-
Notifications
You must be signed in to change notification settings - Fork 0
/
authentik.ts
87 lines (82 loc) · 2.13 KB
/
authentik.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
export type SSOOptions = {
provider: k8s.Provider;
issuer: k8s.apiextensions.CustomResource;
host: string;
namespace: string;
secret: pulumi.Input<string>;
db: {
password: pulumi.Input<string>;
};
};
const pulumiComponentNamespace: string = "turingev:SSO";
export class SSO extends pulumi.ComponentResource {
public readonly chart: k8s.helm.v3.Release;
public readonly namespace: k8s.core.v1.Namespace;
constructor(
name: string,
args: SSOOptions,
opts?: pulumi.ComponentResourceOptions,
) {
super(pulumiComponentNamespace, name, args, opts);
this.chart = new k8s.helm.v3.Release(
name,
{
chart: "authentik",
namespace: args.namespace,
repositoryOpts: {
repo: "https://charts.goauthentik.io/",
},
values: {
authentik: {
secret_key: args.secret,
error_reporting: {
enabled: true,
},
postgresql: {
password: args.db.password,
},
},
ingress: {
enabled: true,
tls: [
{
secretName: `${args.host}-cert`,
hosts: [args.host],
},
],
annotations: {
"cert-manager.io/cluster-issuer": args.issuer.metadata.name,
},
hosts: [
{
host: args.host,
paths: [
{
path: "/",
pathType: "Prefix",
},
],
},
],
},
postgresql: {
enabled: true,
postgresqlPassword: args.db.password,
},
redis: {
enabled: true,
},
persistence: {
enabled: true,
storageClass: "longhorn",
accessModes: ["ReadWriteOnce"],
},
},
version: "2023.8.2",
},
{ dependsOn: this.namespace, provider: args.provider, parent: this },
);
}
}