---
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: kibana-authentik
  namespace: elastic-system
  annotations:
    operator.1password.io/auto-restart: "true"
spec:
  itemPath: "vaults/Lab/items/kibana-authentik"
---
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
  namespace: elastic-system
spec:
  version: 8.15.2
  http:
    tls:
      certificate:
        secretName: elasticsearch-es-http-tls-internal
  # secureSettings:
  # - secretName: kibana-authentik
  #   entries:
  #   - key: client-secret
  #     path: "xpack.security.authc.realms.oidc.authentik.rp.client_secret"
  nodeSets:
  - name: node
    count: 3
    podTemplate:
      spec:
        containers:
        - name: elasticsearch
          resources:
            limits:
              memory: 8Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: longhorn
    config:
      node.roles: ["master", "data"]
      # xpack.security.authc.token.enabled: true
      # xpack.security.authc.realms.oidc.authentik:
      #   order: 2
      #   rp.client_id: "atlY82FGIBYvUg87cnENzks5ft1AUUtIfQsXSDog"
      #   rp.response_type: code
      #   rp.redirect_uri: "https://kibana.dogar.dev/api/security/oidc/callback"
      #   op.issuer: "https://auth.dogar.dev/application/o/kibana/"
      #   op.authorization_endpoint: "https://auth.dogar.dev/application/o/authorize/"
      #   op.token_endpoint: "https://auth.dogar.dev/application/o/token/"
      #   op.jwkset_path: "https://auth.dogar.dev/application/o/kibana/jwks/"
      #   op.userinfo_endpoint: "https://auth.dogar.dev/application/o/userinfo/"
      #   op.endsession_endpoint: "https://auth.dogar.dev/application/o/kibana/end-session/"
      #   rp.post_logout_redirect_uri: "https://kibana.dogar.dev/security/logged_out"
      #   claims.principal: sub
      #   claims.groups: groups