diff --git a/k8s/infra/auth/authelia/cnpg-db.yaml b/k8s/infra/auth/authelia/cnpg-db.yaml new file mode 100644 index 0000000..9564c4d --- /dev/null +++ b/k8s/infra/auth/authelia/cnpg-db.yaml @@ -0,0 +1,39 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: authelia-postgres + namespace: authelia +spec: + instances: 1 + affinity: + nodeSelector: + topology.kubernetes.io/zone: euclid + monitoring: + enablePodMonitor: true + postgresql: + parameters: + timezone: Europe/Oslo + bootstrap: + initdb: + database: authelia + owner: authelia + managed: + services: + disabledDefaultServices: [ "ro", "r" ] +# additional: +# - selectorType: rw +# updateStrategy: patch +# serviceTemplate: +# metadata: +# name: authelia-postgres-db +# annotations: +# io.cilium/lb-ipam-ips: 192.168.1.240 +# spec: +# type: LoadBalancer + storage: + size: 512M + pvcTemplate: + storageClassName: proxmox-csi + volumeName: pv-authelia-postgres + accessModes: + - ReadWriteOnce diff --git a/k8s/infra/auth/authelia/kustomization.yaml b/k8s/infra/auth/authelia/kustomization.yaml index aa1c1e3..45bd88a 100644 --- a/k8s/infra/auth/authelia/kustomization.yaml +++ b/k8s/infra/auth/authelia/kustomization.yaml @@ -10,6 +10,7 @@ resources: - cert-ecdsa-jwk.yaml - oidc-argocd.yaml - http-route.yaml + - cnpg-db.yaml helmCharts: - name: authelia diff --git a/k8s/infra/auth/authelia/values.yaml b/k8s/infra/auth/authelia/values.yaml index c4625ab..345d838 100644 --- a/k8s/infra/auth/authelia/values.yaml +++ b/k8s/infra/auth/authelia/values.yaml @@ -31,11 +31,12 @@ configMap: storage: encryption_key: { secret_name: crypto } postgres: - enabled: false - address: 'tcp://postgres.databases.svc.cluster.local:5432' - # Switch to Postgres later - local: enabled: true + deploy: false + address: tcp://authelia-postgres-rw:5432 + database: authelia + username: authelia + password: { secret_name: authelia-postgres-app } notifier: filesystem: @@ -52,7 +53,7 @@ configMap: groups_filter: '(member={dn})' additional_groups_dn: 'ou=groups' user: 'UID=authelia,OU=people,DC=stonegarden,DC=dev' - password: { secret_name: 'lldap-auth' } + password: { secret_name: lldap-auth } identity_providers: oidc: @@ -102,6 +103,10 @@ configMap: secret: additionalSecrets: + authelia-postgres-app: + items: + - key: password + path: storage.postgres.password.txt lldap-auth: items: - key: password diff --git a/k8s/infra/database/pg-cluster/cnpg-cluster.yaml b/k8s/infra/database/pg-cluster/cnpg-cluster.yaml deleted file mode 100644 index 6fcfb93..0000000 --- a/k8s/infra/database/pg-cluster/cnpg-cluster.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: cluster-example - namespace: cnpg-database -spec: - instances: 3 - storage: - storageClass: proxmox-csi - size: 4G diff --git a/k8s/infra/database/pg-cluster/kustomization.yaml b/k8s/infra/database/pg-cluster/kustomization.yaml deleted file mode 100644 index 85637e9..0000000 --- a/k8s/infra/database/pg-cluster/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: cnpg-database - -resources: - - cnpg-cluster.yaml diff --git a/k8s/infra/database/pg-single/cnpg-single.yaml b/k8s/infra/database/pg-single/cnpg-single.yaml deleted file mode 100644 index 00ab83b..0000000 --- a/k8s/infra/database/pg-single/cnpg-single.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: single-example - namespace: cnpg-database -spec: - instances: 1 - affinity: - nodeSelector: - topology.kubernetes.io/zone: euclid - managed: - services: - disabledDefaultServices: [ "ro", "r" ] - additional: - - selectorType: rw - updateStrategy: patch - serviceTemplate: - metadata: - name: single-example-ext - annotations: - io.cilium/lb-ipam-ips: 192.168.1.230 - spec: - type: LoadBalancer - storage: - size: 4G - pvcTemplate: - storageClassName: proxmox-csi - volumeName: pv-single-database - accessModes: - - ReadWriteOnce diff --git a/k8s/infra/database/pg-single/kustomization.yaml b/k8s/infra/database/pg-single/kustomization.yaml deleted file mode 100644 index 02233fc..0000000 --- a/k8s/infra/database/pg-single/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: cnpg-database - -resources: - - cnpg-single.yaml diff --git a/k8s/infra/vpn/netbird/management/x-oidc-client.yaml b/k8s/infra/vpn/netbird/management/x-oidc-client.yaml index 1f1c7b7..91bbac4 100644 --- a/k8s/infra/vpn/netbird/management/x-oidc-client.yaml +++ b/k8s/infra/vpn/netbird/management/x-oidc-client.yaml @@ -8,9 +8,9 @@ spec: displayName: Netbird Backend description: Netbird Backend Client clientSecretSecretRef: - name: netbird-backend-oidc-credentials + name: management-oidc-credentials namespace: netbird - key: clientSecret + key: NETBIRD_IDP_CLIENT_SECRET type: CONFIDENTIAL grantTypes: - client_credentials diff --git a/tofu/kubernetes/main.tf b/tofu/kubernetes/main.tf index 39987a3..afcb6a7 100644 --- a/tofu/kubernetes/main.tf +++ b/tofu/kubernetes/main.tf @@ -128,6 +128,10 @@ module "volumes" { node = "euclid" size = "1G" } + pv-authelia-postgres = { + node = "euclid" + size = "512M" + } pv-keycloak-postgres = { node = "euclid" size = "2G" @@ -152,9 +156,5 @@ module "volumes" { node = "abel" size = "10G" } - pv-single-database = { - node = "euclid" - size = "4G" - } } }