Add Authentik identity provider deployment
- Helm chart authentik 2026.5.3 with 3 server replicas, 2 worker replicas - CNPG PostgreSQL cluster (3 instances) with rw and ro poolers (2 instances each) - Redis with 5Gi persistent storage - Gateway API: identity.unkin.net and identity.k8s.syd1.au.unkin.net (HTTPS) - LDAPS via TLSRoute on ldap.k8s.syd1.au.unkin.net and ldap.main.unkin.net - Multi-SAN TLS via cert-manager gateway integration - S3 storage via RadosGW (bucket: authentik) - Vault secrets: postgres-credentials, authentik-credentials, s3-credentials - Woodpecker ServiceAccount for terraform-authentik CI - Platform applicationset and project updated
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: authentik-ldap-dns
|
||||
namespace: authentik
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: ldap.k8s.syd1.au.unkin.net,ldap.main.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||
spec:
|
||||
hostnames:
|
||||
- ldap.k8s.syd1.au.unkin.net
|
||||
- ldap.main.unkin.net
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: authentik-ldap
|
||||
sectionName: http-dns
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: authentik-ldap
|
||||
sectionName: http-dns-main
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
Reference in New Issue
Block a user