feat(k8s/services/authentik): add pvc

2024-01-06 00:53:53 +01:00 · 2024-01-06 00:53:53 +01:00 · 912d95caec
commit 912d95caec
parent b34bb2864a
2 changed files with 82 additions and 63 deletions
--- a/k8s/argo-apps/authentik.yaml
+++ b/k8s/argo-apps/authentik.yaml
@ -8,70 +8,77 @@ spec:
    name: ''
    namespace: 'apps-fuku'
    server: "https://kubernetes.default.svc"
-  source:
-    chart: authentik
-    repoURL: https://charts.goauthentik.io/
-    targetRevision: 2023.10.*
-    helm:
-      valuesObject:
-        authentik:
-            secret_key: file:///authentik-creds/secret_key
-            reporting_enabled: false
-            email:
-              host: mail.fukurokuju.dev
-              port: 465
-              password: file:///authentik-creds/email_password
-              username: auth@fukurokuju.dev
-              use_ssl: true
-              timeout: 30
-              from: auth@fukurokuju.dev
-            postgresql:
-              host: 192.168.1.13
-              name: auth
-              user: file:///authentik-creds/pg_username
-              password: file:///authentik-creds/pg_password
-            redis:
-              host: 192.168.1.3
-              port: 30036
-              password: file:///authentik-creds/redis_password
-        volumeMounts:
-          - name: authentik-creds
-            mountPath: /authentik-creds
-        volumes:
-          - name: authentik-creds
-            secret:
-              secretName: secrets-authentik
-        autoscaling:
-          server:
+  sources:
+    - chart: authentik
+      repoURL: https://charts.goauthentik.io/
+      targetRevision: 2023.10.*
+      helm:
+        valuesObject:
+          authentik:
+              secret_key: file:///authentik-creds/secret_key
+              reporting_enabled: false
+              email:
+                host: mail.fukurokuju.dev
+                port: 465
+                password: file:///authentik-creds/email_password
+                username: auth@fukurokuju.dev
+                use_ssl: true
+                timeout: 30
+                from: auth@fukurokuju.dev
+              postgresql:
+                host: 192.168.1.13
+                name: auth
+                user: file:///authentik-creds/pg_username
+                password: file:///authentik-creds/pg_password
+              redis:
+                host: 192.168.1.3
+                port: 30036
+                password: file:///authentik-creds/redis_password
+          volumeMounts:
+            - name: authentik-creds
+              mountPath: /authentik-creds
+            - name: media
+              mountPath: /media
+          volumes:
+            - name: authentik-creds
+              secret:
+                secretName: secrets-authentik
+            - name: media
+              persistentVolumeClaim:
+                claimName: pvc-authentik-media
+          autoscaling:
+            server:
+              enabled: true
+              maxScaling: 3
+            worker:
+              enabled: true
+          pdb:
+            server:
+              enabled: true
+              maxUnavailable: 2
+            worker:
+              enabled:
+                maxUnavailable: 4
+          service:
+            type: LoadBalancer
+            port: 9000
+            name: http
+          ingress:
            enabled: true
-            maxScaling: 3
-          worker:
-            enabled: true
-        pdb:
-          server:
-            enabled: true
-            maxUnavailable: 2
-          worker:
-            enabled:
-              maxUnavailable: 4
-        service:
-          type: LoadBalancer
-          port: 9000
-          name: http
-        ingress:
-          enabled: true
-          ingressClassName: traefik
-          hosts:
-            - host: auth.fukurokuju.dev
-              paths:
-                - path: "/"
-                  pathType: Prefix
-                  backend:
-                    service:
-                      name: authentik
-                      port:
-                        number: 9000
+            ingressClassName: traefik
+            hosts:
+              - host: auth.fukurokuju.dev
+                paths:
+                  - path: "/"
+                    pathType: Prefix
+                    backend:
+                      service:
+                        name: authentik
+                        port:
+                          number: 9000
+    - repoURL: https://git.roboces.dev/catalin/fukuops.git
+      path: k8s/services/authentik
+      targetRevision: main
  project: fuku
-  sources: []
  syncPolicy:
    automated: { }
--- a/k8s/services/authentik/pvc.yaml
+++ b/k8s/services/authentik/pvc.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-authentik-media
+  namespace: apps-fuku
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: "truenas-nfs-csi"
+  resources:
+    requests:
+      storage: 3Gi