feat: Authentik | set up authentik + dependencies
Includes redis and changes to pihole, nginx, prometheus and gitea
This commit is contained in:
@@ -68,3 +68,43 @@ metadata:
|
||||
operator.1password.io/auto-restart: "true"
|
||||
spec:
|
||||
itemPath: "vaults/Lab/items/Cloudflare"
|
||||
---
|
||||
apiVersion: onepassword.com/v1
|
||||
kind: OnePasswordItem
|
||||
metadata:
|
||||
name: authentik-postgres
|
||||
namespace: authentik-system
|
||||
annotations:
|
||||
operator.1password.io/auto-restart: "true"
|
||||
spec:
|
||||
itemPath: "vaults/Lab/items/authentik-postgres"
|
||||
---
|
||||
apiVersion: onepassword.com/v1
|
||||
kind: OnePasswordItem
|
||||
metadata:
|
||||
name: redis
|
||||
namespace: redis-system
|
||||
annotations:
|
||||
operator.1password.io/auto-restart: "true"
|
||||
spec:
|
||||
itemPath: "vaults/Lab/items/redis"
|
||||
---
|
||||
apiVersion: onepassword.com/v1
|
||||
kind: OnePasswordItem
|
||||
metadata:
|
||||
name: authentik-redis
|
||||
namespace: authentik-system
|
||||
annotations:
|
||||
operator.1password.io/auto-restart: "true"
|
||||
spec:
|
||||
itemPath: "vaults/Lab/items/redis"
|
||||
---
|
||||
apiVersion: onepassword.com/v1
|
||||
kind: OnePasswordItem
|
||||
metadata:
|
||||
name: gitea-oauth
|
||||
namespace: gitea-system
|
||||
annotations:
|
||||
operator.1password.io/auto-restart: "true"
|
||||
spec:
|
||||
itemPath: "vaults/Lab/items/gitea-oauth"
|
||||
|
||||
@@ -17,6 +17,8 @@ repositories:
|
||||
url: https://charts.jetstack.io
|
||||
- name: prometheus-community
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
- name: authentik
|
||||
url: https://charts.goauthentik.io
|
||||
---
|
||||
releases:
|
||||
# Distributed Storage
|
||||
@@ -92,3 +94,19 @@ releases:
|
||||
version: 62.3.0
|
||||
values:
|
||||
- ./values/prometheus.values.yaml
|
||||
|
||||
# Redis
|
||||
- name: redis
|
||||
namespace: redis-system
|
||||
chart: bitnami/redis
|
||||
version: 20.2.0
|
||||
values:
|
||||
- ./values/redis.values.yaml
|
||||
|
||||
# Authentik
|
||||
- name: authentik
|
||||
namespace: authentik-system
|
||||
chart: authentik/authentik
|
||||
version: 2024.8.3
|
||||
values:
|
||||
- ./values/authentik.values.yaml
|
||||
|
||||
63
helm/values/authentik.values.yaml
Normal file
63
helm/values/authentik.values.yaml
Normal file
@@ -0,0 +1,63 @@
|
||||
global:
|
||||
addPrometheusAnnotations: true
|
||||
|
||||
authentik:
|
||||
secret_key: "c8cc2e4a498c697a0443d96b31fe042c69c2158dc8bfb3da3878d1dbfbe6128e"
|
||||
error_reporting:
|
||||
enabled: false
|
||||
postgresql:
|
||||
host: postgres-cluster-rw.postgres-system.svc.cluster.local
|
||||
user: file:///postgres-creds/username
|
||||
password: file:///postgres-creds/password
|
||||
redis:
|
||||
host: redis-master.redis-system.svc.cluster.local
|
||||
password: file:///redis-creds/password
|
||||
|
||||
server:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: cloudflare-issuer
|
||||
cert-manager.io/acme-challenge-type: dns01
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
ingressClassName: nginx-internal
|
||||
hosts:
|
||||
- auth.dogar.dev
|
||||
tls:
|
||||
- secretName: authentik-tls
|
||||
hosts:
|
||||
- auth.dogar.dev
|
||||
volumes:
|
||||
- name: postgres-creds
|
||||
secret:
|
||||
secretName: authentik-postgres
|
||||
- name: redis-creds
|
||||
secret:
|
||||
secretName: authentik-redis
|
||||
volumeMounts:
|
||||
- name: postgres-creds
|
||||
mountPath: /postgres-creds
|
||||
readOnly: true
|
||||
- name: redis-creds
|
||||
mountPath: /redis-creds
|
||||
readOnly: true
|
||||
worker:
|
||||
volumes:
|
||||
- name: postgres-creds
|
||||
secret:
|
||||
secretName: authentik-postgres
|
||||
- name: redis-creds
|
||||
secret:
|
||||
secretName: authentik-redis
|
||||
volumeMounts:
|
||||
- name: postgres-creds
|
||||
mountPath: /postgres-creds
|
||||
readOnly: true
|
||||
- name: redis-creds
|
||||
mountPath: /redis-creds
|
||||
readOnly: true
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
redis:
|
||||
enabled: false
|
||||
@@ -13,6 +13,7 @@ ingress:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: cloudflare-issuer
|
||||
cert-manager.io/private-key-algorithm: ED25519
|
||||
cert-manager.io/acme-challenge-type: dns01
|
||||
hosts:
|
||||
- host: git.dogar.dev
|
||||
paths:
|
||||
@@ -53,6 +54,15 @@ gitea:
|
||||
STORAGE_TYPE: local
|
||||
service:
|
||||
DISABLE_REGISTRATION: true
|
||||
oauth2_client:
|
||||
ENABLE_AUTO_REGISTRATION: true
|
||||
oauth:
|
||||
- name: "authentik"
|
||||
provider: "openidConnect"
|
||||
existingSecret: gitea-oauth
|
||||
autoDiscoverUrl: "https://auth.dogar.dev/application/o/gitea/.well-known/openid-configuration"
|
||||
iconUrl: "https://goauthentik.io/img/icon.png"
|
||||
scopes: "email profile"
|
||||
additionalConfigFromEnvs:
|
||||
- name: GITEA__DATABASE__PASSWD
|
||||
valueFrom:
|
||||
|
||||
@@ -6,9 +6,6 @@ controller:
|
||||
controllerValue: "k8s.io/ingress-nginx"
|
||||
parameters: {}
|
||||
ingressClass: nginx-internal
|
||||
service:
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: "postgres.home,postgres.dogar.dev"
|
||||
tcp:
|
||||
22: "gitea-system/gitea-ssh:22"
|
||||
5432: "postgres-system/postgres-cluster-rw:5432"
|
||||
|
||||
@@ -10,7 +10,7 @@ admin:
|
||||
persistentVolumeClaim:
|
||||
enabled: true
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
- ReadWriteOnce
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
@@ -35,7 +35,6 @@ serviceDns:
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
type: LoadBalancer
|
||||
replicaCount: 3
|
||||
podAnnotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "9617"
|
||||
|
||||
@@ -1,10 +1,16 @@
|
||||
grafana:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: grafana.dogar.dev
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx-internal
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: cloudflare-issuer
|
||||
cert-manager.io/private-key-algorithm: ED25519
|
||||
cert-manager.io/acme-challenge-type: dns01
|
||||
hosts:
|
||||
- grafana.dogar.dev
|
||||
tls:
|
||||
|
||||
23
helm/values/redis.values.yaml
Normal file
23
helm/values/redis.values.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
architecture: standalone
|
||||
|
||||
auth:
|
||||
enabled: true
|
||||
sentinel: true
|
||||
existingSecret: redis
|
||||
existingSecretPasswordKey: password
|
||||
|
||||
master:
|
||||
persistence:
|
||||
enabled: false
|
||||
service:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: redis.dogar.dev
|
||||
|
||||
replica:
|
||||
replicaCount: 0
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
sentinel:
|
||||
enabled: false
|
||||
Reference in New Issue
Block a user