From 2213f88d955a1e81ef28543ae150841f30d2668a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Fri, 5 Jan 2024 20:53:27 +0100
Subject: [PATCH] feat(k8s/services/authentik): add sealedsecrets

---
 k8s/argo-apps/authentik.yaml              | 77 +++++++++++++++++++++++
 k8s/services/argo/project-fuku.yaml       |  6 ++
 k8s/services/authentik/sealedsecrets.yaml | 20 ++++++
 3 files changed, 103 insertions(+)
 create mode 100644 k8s/argo-apps/authentik.yaml
 create mode 100644 k8s/services/authentik/sealedsecrets.yaml

diff --git a/k8s/argo-apps/authentik.yaml b/k8s/argo-apps/authentik.yaml
new file mode 100644
index 0000000..008092c
--- /dev/null
+++ b/k8s/argo-apps/authentik.yaml
@@ -0,0 +1,77 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: 'apps-fuku'
+    server: "https://kubernetes.default.svc"
+  source:
+    chart: authentik
+    repoURL: https://charts.goauthentik.io/
+    targetRevision: 2023.10.5
+    helm:
+      valuesObject:
+        authentik:
+            secret_key: file:///authentik-creds/secret_key
+            reporting_enabled: false
+            email:
+              host: mail.fukurokuju.dev
+              port: 465
+              password: file:///authentik-creds/email_password
+              username: auth@fukurokuju.dev
+              use_ssl: true
+              timeout: 30
+              from: auth@fukurokuju.dev
+            postgresql:
+              host: 192.168.1.13
+              name: auth
+              user: file:///authentik-creds/pg_username
+              password: file:///authentik-creds/pg_password
+            redis:
+              host: 192.168.1.3
+              port: 30036
+              password: file:///authentik-creds/redis_password
+        volumeMounts:
+          - name: authentik-creds
+            mountPath: /authentik-creds
+        volumes:
+          - name: authentik-creds
+            secret:
+              secretName: secrets-authentik
+        autoscaling:
+          server:
+            enabled: true
+            maxScaling: 3
+          worker:
+            enabled: true
+        pdb:
+          server:
+            enabled: true
+            maxUnavailable: 2
+          worker:
+            enabled:
+              maxUnavailable: 4
+        service:
+          type: LoadBalancer
+          port: 9000
+          name: http
+        ingress:
+          enabled: true
+          ingressClassName: traefik
+          hosts:
+            - host: auth.fukurokuju.dev
+              paths:
+                - path: "/"
+                  pathType: Prefix
+                  backend:
+                    service:
+                      name: authentik
+                      port:
+                        number: 9000
+  project: fuku
+  sources: []
+  syncPolicy:
+    automated: { }
diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml
index fa778ac..831eac4 100644
--- a/k8s/services/argo/project-fuku.yaml
+++ b/k8s/services/argo/project-fuku.yaml
@@ -8,6 +8,12 @@ spec:
   destinations:
     - namespace: apps-fuku
       server: https://kubernetes.default.svc
+  clusterResourceWhitelist:
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRole
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRoleBinding
   sourceRepos:
     - https://gitlab.com/fukurokuju/k3s/services.git
     - https://git.roboces.dev/catalin/fukuops.git
+    - https://charts.goauthentik.io/
\ No newline at end of file
diff --git a/k8s/services/authentik/sealedsecrets.yaml b/k8s/services/authentik/sealedsecrets.yaml
new file mode 100644
index 0000000..52b5f90
--- /dev/null
+++ b/k8s/services/authentik/sealedsecrets.yaml
@@ -0,0 +1,20 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: secrets-authentik
+  namespace: apps-fuku
+spec:
+  encryptedData:
+    email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4
+    pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek=
+    pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w
+    redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ==
+    secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: secrets-authentik
+      namespace: apps-fuku
+    type: Opaque
+