From e633a233e5a6b0927f005d9295073fb1f9c98918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= Date: Sat, 1 Feb 2025 01:15:47 +0100 Subject: [PATCH] reorganized and started adding authentik --- .../.identity/.authentik-postgresql.template | 1 + .../.identity/.authentik-secret-key.template | 1 + helmfile.yaml => stages/base/helmfile.yaml | 8 ----- .../base/kustomization.yaml | 4 +-- .../kustomize}/cert-manager-cloudflare.yaml | 0 .../base/kustomize}/csi-driver-nfs.yaml | 0 .../base/kustomize}/metallb.yaml | 0 .../base/kustomizeconfig}/clusterIssuer.yaml | 0 .../base/values}/argocd.values.yaml | 0 .../base/values}/cert-manager.values.yaml | 0 .../values}/external-dns-pihole.values.yaml | 0 .../base/values}/ingress-nginx.values.yaml | 0 .../base/values}/pihole.values.yaml | 0 stages/delivery/helmfile.yaml | 13 +++++++ stages/delivery/kustomization.yaml | 7 ++++ stages/delivery/values/argocd.values.yaml | 33 +++++++++++++++++ stages/identity/helmfile.yaml | 11 ++++++ stages/identity/kustomization.yaml | 23 ++++++++++++ stages/identity/values/authentik.values.yaml | 36 +++++++++++++++++++ 19 files changed, 127 insertions(+), 10 deletions(-) create mode 100644 .envs/.identity/.authentik-postgresql.template create mode 100644 .envs/.identity/.authentik-secret-key.template rename helmfile.yaml => stages/base/helmfile.yaml (86%) rename kustomization.yaml => stages/base/kustomization.yaml (89%) rename {kustomize => stages/base/kustomize}/cert-manager-cloudflare.yaml (100%) rename {kustomize => stages/base/kustomize}/csi-driver-nfs.yaml (100%) rename {kustomize => stages/base/kustomize}/metallb.yaml (100%) rename {kustomizeconfig => stages/base/kustomizeconfig}/clusterIssuer.yaml (100%) rename {values => stages/base/values}/argocd.values.yaml (100%) rename {values => stages/base/values}/cert-manager.values.yaml (100%) rename {values => stages/base/values}/external-dns-pihole.values.yaml (100%) rename {values => stages/base/values}/ingress-nginx.values.yaml (100%) rename {values => stages/base/values}/pihole.values.yaml (100%) create mode 100644 stages/delivery/helmfile.yaml create mode 100644 stages/delivery/kustomization.yaml create mode 100644 stages/delivery/values/argocd.values.yaml create mode 100644 stages/identity/helmfile.yaml create mode 100644 stages/identity/kustomization.yaml create mode 100644 stages/identity/values/authentik.values.yaml diff --git a/.envs/.identity/.authentik-postgresql.template b/.envs/.identity/.authentik-postgresql.template new file mode 100644 index 0000000..b44e206 --- /dev/null +++ b/.envs/.identity/.authentik-postgresql.template @@ -0,0 +1 @@ +password= \ No newline at end of file diff --git a/.envs/.identity/.authentik-secret-key.template b/.envs/.identity/.authentik-secret-key.template new file mode 100644 index 0000000..85116c1 --- /dev/null +++ b/.envs/.identity/.authentik-secret-key.template @@ -0,0 +1 @@ +key= \ No newline at end of file diff --git a/helmfile.yaml b/stages/base/helmfile.yaml similarity index 86% rename from helmfile.yaml rename to stages/base/helmfile.yaml index 6b41df1..6c9d463 100644 --- a/helmfile.yaml +++ b/stages/base/helmfile.yaml @@ -7,8 +7,6 @@ repositories: url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts - name: jetstack url: https://charts.jetstack.io - - name: argocd - url: https://argoproj.github.io/argo-helm - name: mojo2600 url: https://mojo2600.github.io/pihole-kubernetes/ - name: bitnami @@ -35,12 +33,6 @@ releases: version: v1.16.2 values: - ./values/cert-manager.values.yaml - - name: argocd - namespace: argocd - chart: argocd/argo-cd - version: 7.7.21 - values: - - ./values/argocd.values.yaml - name: pihole namespace: pihole chart: mojo2600/pihole diff --git a/kustomization.yaml b/stages/base/kustomization.yaml similarity index 89% rename from kustomization.yaml rename to stages/base/kustomization.yaml index ee1a639..a3f77de 100644 --- a/kustomization.yaml +++ b/stages/base/kustomization.yaml @@ -10,11 +10,11 @@ resources: secretGenerator: - name: cert-manager-cloudflare envs: - - .envs/.cloudflare + - ../../.envs/.cloudflare namespace: cert-manager - name: pihole-admin envs: - - .envs/.pihole + - ../../.envs/.pihole namespace: pihole options: disableNameSuffixHash: true diff --git a/kustomize/cert-manager-cloudflare.yaml b/stages/base/kustomize/cert-manager-cloudflare.yaml similarity index 100% rename from kustomize/cert-manager-cloudflare.yaml rename to stages/base/kustomize/cert-manager-cloudflare.yaml diff --git a/kustomize/csi-driver-nfs.yaml b/stages/base/kustomize/csi-driver-nfs.yaml similarity index 100% rename from kustomize/csi-driver-nfs.yaml rename to stages/base/kustomize/csi-driver-nfs.yaml diff --git a/kustomize/metallb.yaml b/stages/base/kustomize/metallb.yaml similarity index 100% rename from kustomize/metallb.yaml rename to stages/base/kustomize/metallb.yaml diff --git a/kustomizeconfig/clusterIssuer.yaml b/stages/base/kustomizeconfig/clusterIssuer.yaml similarity index 100% rename from kustomizeconfig/clusterIssuer.yaml rename to stages/base/kustomizeconfig/clusterIssuer.yaml diff --git a/values/argocd.values.yaml b/stages/base/values/argocd.values.yaml similarity index 100% rename from values/argocd.values.yaml rename to stages/base/values/argocd.values.yaml diff --git a/values/cert-manager.values.yaml b/stages/base/values/cert-manager.values.yaml similarity index 100% rename from values/cert-manager.values.yaml rename to stages/base/values/cert-manager.values.yaml diff --git a/values/external-dns-pihole.values.yaml b/stages/base/values/external-dns-pihole.values.yaml similarity index 100% rename from values/external-dns-pihole.values.yaml rename to stages/base/values/external-dns-pihole.values.yaml diff --git a/values/ingress-nginx.values.yaml b/stages/base/values/ingress-nginx.values.yaml similarity index 100% rename from values/ingress-nginx.values.yaml rename to stages/base/values/ingress-nginx.values.yaml diff --git a/values/pihole.values.yaml b/stages/base/values/pihole.values.yaml similarity index 100% rename from values/pihole.values.yaml rename to stages/base/values/pihole.values.yaml diff --git a/stages/delivery/helmfile.yaml b/stages/delivery/helmfile.yaml new file mode 100644 index 0000000..73686bc --- /dev/null +++ b/stages/delivery/helmfile.yaml @@ -0,0 +1,13 @@ +repositories: + - name: argocd + url: https://argoproj.github.io/argo-helm + +--- + +releases: + - name: argocd + namespace: argocd + chart: argocd/argo-cd + version: 7.7.21 + values: + - ./values/argocd.values.yaml \ No newline at end of file diff --git a/stages/delivery/kustomization.yaml b/stages/delivery/kustomization.yaml new file mode 100644 index 0000000..b48eabc --- /dev/null +++ b/stages/delivery/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/managed-by: Kustomize diff --git a/stages/delivery/values/argocd.values.yaml b/stages/delivery/values/argocd.values.yaml new file mode 100644 index 0000000..91b7769 --- /dev/null +++ b/stages/delivery/values/argocd.values.yaml @@ -0,0 +1,33 @@ +global: + domain: argo.kropcloud.net + +configs: + params: + server.insecure: true + +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + replicas: 2 + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + cert-manager.io/cluster-issuer: cloudflare-issuer + extraTls: + - hosts: + - argo.kropcloud.net + secretName: argocd-tls + + +repoServer: + replicas: 2 + +applicationSet: + replicas: 2 diff --git a/stages/identity/helmfile.yaml b/stages/identity/helmfile.yaml new file mode 100644 index 0000000..c7b9653 --- /dev/null +++ b/stages/identity/helmfile.yaml @@ -0,0 +1,11 @@ +repositories: + - name: authentik + url: https://charts.goauthentik.io/ +--- +releases: + - name: authentik + namespace: identity--authentik + chart: authentik/authentik + version: 2024.12.3 + values: + - ./values/authentik.values.yaml \ No newline at end of file diff --git a/stages/identity/kustomization.yaml b/stages/identity/kustomization.yaml new file mode 100644 index 0000000..55d062e --- /dev/null +++ b/stages/identity/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + + +secretGenerator: + - name: authentik-db-password + namespace: identity--authentik + envs: + - ../../.envs/.identity/.authentik-postgresql + options: + disableNameSuffixHash: true + - name: authentik-secret-key + namespace: identity--authentik + envs: + - ../../.envs/.identity/.authentik-secret-key + options: + disableNameSuffixHash: true + + +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/managed-by: Kustomize diff --git a/stages/identity/values/authentik.values.yaml b/stages/identity/values/authentik.values.yaml new file mode 100644 index 0000000..7bc06cb --- /dev/null +++ b/stages/identity/values/authentik.values.yaml @@ -0,0 +1,36 @@ +postgresql: + enabled: true + auth: + existingSecret: authentik-db-password + secretKeys: + userPasswordKey: password + +global: + env: + - name: AUTHENTIK_POSTGRESQL__PASSWORD + valueFrom: + secretKeyRef: + name: authentik-db-password + key: password + - name: AUTHENTIK_SECRET_KEY + valueFrom: + secretKeyRef: + name: authentik-secret-key + key: key + +redis: + enabled: true + +server: + ingress: + enabled: true + hosts: + - idp.kropcloud.net + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + cert-manager.io/cluster-issuer: cloudflare-issuer + tls: + - hosts: + - idp.kropcloud.net + secretName: authentik-tls \ No newline at end of file