53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authentik-secrets
|
|
namespace: authentik
|
|
spec:
|
|
refreshInterval: 1m
|
|
secretStoreRef:
|
|
name: vault-backend
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: authentik-secrets
|
|
creationPolicy: Owner
|
|
data:
|
|
# Genereller Secret Key für Authentik
|
|
- secretKey: AUTHENTIK_SECRET_KEY
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: secret_key
|
|
|
|
# Email Passwort (Optional)
|
|
- secretKey: AUTHENTIK_EMAIL__PASSWORD
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: email_password
|
|
|
|
# DB & Redis Passwörter für Authentik Config (Env Vars)
|
|
- secretKey: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: postgres_password
|
|
- secretKey: AUTHENTIK_REDIS__PASSWORD
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: redis_password
|
|
|
|
# Passwörter für die Infrastruktur-Container (Postgres/Redis Pods selbst)
|
|
# Diese Keys werden in values.yaml referenziert
|
|
- secretKey: postgres-password
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: postgres_password
|
|
- secretKey: redis-password
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: redis_password
|
|
|
|
# Initial Admin Token (optional, zum Bootstrappen)
|
|
- secretKey: AUTHENTIK_BOOTSTRAP_TOKEN
|
|
remoteRef:
|
|
key: secret/apps/authentik
|
|
property: bootstrap_token
|