From 7286524192ac75c8ea70b8b626d9e46843f7741f Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 12 Jan 2026 18:23:15 +0000 Subject: [PATCH] removed bitnami charts --- apps/authentik/Chart.yaml | 10 -- apps/authentik/dependencies.yaml | 101 ++++++++++++++++ apps/authentik/deployment.yaml | 112 ++++++++++++++++++ .../{templates => }/external-secret.yaml | 0 apps/authentik/ingress.yaml | 26 ++++ apps/authentik/values.yaml | 67 ----------- 6 files changed, 239 insertions(+), 77 deletions(-) delete mode 100644 apps/authentik/Chart.yaml create mode 100644 apps/authentik/dependencies.yaml create mode 100644 apps/authentik/deployment.yaml rename apps/authentik/{templates => }/external-secret.yaml (100%) create mode 100644 apps/authentik/ingress.yaml delete mode 100644 apps/authentik/values.yaml diff --git a/apps/authentik/Chart.yaml b/apps/authentik/Chart.yaml deleted file mode 100644 index 92f9397..0000000 --- a/apps/authentik/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: authentik-wrapper -description: Wrapper chart for Authentik -type: application -version: 1.0.0 -appVersion: "1.0.0" -dependencies: - - name: authentik - repository: https://charts.goauthentik.io - version: 2024.12.0 # Aktuelle Version prüfen oder latest nehmen diff --git a/apps/authentik/dependencies.yaml b/apps/authentik/dependencies.yaml new file mode 100644 index 0000000..ea5bab3 --- /dev/null +++ b/apps/authentik/dependencies.yaml @@ -0,0 +1,101 @@ +--- +# REDIS +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authentik-redis + namespace: authentik +spec: + replicas: 1 + selector: + matchLabels: + app: authentik-redis + template: + metadata: + labels: + app: authentik-redis + spec: + containers: + - name: redis + image: redis:7-alpine + command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"] + ports: + - containerPort: 6379 + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: authentik-secrets + key: AUTHENTIK_REDIS__PASSWORD + resources: + requests: + cpu: 50m + memory: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: authentik-redis + namespace: authentik +spec: + ports: + - port: 6379 + targetPort: 6379 + selector: + app: authentik-redis +--- +# POSTGRES +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: authentik-postgresql + namespace: authentik +spec: + serviceName: authentik-postgresql + replicas: 1 + selector: + matchLabels: + app: authentik-postgresql + template: + metadata: + labels: + app: authentik-postgresql + spec: + containers: + - name: postgres + image: postgres:15-alpine + ports: + - containerPort: 5432 + env: + - name: POSTGRES_DB + value: authentik + - name: POSTGRES_USER + value: authentik + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: authentik-secrets + key: AUTHENTIK_POSTGRESQL__PASSWORD + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + volumeClaimTemplates: + - metadata: + name: postgres-data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: authentik-postgresql + namespace: authentik +spec: + ports: + - port: 5432 + targetPort: 5432 + selector: + app: authentik-postgresql diff --git a/apps/authentik/deployment.yaml b/apps/authentik/deployment.yaml new file mode 100644 index 0000000..27e6d6b --- /dev/null +++ b/apps/authentik/deployment.yaml @@ -0,0 +1,112 @@ +--- +# Authentik Configuration (Shared Env Vars) +apiVersion: v1 +kind: ConfigMap +metadata: + name: authentik-config + namespace: authentik +data: + AUTHENTIK_REDIS__HOST: "authentik-redis" + AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql" + AUTHENTIK_POSTGRESQL__USER: "authentik" + AUTHENTIK_POSTGRESQL__NAME: "authentik" + AUTHENTIK_EMAIL__HOST: "smtp.example.com" + AUTHENTIK_EMAIL__PORT: "587" + AUTHENTIK_EMAIL__USE_TLS: "true" + AUTHENTIK_EMAIL__USERNAME: "user" + AUTHENTIK_EMAIL__FROM: "authentik@stabify.de" + AUTHENTIK_ERROR_REPORTING__ENABLED: "false" +--- +# SERVER (Web/API) +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authentik-server + namespace: authentik + labels: + app: authentik + component: server +spec: + replicas: 1 + selector: + matchLabels: + app: authentik + component: server + template: + metadata: + labels: + app: authentik + component: server + spec: + containers: + - name: authentik + image: ghcr.io/goauthentik/server:2024.12.0 + command: ["/ak-server"] # Start Server + ports: + - containerPort: 9000 + name: http + - containerPort: 9443 + name: https + envFrom: + - configMapRef: + name: authentik-config + - secretRef: + name: authentik-secrets + readinessProbe: + httpGet: + path: /-/health/ready/ + port: 9000 + initialDelaySeconds: 10 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /-/health/live/ + port: 9000 + initialDelaySeconds: 10 + periodSeconds: 20 +--- +# WORKER (Background Tasks) +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authentik-worker + namespace: authentik + labels: + app: authentik + component: worker +spec: + replicas: 1 + selector: + matchLabels: + app: authentik + component: worker + template: + metadata: + labels: + app: authentik + component: worker + spec: + containers: + - name: authentik + image: ghcr.io/goauthentik/server:2024.12.0 + command: ["/ak-worker"] # Start Worker + envFrom: + - configMapRef: + name: authentik-config + - secretRef: + name: authentik-secrets +--- +apiVersion: v1 +kind: Service +metadata: + name: authentik-server + namespace: authentik +spec: + ports: + - port: 80 + targetPort: 9000 + protocol: TCP + name: http + selector: + app: authentik + component: server diff --git a/apps/authentik/templates/external-secret.yaml b/apps/authentik/external-secret.yaml similarity index 100% rename from apps/authentik/templates/external-secret.yaml rename to apps/authentik/external-secret.yaml diff --git a/apps/authentik/ingress.yaml b/apps/authentik/ingress.yaml new file mode 100644 index 0000000..7ed213e --- /dev/null +++ b/apps/authentik/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: authentik + namespace: authentik + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + ingressClassName: traefik + tls: + - hosts: + - auth.apps.k3s.stabify.de + secretName: authentik-tls + rules: + - host: auth.apps.k3s.stabify.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: authentik-server + port: + name: http diff --git a/apps/authentik/values.yaml b/apps/authentik/values.yaml deleted file mode 100644 index 52d2c17..0000000 --- a/apps/authentik/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -authentik: - # --- App Configuration --- - authentik: - error_reporting: - enabled: false - email: - host: "smtp.example.com" - port: 587 - username: "user" - use_tls: true - from: "authentik@stabify.de" - secret_key: "" # Via Env Var - - # --- Server Component (UI & API) --- - server: - envFrom: - - secretRef: - name: authentik-secrets - ingress: - enabled: true - ingressClassName: traefik - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - hosts: - - "auth.apps.k3s.stabify.de" - paths: - - "/" - tls: - - secretName: authentik-tls - hosts: - - "auth.apps.k3s.stabify.de" - - # --- Worker Component --- - worker: - envFrom: - - secretRef: - name: authentik-secrets - - # --- Dependencies (Postgres & Redis) --- - postgresql: - enabled: true - image: - registry: docker.io - repository: bitnami/postgresql - tag: "15" # Stabil - auth: - existingSecret: "authentik-secrets" - secretKeys: - adminPasswordKey: "postgres-password" - userPasswordKey: "postgres-password" - primary: - persistence: - enabled: true - size: 8Gi - - redis: - enabled: true - image: - registry: docker.io - repository: bitnami/redis - tag: "7.2" # Stabil - auth: - existingSecret: "authentik-secrets" - existingSecretPasswordKey: "redis-password" - architecture: standalone