add authentik

2025-02-17 18:23:43 -06:00
parent 0315558b6d
commit f3175bcff2
5 changed files with 12 additions and 18 deletions
--- a/clusters/standby/platform/authentik/Chart.yaml
+++ b/clusters/standby/platform/authentik/Chart.yaml
--- a/clusters/standby/platform/authentik/templates/config-map.yaml
+++ b/clusters/standby/platform/authentik/templates/config-map.yaml
--- a/clusters/standby/platform/authentik/templates/external-secret.yaml
+++ b/clusters/standby/platform/authentik/templates/external-secret.yaml
--- a/clusters/standby/platform/authentik/templates/ingress.yaml
+++ b/clusters/standby/platform/authentik/templates/ingress.yaml
@@ -1,26 +1,22 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: authentik-local
+  name: authentik-tailscale
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: authentik-local
+    app.kubernetes.io/name: authentik-tailscale
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
 spec:
-  ingressClassName: traefik
+  ingressClassName: tailscale
  tls:
    - hosts:
-        - authentik.alexlebens.net
-      secretName: authentik-tls-secret
+        - auth-cl01tl
+      secretName: auth-cl01tl
  rules:
-    - host: authentik.alexlebens.net
+    - host: auth-cl01tl
      http:
        paths:
          - path: /
--- a/clusters/standby/platform/authentik/values.yaml
+++ b/clusters/standby/platform/authentik/values.yaml
@@ -43,17 +43,15 @@ authentik:
        enabled: true
    ingress:
      enabled: true
-      ingressClassName: tailscale
-      annotations:
-        tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
+      ingressClassName: traefik
      hosts:
-        - auth-cl01tl
+        - authentik.alexlebens.net
      paths:
        - /
      tls:
-        - secretName: auth-cl01tl
+        - secretName: authentik-tls-secret
          hosts:
-            - auth-cl01tl
+            - authentik.alexlebens.net
  worker:
    name: worker
    replicas: 1
@@ -76,8 +74,8 @@ postgres-17-cluster:
    monitoring:
      enabled: true
  backup:
-    enabled: true
+    enabled: false
    endpointURL: https://nyc3.digitaloceanspaces.com
    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster
    endpointCredentials: authentik-postgresql-17-cluster-backup-secret
-    backupIndex: 1
+    backupIndex: 2