaml
Normal file
46
flux/cluster/apps/authentik/helm.yaml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: authentik
|
||||||
|
namespace: authentik
|
||||||
|
spec:
|
||||||
|
interval: 1m0s
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
# renovate: registryUrl=https://charts.goauthentik.io
|
||||||
|
chart: authentik
|
||||||
|
version: 2022.4.3
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: authentik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 5m
|
||||||
|
valuesFrom:
|
||||||
|
- kind: Secret
|
||||||
|
name: authentik
|
||||||
|
valuesKey: secret_key
|
||||||
|
targetPath: authentik.secret_key
|
||||||
|
optional: false
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/goauthentik/server
|
||||||
|
tag: 2022.5.1
|
||||||
|
authentik:
|
||||||
|
error_reporting:
|
||||||
|
enabled: true
|
||||||
|
postgresql:
|
||||||
|
host: "postgres.lxd"
|
||||||
|
name: "authentik"
|
||||||
|
user: "authentik"
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
architecture: standalone
|
||||||
|
auth:
|
||||||
|
enabled: false
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- host: auth.asraphiel.dev
|
||||||
|
paths:
|
||||||
|
- path: "/"
|
||||||
|
pathType: Prefix
|
4
flux/cluster/apps/authentik/kustomization.yaml
Normal file
4
flux/cluster/apps/authentik/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm.yaml
|
17
flux/cluster/apps/authentik/secret.yaml
Normal file
17
flux/cluster/apps/authentik/secret.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: authentik
|
||||||
|
namespace: authentik
|
||||||
|
spec:
|
||||||
|
refreshInterval: "5m"
|
||||||
|
secretStoreRef:
|
||||||
|
name: vault
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: authentik
|
||||||
|
data:
|
||||||
|
- secretKey: secret_key
|
||||||
|
remoteRef:
|
||||||
|
key: k8s/authentik
|
||||||
|
property: secret_key
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- test
|
- test
|
||||||
|
- authentik
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: authentik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
url: https://charts.goauthentik.io
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- external-secrets-charts.yaml
|
- external-secrets-charts.yaml
|
||||||
|
- authentik-charts.yaml
|
||||||
|
|
6
flux/cluster/core/namespaces/authentik.yaml
Normal file
6
flux/cluster/core/namespaces/authentik.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
kind: Namespace
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: authentik
|
||||||
|
labels:
|
||||||
|
name: authentik
|
|
@ -3,3 +3,4 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- test-name.yaml
|
- test-name.yaml
|
||||||
- external-secrets.yaml
|
- external-secrets.yaml
|
||||||
|
- authentik.yaml
|
||||||
|
|
|
@ -50,6 +50,7 @@ in {
|
||||||
virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/";
|
virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/";
|
||||||
virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/";
|
virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/";
|
||||||
virtualHosts."whoami.asraphiel.dev" = k8sProxy;
|
virtualHosts."whoami.asraphiel.dev" = k8sProxy;
|
||||||
|
virtualHosts."auth.asraphiel.dev" = k8sProxy;
|
||||||
};
|
};
|
||||||
security.acme.email = "acme@voidcorp.nl";
|
security.acme.email = "acme@voidcorp.nl";
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
host all all 10.0.0.0/8 trust
|
host all all 10.0.0.0/8 trust
|
||||||
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
|
host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
|
||||||
'';
|
'';
|
||||||
ensureDatabases = [ "gitea" "vault" "vaultwarden" ];
|
ensureDatabases = [ "gitea" "vault" "vaultwarden" "authentik" ];
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "gitea";
|
name = "gitea";
|
||||||
|
@ -32,6 +32,10 @@
|
||||||
name = "vaultwarden";
|
name = "vaultwarden";
|
||||||
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
|
ensurePermissions = { "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES"; };
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "authentik";
|
||||||
|
ensurePermissions = { "DATABASE \"authentik\"" = "ALL PRIVILEGES"; };
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
enableTCPIP = true;
|
enableTCPIP = true;
|
||||||
|
|
Loading…
Reference in a new issue