148 lines
4.2 KiB
YAML
148 lines
4.2 KiB
YAML
authentik:
|
|
server:
|
|
replicas: 3
|
|
volumeMounts:
|
|
- name: cert-dubyatp-xyz
|
|
readOnly: true
|
|
mountPath: "/certs/dubyatp-xyz"
|
|
volumes:
|
|
- name: cert-dubyatp-xyz
|
|
secret:
|
|
defaultMode: 0644
|
|
secretName: cert-dubyatp-xyz
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
labels:
|
|
metrics_enabled: "true"
|
|
worker:
|
|
replicas: 3
|
|
volumeMounts:
|
|
- name: cert-dubyatp-xyz
|
|
readOnly: true
|
|
mountPath: "/certs/dubyatp-xyz"
|
|
volumes:
|
|
- name: cert-dubyatp-xyz
|
|
secret:
|
|
secretName: cert-dubyatp-xyz
|
|
global:
|
|
env:
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-credentials
|
|
key: authentik-secret-key
|
|
- name: AUTHENTIK_POSTGRESQL__HOST
|
|
value: pooler-weyma-rw.cloudnativepg.svc.cluster.local
|
|
- name: AUTHENTIK_POSTGRESQL__NAME
|
|
value: authentik
|
|
- name: AUTHENTIK_POSTGRESQL__USER
|
|
value: authentik
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-db-auth
|
|
key: password
|
|
- name: AUTHENTIK_EMAIL__FROM
|
|
value: authentik_dubyatp@em924671.dubyatp.xyz
|
|
- name: AUTHENTIK_EMAIL__HOST
|
|
value: mail.smtp2go.com
|
|
- name: AUTHENTIK_EMAIL__USE_TLS
|
|
value: "true"
|
|
- name: AUTHENTIK_EMAIL__USERNAME
|
|
value: authentik_dubyatp
|
|
- name: AUTHENTIK_EMAIL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-credentials
|
|
key: smtp-password
|
|
- name: AUTHENTIK_EMAIL__TIMEOUT
|
|
value: "30"
|
|
additionalObjects:
|
|
- apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
|
|
name: authentik-ingress
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: auth.dubyatp.xyz
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: authentik-server
|
|
port:
|
|
number: 80
|
|
path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- auth.dubyatp.xyz
|
|
secretName: cert-dubyatp-xyz
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cert-dubyatp-xyz
|
|
annotations:
|
|
replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
|
|
replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
|
|
data:
|
|
tls.crt: ""
|
|
tls.key: ""
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authentik-credentials
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: authentik-credentials
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: admin-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: admin-password
|
|
- secretKey: authentik-secret-key
|
|
remoteRef:
|
|
key: authentik
|
|
property: authentik-secret-key
|
|
- secretKey: replication-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: replication-password
|
|
- secretKey: user-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: user-password
|
|
- secretKey: smtp-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: smtp-password
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authentik-db-auth
|
|
spec:
|
|
data:
|
|
- remoteRef:
|
|
conversionStrategy: Default
|
|
decodingStrategy: None
|
|
key: cloudnativepg
|
|
metadataPolicy: None
|
|
property: authentik_pw
|
|
secretKey: password
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: weyma-vault
|
|
target:
|
|
creationPolicy: Owner
|
|
deletionPolicy: Retain
|
|
name: authentik-db-auth |