diff --git a/clusters/cl01tl/helm/authentik/Chart.lock b/clusters/cl01tl/helm/authentik/Chart.lock index 7d62fdac4..661c36159 100644 --- a/clusters/cl01tl/helm/authentik/Chart.lock +++ b/clusters/cl01tl/helm/authentik/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 2.1.4 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.1.4 + version: 7.4.3 - name: redis-replication repository: oci://harbor.alexlebens.net/helm-charts version: 0.5.0 -digest: sha256:1126f39ebc7e18ae1aa96fefa42e7450ffe0b7339017abd22aa453a08608efda -generated: "2025-12-21T19:01:52.261263152Z" +digest: sha256:d250e40d77b3010d55c258e264e36de060a6dbdb78fe56bdbfbc427692cfdcc7 +generated: "2025-12-23T16:28:00.416521-06:00" diff --git a/clusters/cl01tl/helm/authentik/Chart.yaml b/clusters/cl01tl/helm/authentik/Chart.yaml index 3c328da0d..d944872b3 100644 --- a/clusters/cl01tl/helm/authentik/Chart.yaml +++ b/clusters/cl01tl/helm/authentik/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: 2.1.4 - name: postgres-cluster alias: postgres-18-cluster - version: 7.1.4 + version: 7.4.3 repository: oci://harbor.alexlebens.net/helm-charts - name: redis-replication version: 0.5.0 diff --git a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml index 9f01fbdde..244e4eb04 100644 --- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml @@ -19,70 +19,3 @@ spec: key: /cl01tl/authentik/key metadataPolicy: None property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-postgresql-18-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-postgresql-18-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/authentik/templates/http-route.yaml b/clusters/cl01tl/helm/authentik/templates/http-route.yaml deleted file mode 100644 index e718842d5..000000000 --- a/clusters/cl01tl/helm/authentik/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-authentik - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: http-route-authentik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - authentik.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: authentik-server - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/authentik/values.yaml b/clusters/cl01tl/helm/authentik/values.yaml index 4765d9b09..58b13729d 100644 --- a/clusters/cl01tl/helm/authentik/values.yaml +++ b/clusters/cl01tl/helm/authentik/values.yaml @@ -36,8 +36,23 @@ authentik: enabled: true serviceMonitor: enabled: true - ingress: - enabled: false + route: + main: + enabled: true + apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + hostnames: + - authentik.alexlebens.net + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + httpsRedirect: false + matches: + - path: + type: PathPrefix + value: / worker: name: worker replicas: 1 @@ -50,58 +65,46 @@ authentik: enabled: false postgres-18-cluster: mode: recovery - cluster: - storage: - storageClass: local-path - walStorage: - storageClass: local-path recovery: method: objectStore objectStore: - destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 index: 1 - endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage backup: objectStore: - name: garage-local - destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster index: 1 - endpointURL: http://garage-main.garage:3900 - endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage - endpointCredentialsIncludeRegion: true - retentionPolicy: "3d" + destinationBucket: postgres-backups + externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: external - # destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-18-cluster - # index: 1 - # retentionPolicy: "30d" - # isWALArchiver: false # - name: garage-remote - # destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster # index: 1 - # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - # endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage - # retentionPolicy: "30d" + # destinationBucket: postgres-backups + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # retentionPolicy: "90d" # data: # compression: bzip2 - # jobs: 2 + # - name: external + # index: 1 + # endpointURL: https://nyc3.digitaloceanspaces.com + # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a + # externalSecretCredentialPath: /garage/home-infra/postgres-backups + # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local - # - name: daily-backup - # suspend: false - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external # - name: weekly-backup - # suspend: false + # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote + # - name: daily-backup + # suspend: true + # immediate: true + # schedule: "0 0 0 * * *" + # backupName: external redis-replication: existingSecret: enabled: false