Use secrets for authentik's database stuff
This commit is contained in:
parent
a1b15de4b2
commit
f933e23d1c
GPG Key ID:
568F326C7EB33ACB
|
|
@ -0,0 +1,62 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: authentik-secrets
|
||||||
|
namespace: authentik
|
||||||
|
stringData:
|
||||||
|
pgsqlAdminPassword: ENC[AES256_GCM,data:QTiI/6L2BR+qBE5dl4Vb6Dj5mrr/kJEazJocjuQUgAw=,iv:vb6ohS0DMXFXGI5ZJmWNkn7EbyfjMQfjq6GxFIxHbJM=,tag:SR034jGOv3XLkrhF/z62tA==,type:str]
|
||||||
|
pgsqlUserPassword: ENC[AES256_GCM,data:oFsvEIAUUmKJIyCqyW+F/HkL/hZAtbVHZN71dRIJGR8=,iv:ilioD/oa7FBUEew7L6FcLzx5qSFqU7aLDP7aCuRFNO0=,tag:qrk37fQxZPkLQPpJsRZJ6Q==,type:str]
|
||||||
|
redisUserPassword: ENC[AES256_GCM,data:XasVsj+I0iuF/AXpws6sLThdqMCvPyMtTXxBHLAWlGM=,iv:Y0Soq5b19HkYWk4bdLMqazOgtLpgzD3saqUslXWvxv4=,tag:BL6arsBG0gkkdItQYRphEw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-04-07T04:48:38Z"
|
||||||
|
mac: ENC[AES256_GCM,data:o3L7kGBpBh0Zg4afMa/cQvrr6c41M4qSBwVYEt5Ex1+GsIl1Q5yD6EHOfCASvWglcGOwsbIiAWUhFm97rpbX1bXjr5u5XQs6dcxMjduMU3wn77QCQ0NM+ijcEhh/Bs188Pud0IMFtxDFNSV/hjrrGPOkobaBjd3svRC9Y39T9ds=,iv:kNyyQ5n30EmyFCo1CcaH9QzZ7uW0yLVReqwZTSeJSpk=,tag:rbgkwpqobOCAv/PPuegGDQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-04-07T01:57:22Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ/9Hi4VyrUXV7LvbCFiLbyfv314lMGwrAf+2po/4Lr1hANe
|
||||||
|
KiwpfthiNheAjNaGCG6v2C1rx2Wrr5G3+rMik/1TLWbg2u9zZU4mWO8bwJUGXKDo
|
||||||
|
/T1nl47f09UPDtQ6KiG0nPf3M0Ovmk3d63R3zpY4Q7uE4uhLNDr0KD9mp7MmRCbZ
|
||||||
|
PO++tdiZa67z9owNDh/NSnQr9Y6JwjlxlkJl5SJ76vaK/SaOi/j86mOm9CV6SQmk
|
||||||
|
cLOwiO7JxV8I4gD9jlLdYEPS+nqztX5eHLRoaXsAQrX4DdWNnOF0C2sk9nMHwQTb
|
||||||
|
W8/SVmg7TiVVL6qVCXgUCgFRXllrlGlXlfv+W6ruuZIBv2MAA1V+afl5A3/KVvE6
|
||||||
|
FDq9YrJ4XfZPCD2ZByM2386L8MiUwkfF/3uge38MT/WDU2DTT+g7jV3UQs+Awi8f
|
||||||
|
N4YBVBcp5jGTkMD0347GPfPF7kdiN/YFZ/Ws1jf/EsS6vOpKNlPn64fVJfTSfdie
|
||||||
|
rvNxksi8Y4vpwEngy38t7JRfpJniDo9iK9EwhXMChYXnWkiz/B3vMoii496B7TzO
|
||||||
|
9gKd4v7kFA6iXI+wqbYrZfOGeLZlMI99pwTatNL4fo9ABJ7JScISzTvS7p/xB6Ae
|
||||||
|
JPdlA0Tf8wP4RYz8YYRcNlfEQPZYb4kHj5r9Ei59InHzwKfq9GyKKvluS0/k3NHU
|
||||||
|
aAEJAhCVkPuIHluRLHsjVEbKbFzSJUG8p/hSSmQnfk3CT36/dJhgv3jzoL+1/Sx1
|
||||||
|
o8OwWPmNq8TuX9SaXfhfy/EGMulWgRaztxt9D+0+wgc8IOAPp+0SYUsaOa0T9+Pl
|
||||||
|
pjU1GRaK5AlT
|
||||||
|
=mItp
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-04-07T01:57:22Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA4WLYkVpP8xtAQ/9FQGyKS1wEodU9ZVZ8kxijp6aFtMCmL/I5HBEhbSLj0P9
|
||||||
|
TVD0QwnUPZqf7zlWrAh6TspyLQdRMt9JAYZCPyLgu//FdKfBJNYeU3+aWj/lMtJ4
|
||||||
|
Twgs7NPtGbRJcpF+a4NmAOIqzKfJI+h714BLFoWrGtUmTE9/dBHh2yxADSgprY1o
|
||||||
|
/4J8aHQfaqg5JwijP3PhtRMxla4YQfhqf0JRAcmQPKUDuxT2QG/wp59Fq/665aaO
|
||||||
|
JFWiCOPBqTtEhY4ML4EYNUV+Cd7UT7LOXC+Xzuj1eEGMV1Pmqd1u1UyQKvHOOXhT
|
||||||
|
AfGeCub+ZONGfmcDcY5gEMnbSCGcQEvipA3dBIIFklgnxM00jmcJ1Ojo1+MYynpl
|
||||||
|
E1XLOaolRWinlDNXA62k8iWG33hcxHGSzkHrsQjtqrrD2PdHS1RmTJ8Hn+iuRUn6
|
||||||
|
/fGk8ZQJ7oMPsZNyfiM0OdwSXxJ4rQUtGkHHd727S4K6nXC6OLxXCzl7lYG7QKcP
|
||||||
|
RVrbFMNv01aToyNGhLmcSxUYdQ4oc+nv65rNZDsdbi34T+dlULboJDkwV6JrJ5dz
|
||||||
|
hlu3ySgijZuRD5bfpfKB2RScu2ixEijOIyk1oXBB2Dhyh1ezc3qnAw8xkGr9W2SE
|
||||||
|
roBuu95mZsIZEtfMS5hxwGyWzSCENnbkSukQhUoIjRXryly7MQgNZ5FMX+f5n3DU
|
||||||
|
aAEJAhBJcIEidIhFVqDkezzMcofKl3MlXWqkfTUV3vsjz6EpN1FwhpZ3prTexUcM
|
||||||
|
9XCx9Wq1kMpjkphWETh2lSAafyIz6R/d4zWV5IWIeDh+USYT9z0Rprp4URka4Wjx
|
||||||
|
fux0T5xDbgq5
|
||||||
|
=eiXM
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
||||||
|
|
@ -27,12 +27,26 @@ spec:
|
||||||
postgresql:
|
postgresql:
|
||||||
host: "postgresql.database"
|
host: "postgresql.database"
|
||||||
name: "authentik" # database name
|
name: "authentik" # database name
|
||||||
user: postgres
|
user: "k3spostgresql"
|
||||||
password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
|
# password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
|
||||||
port: 5432
|
# port: 5432
|
||||||
redis:
|
redis:
|
||||||
host: "redis-master.database"
|
host: "redis-master.database"
|
||||||
password: "${SECRET_DATABASE_REDIS_PASS}"
|
# password: "${SECRET_DATABASE_REDIS_PASS}"
|
||||||
|
|
||||||
|
# env:
|
||||||
|
# AUTHENTIK_HOST: https://auth.***REMOVED***
|
||||||
|
# AUTHENTIK_HOST_BROWSER: https://auth.***REMOVED***
|
||||||
|
|
||||||
|
envValueFrom:
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
key: pgsqlUserPassword
|
||||||
|
name: authentik-secrets
|
||||||
|
AUTHENTIK_REDIS__PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
key: redisUserPassword
|
||||||
|
name: authentik-secrets
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
|
- ./authentik-secrets.sops.yaml
|
||||||
- ./helm-repository.yaml
|
- ./helm-repository.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./network_policy.yaml
|
- ./network_policy.yaml
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue