removed bitnami charts

apps/authentik/Chart.yaml

@@ -1,10 +0,0 @@
-apiVersion: v2
-name: authentik-wrapper
-description: Wrapper chart for Authentik
-type: application
-version: 1.0.0
-appVersion: "1.0.0"
-dependencies:
-  - name: authentik
-    repository: https://charts.goauthentik.io
-    version: 2024.12.0 # Aktuelle Version prüfen oder latest nehmen

apps/authentik/dependencies.yaml

@@ -0,0 +1,101 @@
+---
+# REDIS
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authentik-redis
+  namespace: authentik
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: authentik-redis
+  template:
+    metadata:
+      labels:
+        app: authentik-redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:7-alpine
+          command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"]
+          ports:
+            - containerPort: 6379
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: authentik-secrets
+                  key: AUTHENTIK_REDIS__PASSWORD
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: authentik-redis
+  namespace: authentik
+spec:
+  ports:
+    - port: 6379
+      targetPort: 6379
+  selector:
+    app: authentik-redis
+---
+# POSTGRES
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: authentik-postgresql
+  namespace: authentik
+spec:
+  serviceName: authentik-postgresql
+  replicas: 1
+  selector:
+    matchLabels:
+      app: authentik-postgresql
+  template:
+    metadata:
+      labels:
+        app: authentik-postgresql
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:15-alpine
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_DB
+              value: authentik
+            - name: POSTGRES_USER
+              value: authentik
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: authentik-secrets
+                  key: AUTHENTIK_POSTGRESQL__PASSWORD
+          volumeMounts:
+            - name: postgres-data
+              mountPath: /var/lib/postgresql/data
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: authentik-postgresql
+  namespace: authentik
+spec:
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: authentik-postgresql

apps/authentik/deployment.yaml

@@ -0,0 +1,112 @@
+---
+# Authentik Configuration (Shared Env Vars)
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: authentik-config
+  namespace: authentik
+data:
+  AUTHENTIK_REDIS__HOST: "authentik-redis"
+  AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql"
+  AUTHENTIK_POSTGRESQL__USER: "authentik"
+  AUTHENTIK_POSTGRESQL__NAME: "authentik"
+  AUTHENTIK_EMAIL__HOST: "smtp.example.com"
+  AUTHENTIK_EMAIL__PORT: "587"
+  AUTHENTIK_EMAIL__USE_TLS: "true"
+  AUTHENTIK_EMAIL__USERNAME: "user"
+  AUTHENTIK_EMAIL__FROM: "authentik@stabify.de"
+  AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
+---
+# SERVER (Web/API)
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authentik-server
+  namespace: authentik
+  labels:
+    app: authentik
+    component: server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: authentik
+      component: server
+  template:
+    metadata:
+      labels:
+        app: authentik
+        component: server
+    spec:
+      containers:
+        - name: authentik
+          image: ghcr.io/goauthentik/server:2024.12.0
+          command: ["/ak-server"] # Start Server
+          ports:
+            - containerPort: 9000
+              name: http
+            - containerPort: 9443
+              name: https
+          envFrom:
+            - configMapRef:
+                name: authentik-config
+            - secretRef:
+                name: authentik-secrets
+          readinessProbe:
+            httpGet:
+              path: /-/health/ready/
+              port: 9000
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /-/health/live/
+              port: 9000
+            initialDelaySeconds: 10
+            periodSeconds: 20
+---
+# WORKER (Background Tasks)
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authentik-worker
+  namespace: authentik
+  labels:
+    app: authentik
+    component: worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: authentik
+      component: worker
+  template:
+    metadata:
+      labels:
+        app: authentik
+        component: worker
+    spec:
+      containers:
+        - name: authentik
+          image: ghcr.io/goauthentik/server:2024.12.0
+          command: ["/ak-worker"] # Start Worker
+          envFrom:
+            - configMapRef:
+                name: authentik-config
+            - secretRef:
+                name: authentik-secrets
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: authentik-server
+  namespace: authentik
+spec:
+  ports:
+    - port: 80
+      targetPort: 9000
+      protocol: TCP
+      name: http
+  selector:
+    app: authentik
+    component: server

apps/authentik/ingress.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: authentik
+  namespace: authentik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - auth.apps.k3s.stabify.de
+      secretName: authentik-tls
+  rules:
+    - host: auth.apps.k3s.stabify.de
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: authentik-server
+                port:
+                  name: http

apps/authentik/values.yaml

@@ -1,67 +0,0 @@
-authentik:
-  # --- App Configuration ---
-  authentik:
-    error_reporting:
-      enabled: false
-    email:
-      host: "smtp.example.com"
-      port: 587
-      username: "user"
-      use_tls: true
-      from: "authentik@stabify.de"
-    secret_key: "" # Via Env Var
-
-  # --- Server Component (UI & API) ---
-  server:
-    envFrom:
-      - secretRef:
-          name: authentik-secrets
-    ingress:
-      enabled: true
-      ingressClassName: traefik
-      annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
-        traefik.ingress.kubernetes.io/router.entrypoints: websecure
-        traefik.ingress.kubernetes.io/router.tls: "true"
-      hosts:
-        - "auth.apps.k3s.stabify.de"
-      paths:
-        - "/"
-      tls:
-        - secretName: authentik-tls
-          hosts:
-            - "auth.apps.k3s.stabify.de"
-
-  # --- Worker Component ---
-  worker:
-    envFrom:
-      - secretRef:
-          name: authentik-secrets
-
-  # --- Dependencies (Postgres & Redis) ---
-  postgresql:
-    enabled: true
-    image:
-      registry: docker.io
-      repository: bitnami/postgresql
-      tag: "15" # Stabil
-    auth:
-      existingSecret: "authentik-secrets"
-      secretKeys:
-        adminPasswordKey: "postgres-password"
-        userPasswordKey: "postgres-password"
-    primary:
-      persistence:
-        enabled: true
-        size: 8Gi
-
-  redis:
-    enabled: true
-    image:
-      registry: docker.io
-      repository: bitnami/redis
-      tag: "7.2" # Stabil
-    auth:
-      existingSecret: "authentik-secrets"
-      existingSecretPasswordKey: "redis-password"
-    architecture: standalone