diff --git a/clusters/cl01tl/manifests/authentik/Cluster-authentik-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/authentik/Cluster-authentik-postgresql-18-cluster.yaml index 543bdfe33..ae42562c9 100644 --- a/clusters/cl01tl/manifests/authentik/Cluster-authentik-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/authentik/Cluster-authentik-postgresql-18-cluster.yaml @@ -4,11 +4,11 @@ metadata: name: authentik-postgresql-18-cluster namespace: authentik labels: - helm.sh/chart: postgres-18-cluster-7.1.4 + helm.sh/chart: postgres-18-cluster-7.4.3 app.kubernetes.io/name: authentik-postgresql-18 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik - app.kubernetes.io/version: "7.1.4" + app.kubernetes.io/version: "7.4.3" app.kubernetes.io/managed-by: Helm spec: instances: 3 diff --git a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-backup-garage-local-secret.yaml new file mode 100644 index 000000000..be479c9ec --- /dev/null +++ b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-backup-garage-local-secret.yaml @@ -0,0 +1,39 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: authentik-postgresql-18-backup-garage-local-secret + namespace: authentik + labels: + helm.sh/chart: postgres-18-cluster-7.4.3 + app.kubernetes.io/name: authentik-postgresql-18 + app.kubernetes.io/instance: authentik + app.kubernetes.io/part-of: authentik + app.kubernetes.io/version: "7.4.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik-postgresql-18-backup-garage-local-secret +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-cluster-backup-secret.yaml b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-cluster-backup-secret.yaml deleted file mode 100644 index aa3517dd4..000000000 --- a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-cluster-backup-secret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: authentik-postgresql-18-cluster-backup-secret - namespace: authentik - labels: - app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: authentik - app.kubernetes.io/part-of: authentik -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/postgres-backups - metadataPolicy: None - property: secret diff --git a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-cluster-backup-secret-garage.yaml b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-recovery-secret.yaml similarity index 76% rename from clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-cluster-backup-secret-garage.yaml rename to clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-recovery-secret.yaml index fef8762c3..01a9e143a 100644 --- a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-cluster-backup-secret-garage.yaml +++ b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-postgresql-18-recovery-secret.yaml @@ -1,17 +1,28 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: authentik-postgresql-18-cluster-backup-secret-garage + name: authentik-postgresql-18-recovery-secret namespace: authentik labels: - app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret-garage + helm.sh/chart: postgres-18-cluster-7.4.3 + app.kubernetes.io/name: authentik-postgresql-18 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik + app.kubernetes.io/version: "7.4.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik-postgresql-18-recovery-secret spec: secretStoreRef: kind: ClusterSecretStore name: vault data: + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION - secretKey: ACCESS_KEY_ID remoteRef: conversionStrategy: Default @@ -26,10 +37,3 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/authentik/HTTPRoute-authentik-server.yaml b/clusters/cl01tl/manifests/authentik/HTTPRoute-authentik-server.yaml new file mode 100644 index 000000000..899c341c0 --- /dev/null +++ b/clusters/cl01tl/manifests/authentik/HTTPRoute-authentik-server.yaml @@ -0,0 +1,29 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: authentik-server + namespace: "authentik" + labels: + helm.sh/chart: "authentik-2025.10.3" + app.kubernetes.io/name: "authentik" + app.kubernetes.io/instance: "authentik" + app.kubernetes.io/component: "server" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/part-of: "authentik" + app.kubernetes.io/version: "2025.10.3" +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - authentik.alexlebens.net + rules: + - backendRefs: + - name: authentik-server + port: 80 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/manifests/authentik/HTTPRoute-http-route-authentik.yaml b/clusters/cl01tl/manifests/authentik/HTTPRoute-http-route-authentik.yaml deleted file mode 100644 index 135705e69..000000000 --- a/clusters/cl01tl/manifests/authentik/HTTPRoute-http-route-authentik.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: http-route-authentik - namespace: authentik - labels: - app.kubernetes.io/name: http-route-authentik - app.kubernetes.io/instance: authentik - app.kubernetes.io/part-of: authentik -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - authentik.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: authentik-server - port: 80 - weight: 100 diff --git a/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-garage-local-backup.yaml b/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-backup-garage-local.yaml similarity index 58% rename from clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-garage-local-backup.yaml rename to clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-backup-garage-local.yaml index 49b6bb77e..ac990e182 100644 --- a/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-garage-local-backup.yaml +++ b/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-backup-garage-local.yaml @@ -1,27 +1,28 @@ apiVersion: barmancloud.cnpg.io/v1 kind: ObjectStore metadata: - name: "authentik-postgresql-18-garage-local-backup" + name: authentik-postgresql-18-backup-garage-local namespace: authentik labels: - helm.sh/chart: postgres-18-cluster-7.1.4 + helm.sh/chart: postgres-18-cluster-7.4.3 app.kubernetes.io/name: authentik-postgresql-18 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik - app.kubernetes.io/version: "7.1.4" + app.kubernetes.io/version: "7.4.3" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik-postgresql-18-backup-garage-local spec: - retentionPolicy: 3d + retentionPolicy: 7d configuration: destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster endpointURL: http://garage-main.garage:3900 s3Credentials: accessKeyId: - name: authentik-postgresql-18-cluster-backup-secret-garage + name: authentik-postgresql-18-backup-garage-local-secret key: ACCESS_KEY_ID secretAccessKey: - name: authentik-postgresql-18-cluster-backup-secret-garage + name: authentik-postgresql-18-backup-garage-local-secret key: ACCESS_SECRET_KEY region: - name: authentik-postgresql-18-cluster-backup-secret-garage + name: authentik-postgresql-18-backup-garage-local-secret key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-recovery.yaml index 3eede9fe4..4638b5a59 100644 --- a/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-recovery.yaml +++ b/clusters/cl01tl/manifests/authentik/ObjectStore-authentik-postgresql-18-recovery.yaml @@ -4,12 +4,13 @@ metadata: name: "authentik-postgresql-18-recovery" namespace: authentik labels: - helm.sh/chart: postgres-18-cluster-7.1.4 + helm.sh/chart: postgres-18-cluster-7.4.3 app.kubernetes.io/name: authentik-postgresql-18 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik - app.kubernetes.io/version: "7.1.4" + app.kubernetes.io/version: "7.4.3" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: "authentik-postgresql-18-recovery" spec: configuration: destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster @@ -22,8 +23,11 @@ spec: jobs: 1 s3Credentials: accessKeyId: - name: authentik-postgresql-18-cluster-backup-secret-garage + name: authentik-postgresql-18-recovery-secret key: ACCESS_KEY_ID secretAccessKey: - name: authentik-postgresql-18-cluster-backup-secret-garage + name: authentik-postgresql-18-recovery-secret key: ACCESS_SECRET_KEY + region: + name: authentik-postgresql-18-recovery-secret + key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-postgresql-18-alert-rules.yaml index b0e6f3ec5..820ccdb30 100644 --- a/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-postgresql-18-alert-rules.yaml +++ b/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-postgresql-18-alert-rules.yaml @@ -4,11 +4,11 @@ metadata: name: authentik-postgresql-18-alert-rules namespace: authentik labels: - helm.sh/chart: postgres-18-cluster-7.1.4 + helm.sh/chart: postgres-18-cluster-7.4.3 app.kubernetes.io/name: authentik-postgresql-18 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik - app.kubernetes.io/version: "7.1.4" + app.kubernetes.io/version: "7.4.3" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/clusters/cl01tl/manifests/authentik/ScheduledBackup-authentik-postgresql-18-live-backup-scheduled-backup.yaml b/clusters/cl01tl/manifests/authentik/ScheduledBackup-authentik-postgresql-18-scheduled-backup-live-backup.yaml similarity index 63% rename from clusters/cl01tl/manifests/authentik/ScheduledBackup-authentik-postgresql-18-live-backup-scheduled-backup.yaml rename to clusters/cl01tl/manifests/authentik/ScheduledBackup-authentik-postgresql-18-scheduled-backup-live-backup.yaml index c4326256b..ce7b54847 100644 --- a/clusters/cl01tl/manifests/authentik/ScheduledBackup-authentik-postgresql-18-live-backup-scheduled-backup.yaml +++ b/clusters/cl01tl/manifests/authentik/ScheduledBackup-authentik-postgresql-18-scheduled-backup-live-backup.yaml @@ -1,15 +1,16 @@ apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup metadata: - name: "authentik-postgresql-18-live-backup-scheduled-backup" + name: "authentik-postgresql-18-scheduled-backup-live-backup" namespace: authentik labels: - helm.sh/chart: postgres-18-cluster-7.1.4 + helm.sh/chart: postgres-18-cluster-7.4.3 app.kubernetes.io/name: authentik-postgresql-18 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik - app.kubernetes.io/version: "7.1.4" + app.kubernetes.io/version: "7.4.3" app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: "authentik-postgresql-18-scheduled-backup-live-backup" spec: immediate: true suspend: false @@ -21,4 +22,4 @@ spec: pluginConfiguration: name: barman-cloud.cloudnative-pg.io parameters: - barmanObjectName: "authentik-postgresql-18-garage-local-backup" + barmanObjectName: "authentik-postgresql-18-backup-garage-local"