authentik: deploy

2022-05-18 12:05:23 +02:00 · 2022-05-18 12:05:23 +02:00 · e07f7bf6ab
parent 8a0145f5f1
commit e07f7bf6ab
4 changed files with 65 additions and 0 deletions
--- a/flux/cluster/apps/authentik/external-secret.yaml
+++ b/flux/cluster/apps/authentik/external-secret.yaml
@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: authentik
+  namespace: authentik
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: authentik
+  data:
+  - secretKey: secret_key
+    remoteRef:
+      key: authentik/authentik
+      property: secret_key
--- a/flux/cluster/apps/authentik/helm-release.yaml
+++ b/flux/cluster/apps/authentik/helm-release.yaml
@ -0,0 +1,44 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: authentik
+  namespace: identity-system
+spec:
+  interval: 1m0s
+  chart: 
+    spec:
+      # renovate: registryUrl=https://charts.goauthentik.io
+      chart: authentik
+      version: 2022.4.3
+      sourceRef:
+        kind: HelmRepository
+        name: authentik-charts
+        namespace: flux-system
+      interval: 5m
+  valuesFrom:
+    - kind: Secret
+      name: authentik
+      valuesKey: secret_key
+      targetPath: authentik.secret_key
+      optional: false
+  values:
+    authentik:
+      error_reporting:
+        enabled: true
+      postgresql:
+        host: "database.olympus"
+        name: "authentik"
+        user: "authentik"
+    redis:
+      enabled: true
+      architecture: standalone
+      auth:
+        enabled: false
+    ingress:
+      enabled: true
+      ingressClassName: "traefik"
+      hosts:
+        - host: id.0x76.dev
+          paths:
+            - path: "/"
+              pathType: Prefix
--- a/flux/cluster/apps/authentik/kustomization.yaml
+++ b/flux/cluster/apps/authentik/kustomization.yaml
@ -1,2 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+resources:
+  - external-secret.yaml
+  - helm-release.yaml
--- a/nixos/hosts/nginx/configuration.nix
+++ b/nixos/hosts/nginx/configuration.nix
@ -45,6 +45,7 @@ in

    # Kubernetes endpoints
    virtualHosts."0x76.dev" = k8s_proxy;
+    virtualHosts."id.0x76.dev" = k8s_proxy;
    virtualHosts."zookeeper.0x76.dev" = k8s_proxy;
    virtualHosts."wooloofan.club" = k8s_proxy;
    virtualHosts."whoami.wooloofan.club" = k8s_proxy;