reorganized and started adding authentik

2025-02-01 01:15:47 +01:00 · 2025-02-01 01:15:47 +01:00 · e633a233e5
commit e633a233e5
parent 7369f53a00
19 changed files with 127 additions and 10 deletions
--- a/.envs/.identity/.authentik-postgresql.template
+++ b/.envs/.identity/.authentik-postgresql.template
@ -0,0 +1 @@
+password=
--- a/.envs/.identity/.authentik-secret-key.template
+++ b/.envs/.identity/.authentik-secret-key.template
@ -0,0 +1 @@
+key=
--- a/stages/base/helmfile.yaml
+++ b/stages/base/helmfile.yaml
@ -7,8 +7,6 @@ repositories:
    url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
  - name: jetstack
    url: https://charts.jetstack.io
-  - name: argocd
-    url: https://argoproj.github.io/argo-helm
  - name: mojo2600
    url: https://mojo2600.github.io/pihole-kubernetes/
  - name: bitnami
@ -35,12 +33,6 @@ releases:
    version: v1.16.2
    values:
      - ./values/cert-manager.values.yaml
-  - name: argocd
-    namespace: argocd
-    chart: argocd/argo-cd
-    version: 7.7.21
-    values:
-      - ./values/argocd.values.yaml
  - name: pihole
    namespace: pihole
    chart: mojo2600/pihole
--- a/stages/base/kustomization.yaml
+++ b/stages/base/kustomization.yaml
@ -10,11 +10,11 @@ resources:
 secretGenerator:
  - name: cert-manager-cloudflare
    envs:
-      - .envs/.cloudflare
+      - ../../.envs/.cloudflare
    namespace: cert-manager
  - name: pihole-admin
    envs:
-      - .envs/.pihole
+      - ../../.envs/.pihole
    namespace: pihole
    options:
      disableNameSuffixHash: true
--- a/stages/base/kustomize/cert-manager-cloudflare.yaml
+++ b/stages/base/kustomize/cert-manager-cloudflare.yaml
--- a/stages/base/kustomize/csi-driver-nfs.yaml
+++ b/stages/base/kustomize/csi-driver-nfs.yaml
--- a/stages/base/kustomize/metallb.yaml
+++ b/stages/base/kustomize/metallb.yaml
--- a/stages/base/kustomizeconfig/clusterIssuer.yaml
+++ b/stages/base/kustomizeconfig/clusterIssuer.yaml
--- a/stages/base/values/argocd.values.yaml
+++ b/stages/base/values/argocd.values.yaml
--- a/stages/base/values/cert-manager.values.yaml
+++ b/stages/base/values/cert-manager.values.yaml
--- a/stages/base/values/external-dns-pihole.values.yaml
+++ b/stages/base/values/external-dns-pihole.values.yaml
--- a/stages/base/values/ingress-nginx.values.yaml
+++ b/stages/base/values/ingress-nginx.values.yaml
--- a/stages/base/values/pihole.values.yaml
+++ b/stages/base/values/pihole.values.yaml
--- a/stages/delivery/helmfile.yaml
+++ b/stages/delivery/helmfile.yaml
@ -0,0 +1,13 @@
+repositories:
+  - name: argocd
+    url: https://argoproj.github.io/argo-helm
+
+---
+
+releases:
+  - name: argocd
+    namespace: argocd
+    chart: argocd/argo-cd
+    version: 7.7.21
+    values:
+      - ./values/argocd.values.yaml
--- a/stages/delivery/kustomization.yaml
+++ b/stages/delivery/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/managed-by: Kustomize
--- a/stages/delivery/values/argocd.values.yaml
+++ b/stages/delivery/values/argocd.values.yaml
@ -0,0 +1,33 @@
+global:
+  domain: argo.kropcloud.net
+
+configs:
+  params:
+    server.insecure: true
+
+redis-ha:
+  enabled: true
+
+controller:
+  replicas: 1
+
+server:
+  replicas: 2
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    annotations:
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+        cert-manager.io/cluster-issuer: cloudflare-issuer
+    extraTls:
+      - hosts:
+          - argo.kropcloud.net
+        secretName: argocd-tls
+
+
+repoServer:
+  replicas: 2
+
+applicationSet:
+  replicas: 2
--- a/stages/identity/helmfile.yaml
+++ b/stages/identity/helmfile.yaml
@ -0,0 +1,11 @@
+repositories:
+  - name: authentik
+    url: https://charts.goauthentik.io/
+---
+releases:
+  - name: authentik
+    namespace: identity--authentik
+    chart: authentik/authentik
+    version: 2024.12.3
+    values:
+      - ./values/authentik.values.yaml
--- a/stages/identity/kustomization.yaml
+++ b/stages/identity/kustomization.yaml
@ -0,0 +1,23 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+secretGenerator:
+  - name: authentik-db-password
+    namespace: identity--authentik
+    envs:
+      - ../../.envs/.identity/.authentik-postgresql
+    options:
+      disableNameSuffixHash: true
+  - name: authentik-secret-key
+    namespace: identity--authentik
+    envs:
+      - ../../.envs/.identity/.authentik-secret-key
+    options:
+      disableNameSuffixHash: true
+
+
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/managed-by: Kustomize
--- a/stages/identity/values/authentik.values.yaml
+++ b/stages/identity/values/authentik.values.yaml
@ -0,0 +1,36 @@
+postgresql:
+  enabled: true
+  auth:
+    existingSecret: authentik-db-password
+    secretKeys:
+      userPasswordKey: password
+
+global:
+  env:
+    - name: AUTHENTIK_POSTGRESQL__PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: authentik-db-password
+          key: password
+    - name: AUTHENTIK_SECRET_KEY
+      valueFrom:
+        secretKeyRef:
+          name: authentik-secret-key
+          key: key
+
+redis:
+  enabled: true
+
+server:
+  ingress:
+    enabled: true
+    hosts:
+      - idp.kropcloud.net
+    annotations:
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+      cert-manager.io/cluster-issuer: cloudflare-issuer
+    tls:
+      - hosts: 
+        - idp.kropcloud.net
+        secretName: authentik-tls