Erich Blume a79a33eeed Mikado: identify three leaf prerequisites for Authentik deploy

Attempted deployment fails on three independent blockers:
1. Container image doesn't exist (build-authentik-container)
2. PostgreSQL database doesn't exist (provision-authentik-database)
3. 1Password secrets don't exist (create-authentik-secrets)

Created cards for each and added requires to goal card.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-20 09:40:09 -08:00

1.3 KiB

Raw Blame History

title

status

modified

Create Authentik Secrets

Create the 1Password item that the ExternalSecret references for Authentik configuration.

Context

Discovered while attempting deploy-authentik: the ExternalSecret references 1Password item "Authentik (blumeops)" which doesn't exist. Without it, the authentik-config Kubernetes secret won't be created and pods can't start.

What to Do

Generate a random secret key for Authentik (AUTHENTIK_SECRET_KEY)
Create 1Password item "Authentik (blumeops)" in vault blumeops with fields:
- secret-key: random 50+ character string
- postgresql-host: Tailscale-accessible postgres hostname
- postgresql-port: 5432
- postgresql-name: authentik
- postgresql-user: authentik
- postgresql-password: the password from provision-authentik-database
Verify the ExternalSecret can resolve on ringtail's cluster

Notes

This partially depends on provision-authentik-database for the postgres password, but the 1Password item structure and secret key can be created independently.

deploy-authentik — Parent goal
provision-authentik-database — Source of database credentials

1.3 KiB Raw Blame History

Create Authentik Secrets

Context

What to Do

Notes

Related

1.3 KiB

Raw Blame History