homelab/terraform/authentik

Authentik Terraform Module

Terraform module for managing Authentik applications with OAuth2/OpenID and Proxy providers, including automatic Outpost assignment.

Usage

module "authentik" {
  source = "./authentik"

  authentik_url   = "https://auth.example.com"
  authentik_token = var.authentik_token

  oauth_applications = {
    "gitlab" = {
      name         = "GitLab OAuth"
      slug         = "gitlab"
      redirect_uris = ["https://gitlab.example.com/users/auth/openid_connect/callback"]
    }
  }

  proxy_applications = {
    "portainer" = {
      name          = "Portainer"
      slug          = "portainer"
      external_host = "https://portainer.example.com"
      internal_host = "http://portainer:9000"
      outpost       = "k8s-outpost"
    }
  }

  outposts = {
    "k8s-outpost" = {
      name = "Kubernetes Outpost"
      type = "proxy"
      service_connection = "k8s-local"
    }
  }
}

Structure

• main.tf - Main configuration
• variables.tf - Input variables
• outputs.tf - Output values
• modules/oauth-provider/ - OAuth2/OIDC provider module
• modules/proxy-provider/ - Proxy provider module
• terraform.tfvars.example - Configuration example

Requirements

• Terraform >= 1.0
• Authentik provider >= 2023.10.0
• Authentik API token with admin permissions