deployment for athentik

2026-01-12 16:24:49 +00:00
parent 8d3c77664f
commit 4dee56fb54
5 changed files with 215 additions and 0 deletions
--- a/apps/authentik/external-secret.yaml
+++ b/apps/authentik/external-secret.yaml
@@ -0,0 +1,52 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: authentik-secrets
+  namespace: authentik
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: authentik-secrets
+    creationPolicy: Owner
+  data:
+    # Genereller Secret Key für Authentik
+    - secretKey: AUTHENTIK_SECRET_KEY
+      remoteRef:
+        key: secret/apps/authentik
+        property: secret_key
+    
+    # Email Passwort (Optional)
+    - secretKey: AUTHENTIK_EMAIL__PASSWORD
+      remoteRef:
+        key: secret/apps/authentik
+        property: email_password
+
+    # DB & Redis Passwörter für Authentik Config (Env Vars)
+    - secretKey: AUTHENTIK_POSTGRESQL__PASSWORD
+      remoteRef:
+        key: secret/apps/authentik
+        property: postgres_password
+    - secretKey: AUTHENTIK_REDIS__PASSWORD
+      remoteRef:
+        key: secret/apps/authentik
+        property: redis_password
+
+    # Passwörter für die Infrastruktur-Container (Postgres/Redis Pods selbst)
+    # Diese Keys werden in values.yaml referenziert
+    - secretKey: postgres-password
+      remoteRef:
+        key: secret/apps/authentik
+        property: postgres_password
+    - secretKey: redis-password
+      remoteRef:
+        key: secret/apps/authentik
+        property: redis_password
+    
+    # Initial Admin Token (optional, zum Bootstrappen)
+    - secretKey: AUTHENTIK_BOOTSTRAP_TOKEN
+      remoteRef:
+        key: secret/apps/authentik
+        property: bootstrap_token