feat(k8s/services/authentik): add pvc

2024-01-06 00:53:53 +01:00 · 2024-01-06 00:53:53 +01:00 · 912d95caec
commit 912d95caec
parent b34bb2864a
2 changed files with 82 additions and 63 deletions
--- a/k8s/argo-apps/authentik.yaml
+++ b/k8s/argo-apps/authentik.yaml
@ -8,70 +8,77 @@ spec:
    name: ''
    namespace: 'apps-fuku'
    server: "https://kubernetes.default.svc"
-  source:
+  sources:
-    chart: authentik
+    - chart: authentik
-    repoURL: https://charts.goauthentik.io/
+      repoURL: https://charts.goauthentik.io/
-    targetRevision: 2023.10.*
+      targetRevision: 2023.10.*
-    helm:
+      helm:
-      valuesObject:
+        valuesObject:
-        authentik:
+          authentik:
-            secret_key: file:///authentik-creds/secret_key
+              secret_key: file:///authentik-creds/secret_key
-            reporting_enabled: false
+              reporting_enabled: false
-            email:
+              email:
-              host: mail.fukurokuju.dev
+                host: mail.fukurokuju.dev
-              port: 465
+                port: 465
-              password: file:///authentik-creds/email_password
+                password: file:///authentik-creds/email_password
-              username: auth@fukurokuju.dev
+                username: auth@fukurokuju.dev
-              use_ssl: true
+                use_ssl: true
-              timeout: 30
+                timeout: 30
-              from: auth@fukurokuju.dev
+                from: auth@fukurokuju.dev
-            postgresql:
+              postgresql:
-              host: 192.168.1.13
+                host: 192.168.1.13
-              name: auth
+                name: auth
-              user: file:///authentik-creds/pg_username
+                user: file:///authentik-creds/pg_username
-              password: file:///authentik-creds/pg_password
+                password: file:///authentik-creds/pg_password
-            redis:
+              redis:
-              host: 192.168.1.3
+                host: 192.168.1.3
-              port: 30036
+                port: 30036
-              password: file:///authentik-creds/redis_password
+                password: file:///authentik-creds/redis_password
-        volumeMounts:
+          volumeMounts:
-          - name: authentik-creds
+            - name: authentik-creds
-            mountPath: /authentik-creds
+              mountPath: /authentik-creds
-        volumes:
+            - name: media
-          - name: authentik-creds
+              mountPath: /media
-            secret:
+          volumes:
-              secretName: secrets-authentik
+            - name: authentik-creds
-        autoscaling:
+              secret:
-          server:
+                secretName: secrets-authentik
            - name: media
              persistentVolumeClaim:
                claimName: pvc-authentik-media
          autoscaling:
            server:
              enabled: true
              maxScaling: 3
            worker:
              enabled: true
          pdb:
            server:
              enabled: true
              maxUnavailable: 2
            worker:
              enabled:
                maxUnavailable: 4
          service:
            type: LoadBalancer
            port: 9000
            name: http
          ingress:
            enabled: true
-            maxScaling: 3
+            ingressClassName: traefik
-          worker:
+            hosts:
-            enabled: true
+              - host: auth.fukurokuju.dev
-        pdb:
+                paths:
-          server:
+                  - path: "/"
-            enabled: true
+                    pathType: Prefix
-            maxUnavailable: 2
+                    backend:
-          worker:
+                      service:
-            enabled:
+                        name: authentik
-              maxUnavailable: 4
+                        port:
-        service:
+                          number: 9000
-          type: LoadBalancer
+    - repoURL: https://git.roboces.dev/catalin/fukuops.git
-          port: 9000
+      path: k8s/services/authentik
-          name: http
+      targetRevision: main
        ingress:
          enabled: true
          ingressClassName: traefik
          hosts:
            - host: auth.fukurokuju.dev
              paths:
                - path: "/"
                  pathType: Prefix
                  backend:
                    service:
                      name: authentik
                      port:
                        number: 9000
  project: fuku
  sources: []
  syncPolicy:
    automated: { }
--- a/k8s/services/authentik/pvc.yaml
+++ b/k8s/services/authentik/pvc.yaml
@ -0,0 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: pvc-authentik-media
  namespace: apps-fuku
 spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "truenas-nfs-csi"
  resources:
    requests:
      storage: 3Gi