KropCloud/gitops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reorganized and started adding authentik

Browse source
This commit is contained in:
Jakub Kropáček 2025-02-01 01:15:47 +01:00
parent 7369f53a00
commit e633a233e5
19 changed files with 127 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.envs/.identity/.authentik-postgresql.template Normal file
View file

@ -0,0 +1 @@
password=

1
.envs/.identity/.authentik-secret-key.template Normal file
View file

@ -0,0 +1 @@
key=

8
helmfile.yaml → stages/base/helmfile.yaml
View file

@ -7,8 +7,6 @@ repositories:
url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
- name: jetstack - name: jetstack
url: https://charts.jetstack.io url: https://charts.jetstack.io
- name: argocd
url: https://argoproj.github.io/argo-helm
- name: mojo2600 - name: mojo2600
url: https://mojo2600.github.io/pihole-kubernetes/ url: https://mojo2600.github.io/pihole-kubernetes/
- name: bitnami - name: bitnami
@ -35,12 +33,6 @@ releases:
version: v1.16.2 version: v1.16.2
values: values:
- ./values/cert-manager.values.yaml - ./values/cert-manager.values.yaml
- name: argocd
namespace: argocd
chart: argocd/argo-cd
version: 7.7.21
values:
- ./values/argocd.values.yaml
- name: pihole - name: pihole
namespace: pihole namespace: pihole
chart: mojo2600/pihole chart: mojo2600/pihole

4
kustomization.yaml → stages/base/kustomization.yaml
View file

@ -10,11 +10,11 @@ resources:
secretGenerator: secretGenerator:
- name: cert-manager-cloudflare - name: cert-manager-cloudflare
envs: envs:
- .envs/.cloudflare - ../../.envs/.cloudflare
namespace: cert-manager namespace: cert-manager
- name: pihole-admin - name: pihole-admin
envs: envs:
- .envs/.pihole - ../../.envs/.pihole
namespace: pihole namespace: pihole
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true

0
kustomize/cert-manager-cloudflare.yaml → stages/base/kustomize/cert-manager-cloudflare.yaml
View file

0
kustomize/csi-driver-nfs.yaml → stages/base/kustomize/csi-driver-nfs.yaml
View file

0
kustomize/metallb.yaml → stages/base/kustomize/metallb.yaml
View file

0
kustomizeconfig/clusterIssuer.yaml → stages/base/kustomizeconfig/clusterIssuer.yaml
View file

0
values/argocd.values.yaml → stages/base/values/argocd.values.yaml
View file

0
values/cert-manager.values.yaml → stages/base/values/cert-manager.values.yaml
View file

0
values/external-dns-pihole.values.yaml → stages/base/values/external-dns-pihole.values.yaml
View file

0
values/ingress-nginx.values.yaml → stages/base/values/ingress-nginx.values.yaml
View file

0
values/pihole.values.yaml → stages/base/values/pihole.values.yaml
View file

13
stages/delivery/helmfile.yaml Normal file
View file

@ -0,0 +1,13 @@
repositories:
- name: argocd
url: https://argoproj.github.io/argo-helm
---
releases:
- name: argocd
namespace: argocd
chart: argocd/argo-cd
version: 7.7.21
values:
- ./values/argocd.values.yaml

7
stages/delivery/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/managed-by: Kustomize

33
stages/delivery/values/argocd.values.yaml Normal file
View file

@ -0,0 +1,33 @@
global:
domain: argo.kropcloud.net
configs:
params:
server.insecure: true
redis-ha:
enabled: true
controller:
replicas: 1
server:
replicas: 2
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
cert-manager.io/cluster-issuer: cloudflare-issuer
extraTls:
- hosts:
- argo.kropcloud.net
secretName: argocd-tls
repoServer:
replicas: 2
applicationSet:
replicas: 2

11
stages/identity/helmfile.yaml Normal file
View file

@ -0,0 +1,11 @@
repositories:
- name: authentik
url: https://charts.goauthentik.io/
---
releases:
- name: authentik
namespace: identity--authentik
chart: authentik/authentik
version: 2024.12.3
values:
- ./values/authentik.values.yaml

23
stages/identity/kustomization.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: authentik-db-password
namespace: identity--authentik
envs:
- ../../.envs/.identity/.authentik-postgresql
options:
disableNameSuffixHash: true
- name: authentik-secret-key
namespace: identity--authentik
envs:
- ../../.envs/.identity/.authentik-secret-key
options:
disableNameSuffixHash: true
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/managed-by: Kustomize

36
stages/identity/values/authentik.values.yaml Normal file
View file

@ -0,0 +1,36 @@
postgresql:
enabled: true
auth:
existingSecret: authentik-db-password
secretKeys:
userPasswordKey: password
global:
env:
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-db-password
key: password
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secret-key
key: key
redis:
enabled: true
server:
ingress:
enabled: true
hosts:
- idp.kropcloud.net
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
cert-manager.io/cluster-issuer: cloudflare-issuer
tls:
- hosts:
- idp.kropcloud.net
secretName: authentik-tls