From 861218f35b5a0a5eeec5f5a6d3e9eb0a3fd3e377 Mon Sep 17 00:00:00 2001 From: nold Date: Mon, 7 Aug 2023 20:57:47 +0200 Subject: [PATCH] add(authentik) --- .../auth}/manifests/postgre.yaml | 2 +- projects/auth/manifests/redis.yaml | 12 ++++++ .../authentik => projects/auth}/project.yml | 3 ++ .../auth}/values/authentik.yaml | 40 ++----------------- 4 files changed, 19 insertions(+), 38 deletions(-) rename {.archive/authentik => projects/auth}/manifests/postgre.yaml (97%) create mode 100644 projects/auth/manifests/redis.yaml rename {.archive/authentik => projects/auth}/project.yml (85%) rename {.archive/authentik => projects/auth}/values/authentik.yaml (81%) diff --git a/.archive/authentik/manifests/postgre.yaml b/projects/auth/manifests/postgre.yaml similarity index 97% rename from .archive/authentik/manifests/postgre.yaml rename to projects/auth/manifests/postgre.yaml index cb6123bf..35ca5035 100644 --- a/.archive/authentik/manifests/postgre.yaml +++ b/projects/auth/manifests/postgre.yaml @@ -2,7 +2,7 @@ apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: authentik-db - namespace: authentik + namespace: auth spec: instances: 1 imageName: ghcr.io/cloudnative-pg/postgresql:15 diff --git a/projects/auth/manifests/redis.yaml b/projects/auth/manifests/redis.yaml new file mode 100644 index 00000000..9af47ac0 --- /dev/null +++ b/projects/auth/manifests/redis.yaml @@ -0,0 +1,12 @@ +apiVersion: databases.spotahome.com/v1 +kind: RedisFailover +metadata: + name: authentik-redis + namespace: auth +spec: + sentinel: + replicas: 1 + redis: + replicas: 1 + auth: + secretPath: redis diff --git a/.archive/authentik/project.yml b/projects/auth/project.yml similarity index 85% rename from .archive/authentik/project.yml rename to projects/auth/project.yml index 669e761d..9f673390 100644 --- a/.archive/authentik/project.yml +++ b/projects/auth/project.yml @@ -14,3 +14,6 @@ apps: keys: - secretkey - accesskey + - name: redis + keys: + - password diff --git a/.archive/authentik/values/authentik.yaml b/projects/auth/values/authentik.yaml similarity index 81% rename from .archive/authentik/values/authentik.yaml rename to projects/auth/values/authentik.yaml index 3cdbf73b..f346d1ed 100644 --- a/.archive/authentik/values/authentik.yaml +++ b/projects/auth/values/authentik.yaml @@ -23,19 +23,11 @@ image: repository: ghcr.io/goauthentik/server tag: 2022.11.3 -# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values -initContainers: {} - -# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values -additionalContainers: {} - ingress: enabled: true - ingressClassName: "ingress-internal-traefik" + ingressClassName: "ingress-internal" annotations: cert-manager.io/cluster-issuer: "vault-issuer" - traefik.ingress.kubernetes.io/router.tls: 'true' - labels: {} hosts: - host: auth.dc paths: @@ -90,7 +82,7 @@ authentik: # -- set the postgresql hostname to talk to # if unset and .Values.postgresql.enabled == true, will generate the default # @default -- `{{ .Release.Name }}-postgresql` - host: 'authentik-db-rw.authentik.svc.cluster.local' + host: 'authentik-db-rw.auth.svc.cluster.local' # -- postgresql Database name # @default -- `authentik` name: "app" @@ -128,41 +120,15 @@ envValueFrom: name: authentik -service: - # -- Service that is created to access authentik - enabled: true - type: ClusterIP - port: 80 - name: http - protocol: TCP - labels: {} - annotations: {} - -volumes: [] - -volumeMounts: [] - resources: server: {} worker: {} -serviceAccount: - # -- Service account is needed for managed outposts - create: true - -prometheus: - serviceMonitor: - create: false - interval: 30s - scrapeTimeout: 3s - rules: - create: false - postgresql: enabled: false redis: - enabled: true + enabled: false architecture: standalone auth: enabled: false