eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/argocd/manifests/authentik/kustomization.yaml
Erich Blume fd0bebb0fc
All checks were successful
Build Container / detect (push) Successful in 3s
Details
Build Container / build-dockerfile (alloy) (push) Successful in 12s
Details
Build Container / build-dockerfile (ntfy) (push) Successful in 11s
Details
Build Container / build-nix (alloy) (push) Successful in 20s
Details
Build Container / build-nix (authentik) (push) Successful in 6m10s
Details
Build Container / build-nix (authentik-redis) (push) Successful in 20s
Details
Build Container / build-nix (ntfy) (push) Successful in 6s
Details
Localize authentik-redis container (#309) 
## Summary

- Replace upstream `docker.io/library/redis:7-alpine` (Redis 7.4.8) with a nix-built container using Redis 8.2.3 from nixpkgs
- Introduce **attached service pattern**: `parent` field in service-versions.yaml, `<parent>-<component>` naming convention, and `assert pkgs.redis.version == version` in default.nix to prevent silent version drift on `flake.lock` updates
- Document the pattern in [[review-services]] so future attached services slot in cleanly
- Backfill `parent: grafana` on existing `grafana-sidecar` entry

## Version drift protection

1. `flake.lock` update bumps nixpkgs redis → `assert` in `default.nix` breaks `nix-build`
2. Developer updates `version` in `default.nix` → prek's `container-version-check` demands matching `service-versions.yaml` update
3. Both must agree before commit succeeds

## Test plan

- [ ] Build container from branch on ringtail (`mise run container-build-and-release authentik-redis`)
- [ ] Update kustomization `newTag` to branch-built image tag
- [ ] Sync authentik ArgoCD app from branch (`argocd app set authentik --revision localize-redis && argocd app sync authentik`)
- [ ] Verify Authentik login, session persistence, and task queue still work
- [ ] After merge: C0 follow-up to update `newTag` to the main-built image tag

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #309
2026-03-24 13:27:36 -07:00

19 lines
507 B
YAML
Raw Blame History

---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: authentik
resources:
- external-secret.yaml
- configmap-blueprint.yaml
- deployment-server.yaml
- deployment-worker.yaml
- deployment-redis.yaml
- service.yaml
- service-redis.yaml
- ingress-tailscale.yaml
images:
- name: registry.ops.eblu.me/blumeops/authentik
newTag: v2026.2.0-2d4098e-nix
- name: docker.io/library/redis
newName: registry.ops.eblu.me/blumeops/authentik-redis
newTag: 7-alpine
Reference in a new issue View git blame Copy permalink