From 69e01aaa92135eba52c93b32839d95e6e9f33c89 Mon Sep 17 00:00:00 2001 From: Ultradesu Date: Sun, 6 Apr 2025 00:28:24 +0100 Subject: [PATCH] Added authentik --- k8s/core/authentik/external-secrets.yaml | 46 +++++++++++++++++++ k8s/core/authentik/kustomization.yaml | 15 ++++++ k8s/core/authentik/values.yaml | 46 +++++++++++++++++++ k8s/state/core/authentik.yaml | 21 +++++++++ .../{apps => core}/external-secrets.yaml | 0 5 files changed, 128 insertions(+) create mode 100644 k8s/core/authentik/external-secrets.yaml create mode 100644 k8s/core/authentik/kustomization.yaml create mode 100644 k8s/core/authentik/values.yaml create mode 100644 k8s/state/core/authentik.yaml rename k8s/state/{apps => core}/external-secrets.yaml (100%) diff --git a/k8s/core/authentik/external-secrets.yaml b/k8s/core/authentik/external-secrets.yaml new file mode 100644 index 0000000..8e0618a --- /dev/null +++ b/k8s/core/authentik/external-secrets.yaml @@ -0,0 +1,46 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: authentik-creds + namespace: authentik +spec: + target: + name: authentik-creds + deletionPolicy: Delete + template: + type: Opaque + data: + AUTHENTIK_HOST: "https://idm.hexor.cy" + AUTHENTIK_COOKIE_DOMAIN: "hexor.cy" + AUTHENTIK_POSTGRESQL__USER: |- + {{ .username }} + AUTHENTIK_POSTGRESQL__PASSWORD: |- + {{ .password }} + AUTHENTIK_SECRET_KEY: |- + {{ .secret_key }} + data: + - secretKey: password + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 279c2c1f-c147-4b6b-a511-36c3cd764f9d + property: login.password + - secretKey: username + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 279c2c1f-c147-4b6b-a511-36c3cd764f9d + property: login.username + - secretKey: secret_key + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 279c2c1f-c147-4b6b-a511-36c3cd764f9d + property: fields[0].value + diff --git a/k8s/core/authentik/kustomization.yaml b/k8s/core/authentik/kustomization.yaml new file mode 100644 index 0000000..6906675 --- /dev/null +++ b/k8s/core/authentik/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - external-secrets.yaml + +helmCharts: + - name: authentik + repo: https://charts.goauthentik.io + version: 2025.2.3 + releaseName: authentik + namespace: authentik + valuesFile: values.yaml + includeCRDs: true + diff --git a/k8s/core/authentik/values.yaml b/k8s/core/authentik/values.yaml new file mode 100644 index 0000000..5b37f74 --- /dev/null +++ b/k8s/core/authentik/values.yaml @@ -0,0 +1,46 @@ +global: + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net +authentik: + error_reporting: + enabled: true + postgresql: + name: "authentik" + host: "psql.psql.svc" + port: 5432 +worker: + envFrom: + - secretRef: + name: authentik-creds +server: + envFrom: + - secretRef: + name: authentik-creds + image: + tag: "2025.2.3" + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd + hosts: + - idm.hexor.cy + - nas.hexor.cy # TrueNAS Limassol + - nc.hexor.cy # NaxtCloud + - of.hexor.cy # Outfleet-v2 + - master.hexor.cy # k8s dashboard + - qbt.hexor.cy # qBittorent for Jellyfin + - prom.hexor.cy # Prometheus + - ss.hexor.cy # Syncthing UI + - khm.hexor.cy # Known Hosts keys Manager + - backup.hexor.cy # Kopia Backup UI + - fm.hexor.cy # Filemanager + - hexound.hexor.cy # Hexound + tls: + - secretName: idm-tls + hosts: + - '*.hexor.cy' +redis: + enabled: true + diff --git a/k8s/state/core/authentik.yaml b/k8s/state/core/authentik.yaml new file mode 100644 index 0000000..9d06a32 --- /dev/null +++ b/k8s/state/core/authentik.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authentik + namespace: argocd +spec: + project: homelab + destination: + namespace: authentik + server: https://kubernetes.default.svc + source: + repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git + targetRevision: HEAD + path: k8s/core/authentik + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + diff --git a/k8s/state/apps/external-secrets.yaml b/k8s/state/core/external-secrets.yaml similarity index 100% rename from k8s/state/apps/external-secrets.yaml rename to k8s/state/core/external-secrets.yaml