155 lines
4.1 KiB
YAML
155 lines
4.1 KiB
YAML
authentik:
|
|
server:
|
|
replicas: 3
|
|
volumeMounts:
|
|
- name: cert-dubyatp-xyz
|
|
readOnly: true
|
|
mountPath: "/certs/dubyatp-xyz"
|
|
volumes:
|
|
- name: cert-dubyatp-xyz
|
|
secret:
|
|
defaultMode: 0644
|
|
secretName: cert-dubyatp-xyz
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
labels:
|
|
metrics_enabled: "true"
|
|
worker:
|
|
replicas: 3
|
|
volumeMounts:
|
|
- name: cert-dubyatp-xyz
|
|
readOnly: true
|
|
mountPath: "/certs/dubyatp-xyz"
|
|
volumes:
|
|
- name: cert-dubyatp-xyz
|
|
secret:
|
|
secretName: cert-dubyatp-xyz
|
|
postgresql:
|
|
enabled: true
|
|
image:
|
|
repository: bitnami/postgresql
|
|
tag: 15.8.0-debian-12-r18
|
|
auth:
|
|
username: authentik
|
|
database: authentik
|
|
existingSecret: "authentik-credentials"
|
|
secretKeys:
|
|
adminPasswordKey: "admin-password"
|
|
userPasswordKey: "user-password"
|
|
replicationPasswordKey: "replication-password"
|
|
primary:
|
|
podAnnotations:
|
|
backup.velero.io/backup-volumes: data
|
|
extendedConfiguration: |
|
|
max_connections = 500
|
|
resourcesPreset: "none"
|
|
persistence:
|
|
enabled: true
|
|
storageClass: weyma-shared
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
readReplicas:
|
|
resourcesPreset: "none"
|
|
backup:
|
|
resourcesPreset: "none"
|
|
passwordUpdateJob:
|
|
resourcesPreset: "none"
|
|
volumePermissions:
|
|
resourcesPreset: "none"
|
|
metrics:
|
|
resourcesPreset: "none"
|
|
redis:
|
|
enabled: true
|
|
architecture: standalone
|
|
auth:
|
|
enabled: false
|
|
master:
|
|
resourcesPreset: "none"
|
|
podAnnotations:
|
|
backup.velero.io/backup-volumes: redis-data
|
|
replica:
|
|
resourcesPreset: "none"
|
|
sentinel:
|
|
resourcesPreset: "none"
|
|
metrics:
|
|
resourcesPreset: "none"
|
|
volumePermissions:
|
|
resourcesPreset: "none"
|
|
sysctl:
|
|
resourcesPreset: "none"
|
|
global:
|
|
env:
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-credentials
|
|
key: authentik-secret-key
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-credentials
|
|
key: user-password
|
|
additionalObjects:
|
|
- apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file
|
|
name: authentik-ingress
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: auth.dubyatp.xyz
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: authentik-server
|
|
port:
|
|
number: 80
|
|
path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- auth.dubyatp.xyz
|
|
secretName: cert-dubyatp-xyz
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cert-dubyatp-xyz
|
|
annotations:
|
|
replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
|
|
replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
|
|
data:
|
|
tls.crt: ""
|
|
tls.key: ""
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authentik-credentials
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: authentik-credentials
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: admin-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: admin-password
|
|
- secretKey: authentik-secret-key
|
|
remoteRef:
|
|
key: authentik
|
|
property: authentik-secret-key
|
|
- secretKey: replication-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: replication-password
|
|
- secretKey: user-password
|
|
remoteRef:
|
|
key: authentik
|
|
property: user-password |