From a70307111df538a3d5f0c5b8973ddc3c64495c9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= Date: Sat, 1 Feb 2025 12:40:24 +0100 Subject: [PATCH] found a bug or got stuck at authentik --- .../.identity/.authentik-postgresql.template | 1 - .../.identity/.authentik-secret-key.template | 1 - .gitignore | 4 +-- .../base/.envs}/.cloudflare.template | 0 .../base/.envs}/.pihole.template | 0 stages/base/kustomization.yaml | 4 +-- stages/base/values/argocd.values.yaml | 33 ------------------- .../values/external-dns-pihole.values.yaml | 2 +- stages/delivery/helmfile.yaml | 3 +- .../.envs/.authentik-postgresql.template | 1 + .../.envs/.authentik-secret-key.template | 1 + stages/identity/helmfile.yaml | 5 +-- stages/identity/kustomization.yaml | 23 ------------- ...lues.yaml => authentik.values.yaml.gotmpl} | 22 ++++--------- 14 files changed, 19 insertions(+), 81 deletions(-) delete mode 100644 .envs/.identity/.authentik-postgresql.template delete mode 100644 .envs/.identity/.authentik-secret-key.template rename {.envs/.base => stages/base/.envs}/.cloudflare.template (100%) rename {.envs/.base => stages/base/.envs}/.pihole.template (100%) delete mode 100644 stages/base/values/argocd.values.yaml create mode 100644 stages/identity/.envs/.authentik-postgresql.template create mode 100644 stages/identity/.envs/.authentik-secret-key.template delete mode 100644 stages/identity/kustomization.yaml rename stages/identity/values/{authentik.values.yaml => authentik.values.yaml.gotmpl} (52%) diff --git a/.envs/.identity/.authentik-postgresql.template b/.envs/.identity/.authentik-postgresql.template deleted file mode 100644 index b44e206..0000000 --- a/.envs/.identity/.authentik-postgresql.template +++ /dev/null @@ -1 +0,0 @@ -password= \ No newline at end of file diff --git a/.envs/.identity/.authentik-secret-key.template b/.envs/.identity/.authentik-secret-key.template deleted file mode 100644 index 85116c1..0000000 --- a/.envs/.identity/.authentik-secret-key.template +++ /dev/null @@ -1 +0,0 @@ -key= \ No newline at end of file diff --git a/.gitignore b/.gitignore index e9c3cc8..acb1107 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -.envs/.*/.* -!.envs/.*/.*.template \ No newline at end of file +**/*/.envs/.* +!**/*/.envs/.*.template \ No newline at end of file diff --git a/.envs/.base/.cloudflare.template b/stages/base/.envs/.cloudflare.template similarity index 100% rename from .envs/.base/.cloudflare.template rename to stages/base/.envs/.cloudflare.template diff --git a/.envs/.base/.pihole.template b/stages/base/.envs/.pihole.template similarity index 100% rename from .envs/.base/.pihole.template rename to stages/base/.envs/.pihole.template diff --git a/stages/base/kustomization.yaml b/stages/base/kustomization.yaml index a3f77de..ee1a639 100644 --- a/stages/base/kustomization.yaml +++ b/stages/base/kustomization.yaml @@ -10,11 +10,11 @@ resources: secretGenerator: - name: cert-manager-cloudflare envs: - - ../../.envs/.cloudflare + - .envs/.cloudflare namespace: cert-manager - name: pihole-admin envs: - - ../../.envs/.pihole + - .envs/.pihole namespace: pihole options: disableNameSuffixHash: true diff --git a/stages/base/values/argocd.values.yaml b/stages/base/values/argocd.values.yaml deleted file mode 100644 index 91b7769..0000000 --- a/stages/base/values/argocd.values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -global: - domain: argo.kropcloud.net - -configs: - params: - server.insecure: true - -redis-ha: - enabled: true - -controller: - replicas: 1 - -server: - replicas: 2 - ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - cert-manager.io/cluster-issuer: cloudflare-issuer - extraTls: - - hosts: - - argo.kropcloud.net - secretName: argocd-tls - - -repoServer: - replicas: 2 - -applicationSet: - replicas: 2 diff --git a/stages/base/values/external-dns-pihole.values.yaml b/stages/base/values/external-dns-pihole.values.yaml index e2fe660..d0bf33d 100644 --- a/stages/base/values/external-dns-pihole.values.yaml +++ b/stages/base/values/external-dns-pihole.values.yaml @@ -7,4 +7,4 @@ pihole: secretName: pihole-admin ingressClassFilters: - - ingress-nginx + - nginx diff --git a/stages/delivery/helmfile.yaml b/stages/delivery/helmfile.yaml index 73686bc..5c21d4b 100644 --- a/stages/delivery/helmfile.yaml +++ b/stages/delivery/helmfile.yaml @@ -10,4 +10,5 @@ releases: chart: argocd/argo-cd version: 7.7.21 values: - - ./values/argocd.values.yaml \ No newline at end of file + - ./values/argocd.values.yaml + installed: false \ No newline at end of file diff --git a/stages/identity/.envs/.authentik-postgresql.template b/stages/identity/.envs/.authentik-postgresql.template new file mode 100644 index 0000000..91f7cc2 --- /dev/null +++ b/stages/identity/.envs/.authentik-postgresql.template @@ -0,0 +1 @@ +{{ pw "bdf24fa1-8638-4cd1-a17a-df5f0bc8adee" }} \ No newline at end of file diff --git a/stages/identity/.envs/.authentik-secret-key.template b/stages/identity/.envs/.authentik-secret-key.template new file mode 100644 index 0000000..771f344 --- /dev/null +++ b/stages/identity/.envs/.authentik-secret-key.template @@ -0,0 +1 @@ +{{ pw "0e694c6c-9b5c-48c5-b884-6f7274c74832" }} \ No newline at end of file diff --git a/stages/identity/helmfile.yaml b/stages/identity/helmfile.yaml index c7b9653..05a3054 100644 --- a/stages/identity/helmfile.yaml +++ b/stages/identity/helmfile.yaml @@ -4,8 +4,9 @@ repositories: --- releases: - name: authentik - namespace: identity--authentik + namespace: authentik chart: authentik/authentik version: 2024.12.3 values: - - ./values/authentik.values.yaml \ No newline at end of file + - ./values/authentik.values.yaml.gotmpl + installed: false \ No newline at end of file diff --git a/stages/identity/kustomization.yaml b/stages/identity/kustomization.yaml deleted file mode 100644 index 55d062e..0000000 --- a/stages/identity/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - - -secretGenerator: - - name: authentik-db-password - namespace: identity--authentik - envs: - - ../../.envs/.identity/.authentik-postgresql - options: - disableNameSuffixHash: true - - name: authentik-secret-key - namespace: identity--authentik - envs: - - ../../.envs/.identity/.authentik-secret-key - options: - disableNameSuffixHash: true - - -labels: -- includeSelectors: true - pairs: - app.kubernetes.io/managed-by: Kustomize diff --git a/stages/identity/values/authentik.values.yaml b/stages/identity/values/authentik.values.yaml.gotmpl similarity index 52% rename from stages/identity/values/authentik.values.yaml rename to stages/identity/values/authentik.values.yaml.gotmpl index 7bc06cb..d4c407e 100644 --- a/stages/identity/values/authentik.values.yaml +++ b/stages/identity/values/authentik.values.yaml.gotmpl @@ -1,28 +1,20 @@ postgresql: enabled: true auth: - existingSecret: authentik-db-password - secretKeys: - userPasswordKey: password + password: {{ readFile "../.envs/.authentik-postgresql" }} -global: - env: - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - name: authentik-db-password - key: password - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - name: authentik-secret-key - key: key +authentik: + secret_key: {{ readFile "../.envs/.authentik-secret-key" }} + + postgresql: + password: {{ readFile "../.envs/.authentik-postgresql" }} redis: enabled: true server: ingress: + ingressClassName: nginx enabled: true hosts: - idp.kropcloud.net