feat: install authentik

aisling136 · Feb 11, 2025 · 828f251 · 828f251
1 parent 3a9b801
commit 828f251
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 0 deletions.
diff --git a/cluster/bootstrap/root/values.yaml b/cluster/bootstrap/root/values.yaml
@@ -32,3 +32,4 @@ namespaces:
       pod-security.kubernetes.io/enforce: privileged
   - name: external-secrets
   - name: onepassword-connect
+  - name: authentik
diff --git a/cluster/cluster-software/authentik/Chart.yaml b/cluster/cluster-software/authentik/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+name: authentik
+version: 0.0.0
+dependencies:
+- name: authentik
+  repository: https://charts.goauthentik.io
+  version: 2024.12.3
diff --git a/cluster/cluster-software/authentik/requirements.lock b/cluster/cluster-software/authentik/requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: authentik
+  repository: https://charts.goauthentik.io
+  version: 2024.12.3
+digest: sha256:f8ff09749b7bff1995b4d3d41b5caed2ba22f44467f76359f08176eca23996fb
+generated: "2025-02-10T21:36:55.874579-05:00"
diff --git a/cluster/cluster-software/authentik/templates/externalsecret.yaml b/cluster/cluster-software/authentik/templates/externalsecret.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: authentik-secret
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: authentik-secret
+    template:
+      engineVersion: v2
+      data:
+        AUTHENTIK_POSTGRESQL__HOST: &dbhost pg-authentik-rw.database.svc.cluster.local
+        AUTHENTIK_POSTGRESQL__USER: &dbuser {{"'{{ .AUTHENTIK_POSTGRES_USER }}'"}}
+        AUTHENTIK_POSTGRESQL__NAME: &dbname "authentik"
+        AUTHENTIK_POSTGRESQL__PASSWORD: &dbpass {{"'{{ .AUTHENTIK_POSTGRES_PASS }}'"}}
+
+        INIT_POSTGRES_HOST: *dbhost
+        INIT_POSTGRES_DBNAME: *dbname
+        INIT_POSTGRES_USER: *dbuser
+        INIT_POSTGRES_PASS: *dbpass
+        INIT_POSTGRES_SUPER_PASS: {{"'{{ .AUTHENTIK_POSTGRES_SUPER }}'"}}
+
+        AUTHENTIK_BOOTSTRAP_EMAIL: {{"'{{ .AUTHENTIK_EMAIL }}'"}}
+        AUTHENTIK_BOOTSTRAP_PASSWORD: {{"'{{ .AUTHENTIK_PASSWORD }}'"}}
+        AUTHENTIK_BOOTSTRAP_TOKEN: {{"'{{ .AUTHENTIK_TOKEN }}'"}}
+        AUTHENTIK_SECRET_KEY: {{"'{{ .AUTHENTIK_KEY }}'"}}
+  dataFrom:
+    - extract:
+        key: authentik
diff --git a/cluster/cluster-software/authentik/values.yaml b/cluster/cluster-software/authentik/values.yaml
@@ -0,0 +1,22 @@
+authentik:
+  global:
+    envFrom:
+      - secretRef:
+          name: authentik-secret
+  authentik:
+    postgresql:
+      host: pg-authentik-rw.database.svc.cluster.local
+    redis:
+      host: dragonfly.database.svc.cluster.local
+  server:
+    initContainers:
+        - name: init-db
+          image: ghcr.io/onedr0p/postgres-init:16.6
+          envFrom:
+            - secretRef:
+                name: authentik-secret
+    ingress:
+      enabled: true
+      ingressClassName: internal
+      hosts:
+        - sso.dex136.xyz