Add Authentik identity provider deployment
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

- Helm chart authentik 2026.5.3 with 3 server replicas, 2 worker replicas
- CNPG PostgreSQL cluster (3 instances) with rw and ro poolers (2 instances each)
- Redis with 5Gi persistent storage
- Gateway API: identity.unkin.net and identity.k8s.syd1.au.unkin.net (HTTPS)
- LDAPS via TLSRoute on ldap.k8s.syd1.au.unkin.net and ldap.main.unkin.net
- Multi-SAN TLS via cert-manager gateway integration
- S3 storage via RadosGW (bucket: authentik)
- Vault secrets: postgres-credentials, authentik-credentials, s3-credentials
- Woodpecker ServiceAccount for terraform-authentik CI
- Platform applicationset and project updated
This commit is contained in:
2026-06-28 12:40:38 +10:00
parent 784c3b5de1
commit 85172b92cb
21 changed files with 706 additions and 0 deletions
+32
View File
@@ -0,0 +1,32 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: authentik-ldap-dns
namespace: authentik
annotations:
external-dns.alpha.kubernetes.io/hostname: ldap.k8s.syd1.au.unkin.net,ldap.main.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
hostnames:
- ldap.k8s.syd1.au.unkin.net
- ldap.main.unkin.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik-ldap
sectionName: http-dns
- group: gateway.networking.k8s.io
kind: Gateway
name: authentik-ldap
sectionName: http-dns-main
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
matches:
- path:
type: PathPrefix
value: /