alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

stage for rebuilt

Browse Source
This commit is contained in:
Alex Lebens
2025-02-14 22:05:52 -06:00
parent 91c1b3931d
commit 8b4eee804f
329 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
clusters/cl01tl/platform/authentik/Chart.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: v2
name: authentik
version: 1.0.0
description: Authentik
keywords:
- authentik
- sso
- oidc
- ldap
- idp
- authentication
home: https://wiki.alexlebens.dev/doc/authentik-q2d4WDhqpe
sources:
- https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goauthentik/helm
- https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
- https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2024.12.3
repository: https://charts.goauthentik.io/
- name: cloudflared
alias: cloudflared
repository: http://alexlebens.github.io/helm-charts
version: 1.13.0
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.1.4
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/authentik.png
appVersion: 2024.10.5

60
clusters/cl01tl/platform/authentik/templates/config-map.yaml
View File

@@ -1,60 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authentik-custom-css
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
custom.css: |
/* Change sign button color */
.pf-c-button.pf-m-primary {
color: black;
background-color: white;
}
/* Remove background */
.pf-c-login__main {
background-color: rgba(3, 3, 3, 0.16);
}
/* Remove specific height */
.pf-c-brand {
height: auto;
}
/* Center text */
.pf-c-title {
text-align: center;
}
/* Match text field to login button */
.pf-c-form-control {
border-radius: 3px;
background-color: white;
color: black;
}
/* Force border color */
.pf-c-form-control {
border-color: white;
}
/* Use default cursor on this div */
.pf-c-form__label {
cursor: default;
}
/* Hide required asterik */
.pf-c-form__label-required {
display: none;
}
/* Change link color to white */
.a {
color: white;
}

80
clusters/cl01tl/platform/authentik/templates/external-secret.yaml
View File

@@ -1,80 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: authentik-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/authentik/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: authentik-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/authentik
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: authentik-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

32
clusters/cl01tl/platform/authentik/templates/ingress.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: authentik-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
ingressClassName: traefik
tls:
- hosts:
- authentik.alexlebens.net
secretName: authentik-tls-secret
rules:
- host: authentik.alexlebens.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: authentik-server
port:
number: 80

83
clusters/cl01tl/platform/authentik/values.yaml
View File

@@ -1,83 +0,0 @@
authentik:
global:
env:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-key-secret
key: key
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: authentik-postgresql-17-cluster-app
key: host
- name: AUTHENTIK_POSTGRESQL__NAME
valueFrom:
secretKeyRef:
name: authentik-postgresql-17-cluster-app
key: dbname
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: authentik-postgresql-17-cluster-app
key: user
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-postgresql-17-cluster-app
key: password
server:
name: server
replicas: 1
volumes:
- name: custom-css
configMap:
name: authentik-custom-css
volumeMounts:
- name: custom-css
mountPath: /web/dist/custom.css
subPath: custom.css
metrics:
enabled: true
serviceMonitor:
enabled: true
ingress:
enabled: true
ingressClassName: tailscale
annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
hosts:
- auth-cl01tl
paths:
- /
tls:
- secretName: auth-cl01tl
hosts:
- auth-cl01tl
worker:
name: worker
replicas: 1
prometheus:
rules:
enabled: true
postgresql:
enabled: false
redis:
enabled: true
cloudflared:
existingSecretName: authentik-cloudflared-secret
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster
endpointCredentials: authentik-postgresql-17-cluster-backup-secret
backupIndex: 1