diff --git a/authentik/helmrelease-authentik.yaml b/authentik/helmrelease-authentik.yaml deleted file mode 100644 index 822fb2e..0000000 --- a/authentik/helmrelease-authentik.yaml +++ /dev/null @@ -1,285 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: authentik - namespace: authentik-ns - annotations: - force-recreate: true -spec: - chart: - spec: - chart: authentik - sourceRef: - kind: HelmRepository - name: authentik - namespace: flux-system - interval: 15m0s - timeout: 5m - releaseName: authentik - values: - # -- Server replicas - replicas: 1 - # -- Custom priority class for different treatment by the scheduler - priorityClassName: - # -- server securityContext - securityContext: {} - # -- server containerSecurityContext - containerSecurityContext: {} - - worker: - # -- worker replicas - replicas: 1 - # -- Custom priority class for different treatment by the scheduler - priorityClassName: - # -- worker securityContext - securityContext: {} - # -- server containerSecurityContext - containerSecurityContext: {} - env: - - name: AUTHENTIK_REDIS__DB - value: "1" - - image: - repository: ghcr.io/goauthentik/server - tag: 2024.2.2 - #tag: latest - # -- optional container image digest - digest: "" - pullPolicy: IfNotPresent - pullSecrets: [] - - # -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. The dictionary item key will determine the order. Helm templates can be used - initContainers: {} - - # -- Specify any additional containers here as dictionary items. Each additional container should have its own key. Helm templates can be used. - additionalContainers: {} - - ingress: - enabled: false - ingressClassName: "" - annotations: {} - labels: {} - hosts: - - host: authentik.domain.tld - paths: - - path: "/" - pathType: Prefix - tls: [] - - # -- Annotations to add to the server and worker deployments - annotations: {} - - # -- Annotations to add to the server and worker pods - podAnnotations: {} - - authentik: - # -- Log level for server and worker - log_level: info - # -- Secret key used for cookie singing and unique user IDs, - # don't change this after the first install - #secret_key: "" - # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled. - geoip: /geoip/GeoLite2-City.mmdb - email: - # -- SMTP Server emails are sent from, fully optional - host: "" - port: 587 - # -- SMTP credentials, when left empty, not authentication will be done - username: "" - # -- SMTP credentials, when left empty, not authentication will be done - password: "" - # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. - use_tls: false - # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. - use_ssl: false - # -- Connection timeout - timeout: 30 - # -- Email from address, can either be in the format "foo@bar.baz" or "authentik " - from: "" - outposts: - # -- Template used for managed outposts. The following placeholders can be used - # %(type)s - the type of the outpost - # %(version)s - version of your authentik install - # %(build_hash)s - only for beta versions, the build hash of the image - container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s - error_reporting: - # -- This sends anonymous usage-data, stack traces on errors and - # performance data to sentry.beryju.org, and is fully opt-in - enabled: false - # -- This is a string that is sent to sentry with your error reports - environment: "k8s" - # -- Send PII (Personally identifiable information) data to sentry - send_pii: false - postgresql: - # -- set the postgresql hostname to talk to - # if unset and .Values.postgresql.enabled == true, will generate the default - # @default -- `{{ .Release.Name }}-postgresql` - host: "postgresql.postgresql-system.svc.cluster.local" - # -- postgresql Database name - # @default -- `authentik` - name: "authentik" - # -- postgresql Username - # @default -- `authentik` - user: "authentik" - #password: "" - port: 5432 - redis: - # -- set the redis hostname to talk to - # @default -- `{{ .Release.Name }}-redis-master` - host: "redis-master.redis-system.svc.cluster.local" - #password: "" - - # -- List of config maps to mount blueprints from. Only keys in the - # configmap ending with ".yaml" wil be discovered and applied - blueprints: [] - - # -- see configuration options at https://goauthentik.io/docs/installation/configuration/ - env: - - name: AUTHENTIK_REDIS__DB - value: "1" - # AUTHENTIK_VAR_NAME: VALUE - - envFrom: [] - # - configMapRef: - # name: special-config - - envValueFrom: - AUTHENTIK_SECRET_KEY: - secretKeyRef: - name: authentik-secret - key: secret-key - AUTHENTIK_POSTGRESQL__PASSWORD: - secretKeyRef: - name: authentik-secret - key: postgres-password - AUTHENTIK_REDIS__PASSWORD: - secretKeyRef: - name: authentik-secret - key: redis-password - - service: - # -- Service that is created to access authentik - enabled: true - type: LoadBalancer - port: 80 - name: http - protocol: TCP - labels: {} - annotations: {} - - volumes: [] - - volumeMounts: [] - - # -- affinity applied to the deployments - affinity: {} - - # -- tolerations applied to the deployments - tolerations: [] - - # -- nodeSelector applied to the deployments - nodeSelector: {} - - resources: - server: {} - worker: {} - - autoscaling: - server: - # -- Create a HPA for the server deployment - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 50 - worker: - # -- Create a HPA for the worker deployment - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - - livenessProbe: - # -- enables or disables the livenessProbe - enabled: true - httpGet: - # -- liveness probe url path - path: /-/health/live/ - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - - startupProbe: - # -- enables or disables the livenessProbe - enabled: true - httpGet: - # -- liveness probe url path - path: /-/health/live/ - port: http - failureThreshold: 60 - periodSeconds: 5 - - readinessProbe: - enabled: true - httpGet: - path: /-/health/ready/ - port: http - periodSeconds: 10 - - serviceAccount: - # -- Service account is needed for managed outposts - create: true - annotations: {} - serviceAccountSecret: - # -- As we use the authentik-remote-cluster chart as subchart, and that chart - # creates a service account secret by default which we don't need here, disable its creation - enabled: false - fullnameOverride: authentik - nameOverride: authentik - - prometheus: - serviceMonitor: - create: false - interval: 30s - scrapeTimeout: 3s - # -- labels additional on ServiceMonitor - labels: {} - rules: - create: false - # -- labels additional on PrometheusRule - labels: {} - - geoip: - # -- optional GeoIP, deploys a cronjob to download the maxmind database - enabled: false - # -- sign up under https://www.maxmind.com/en/geolite2/signup - accountId: "" - # -- sign up under https://www.maxmind.com/en/geolite2/signup - licenseKey: "" - editionIds: "GeoLite2-City" - image: maxmindinc/geoipupdate:v4.8 - # -- number of hours between update runs - updateInterval: 8 - # -- server containerSecurityContext - containerSecurityContext: {} - postgresql: - # -- enable the bundled bitnami postgresql chart - enabled: false - postgresqlMaxConnections: 500 - postgresqlUsername: "authentik" - # postgresqlPassword: "" - postgresqlDatabase: "authentik" - # persistence: - # enabled: true - # storageClass: - # accessModes: - # - ReadWriteOnce - image: - tag: 15.4.0-debian-11-r0 - redis: - # -- enable the bundled bitnami redis chart - enabled: false - architecture: standalone - auth: - enabled: false - image: - tag: 6.2.10-debian-11-r13 diff --git a/authentik/sealed-secret.yaml b/authentik/sealed-secret.yaml deleted file mode 100644 index 812e47b..0000000 --- a/authentik/sealed-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: authentik-secret - namespace: authentik-ns -spec: - encryptedData: - postgres-password: AgBigFPSosBY6PGUxR4zdIntM+oGMyaDY9mHZBwL5xbjEEvmzNKCuCfQFuiE07WqV3fjWEp6D3o23fIMomPC3SNLWySfti8o5pyBrPGDZLR1dVYWLmkyMCj0pzbDmPgAArBuzGmQG6P+Kn4lqlkSU6F50ev/W8yHUPkrlp+iJsGM9wYNlboaZmDMowIK5ny8sQ5vIb+QakS3ybRa3DfX/T3yNvuhOeCt+367/3oV0yNmCEBK4qKpTsAkWctxXooX1wcAkOwMesqfE42I5Mt+s/UnbU5fXJdzM0YI7WZreEy5oaG1shDxp1PhXoc12yCt5KobTj0xlttUVFVb8IaOY7r4oSI74vrL8KGuZdny0oeWvVbiwA/SvOt7S05RdryYWf66jN71/Aku5LnKJwRoa7veGeX9S5pUe1wZyVSDN6trkJcG5ZJRmEerr4MOZ4YX9cB2FktEmd+estjIlm/UhEIRN8Qv4qd54t6j2Ajhk6EJ3Ky6mI9xiun+0ti9880rIHQiW5MpiZVB+nQlAosTVQu4wRjdnP6Z0ndP83e2rPkHJ/jF2iawXOBoS0Eh11UaXvRQyNQOt3ReIba7E0aSbynpULViOg/lVNLA2qgyp+37Veb44Mi2k7sHg7I8e6MOMVjBhfmv3HvMpdHHBIHSq2vaDlF/0i5o5OT0F1O+06OngfQAaQQc1SdpLeoPKget5fbNF9zgmfKxPodjayq+h6n3vm5QOc4TagtcG1PV38LsiQ== - redis-password: AgCWDT6n+wmF9+Qk4+bu1byc7TFmRwPGqrhBIdVvZrTMRh6jt43E8urutTAlqKO6JPbRw+gw7zA40uOOHYzU3UaIXdAueQtCRMhHAzKWMwvTuzKGqLmmKcxVF452wilyhMjLBgRuBvX43VK4kynIthM3LZmw9a/HAlbQqn624N3wvdOYXyrWG0YKisXJunEFPgQyygWozdFD/N+b2loBq5YvH3mLuOuJDcuAC+Ti7URRbHigZXOhpZK6ilycAcJxJlOE9FVDRXMYSophjDWtD/Wb7WNLU7iakdXjNMFNVlE89mzrLxOskI918l6hrMG+Tk9FrhwKZx9ZuVwoUOdLBhF7I0jjYWKnJ1gEIMKXNBcrQWcnqX392VTu4RG0YNIIzasYkJ4/i3bjDnIH9zpSnRn6VSL2ZRhikJBOGJRXlXamd93XcCC+wg7gLu9XGi6g7ddC9UksxFzfIoMvj6aZ5EzERwJ7Td/qH1mWcfm5iesXKP1Y7PUSElIXIVmx9ifLgzIfbreb5VJDj2v+gTD44zxy+zHhSgdyefR2FcXT2eZv9CFO/VS8WB/F8+edJai0wHmJv0ooYVNS0PtIkyD8DEUC3Egt97SmWlQlEn1rfX1hj7jpN7HTpW19l9kV3r9n84ZzVJf62qybHElKOQWoqdz2Xxv6gPannZ8XQbk3nR0dG99jrUhvTpqjLFaWV+27PE0bRuV6w1G5Zm7X6Jdr/y3p8UvH2UonA2/8xjPANci/tA== - secret-key: AgBGLb8gPEET4udFwIMlgqWz5nIvu0/Tq6AhkCvxYTF4z2Gl4I7uOA4QtsnqDfOeQXJStpJ02ndc+q5l1uoP+hVgwhX1yWdeAtlQgubCpGraCQqofqVrwQwt9DoZqre+8rCp3llEugTP72Vekx9s9/8nDs+JqfBtfgLSdYqaJDO7fd3P4DDvA+DPhRTuT8j1YkX9mejxaWxd9lDss2OXWgZ/HDvGrm61FS3ByVqAo0uuayBcC8TtVrcjA6o2bfCFzz7g1uwzDC10bE7RNuJzpErulrOv/QzgxB/yTmQ4JlJmbgonAC3ZUBBc5hAl7m7hKuq6CFyHD1kZCWJ/cZkg9AagI0u9f96+y5kYh+KZK8/WuPHF3LhM9dam9KYKVJRqWE4nq5/QYcpbkQtKBqKlGPZZCyEmH/ylL6r3djMHNjKTpdCwlMqNFetDPLDMNFB1i2Nqg7PAzqOE3Dq5AHShSBG//losKiTfoNF3uYwbrA3cQhxCOAM/1EiLEvz1KerHaJrlcV5Y32ZaOj6P4aQeBAzEpmS8sRr0yooYmA1iJce+wYMsvI1VlNKP4HU+wLm5xKNca1SRvZaOmz1RUp3l+Q+jckhHmRFubLOR6RpmdiGtTAyvjfMRkRtzDfnyu+xGvCqlontPIPWh7yl8jsqrjhr5/tXVtSs+yZhdfn1M7oiDbv7xa4o2jAxt+MpP1XtMaoH/Rnt3x2JprDrSU+1YICE9Ibzo6xjJYFs5I/fM7auUvF3cmX40zafRHw5DYehWCBU3mA== - template: - metadata: - creationTimestamp: null - name: authentik-secret - namespace: authentik-ns