Erich Blume
86317315ed
Now that argocd's Authentik OAuth2 client is public (PKCE-only), the client_secret plumbing is dead code: - delete argocd-oidc-authentik ExternalSecret and drop it from kustomization - remove AUTHENTIK_ARGOCD_CLIENT_SECRET env from authentik-worker - remove argocd-client-secret mapping from authentik-config ExternalSecret The argocd-client-secret field in the 1Password "Authentik (blumeops)" item is now unreferenced and can be deleted there. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
63 lines
1.8 KiB
YAML
63 lines
1.8 KiB
YAML
---
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authentik-config
|
|
namespace: authentik
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: onepassword-blumeops
|
|
target:
|
|
name: authentik-config
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: secret-key
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: secret-key
|
|
- secretKey: postgresql-host
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: postgresql-host
|
|
- secretKey: postgresql-port
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: postgresql-port
|
|
- secretKey: postgresql-name
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: postgresql-name
|
|
- secretKey: postgresql-user
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: postgresql-user
|
|
- secretKey: postgresql-password
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: postgresql-password
|
|
- secretKey: grafana-client-secret
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: grafana-client-secret
|
|
- secretKey: forgejo-client-secret
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: forgejo-client-secret
|
|
- secretKey: zot-client-secret
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: zot-client-secret
|
|
- secretKey: jellyfin-client-secret
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: jellyfin-client-secret
|
|
- secretKey: mealie-client-secret
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: mealie-client-secret
|
|
- secretKey: paperless-client-secret
|
|
remoteRef:
|
|
key: "Authentik (blumeops)"
|
|
property: paperless-client-secret
|