feat: Switch authentication provider to pinniped
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
2023-08-21 09:02:33 +02:00
parent 455a2e14be
commit 05b271214c
8 changed files with 52 additions and 37 deletions

View File

@ -33,8 +33,6 @@ platform:
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: authentik
url: https://charts.goauthentik.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
@ -69,32 +67,6 @@ components:
hosts:
- gitops.{{ vapp['metacluster.fqdn'] }}
authentik:
helm:
version: 2023.3.1
chart: authentik/authentik
parse_logic: helm template . --set postgresql.enabled=true,redis.enabled=true | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
authentik:
avatars: none
secret_key: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}"
postgresql:
password: "{{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}"
env:
AUTHENTIK_BOOTSTRAP_PASSWORD: "{{ vapp['metacluster.password'] }}"
ingress:
enabled: true
hosts:
- host: auth.{{ vapp['metacluster.fqdn'] }}
paths:
- path: "/"
pathType: Prefix
postgresql:
enabled: true
postgresqlPassword: "{{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}"
redis:
enabled: true
cert-manager:
helm:
version: 1.11.0
@ -225,6 +197,10 @@ components:
persistence:
defaultClassReplicaCount: 1
pinniped:
# Must match the version referenced at `dependencies.static_binaries[.filename==pinniped].url`
version: v0.25.0
step-certificates:
helm:
version: 1.23.0
@ -282,6 +258,8 @@ dependencies:
- filename: kubectl-slice
url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
archive: compressed
- filename: pinniped
url: https://github.com/vmware-tanzu/pinniped/releases/download/v0.25.0/pinniped-cli-linux-amd64
- filename: skopeo
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
- filename: step