gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement S3 media storage for Authentik by adding configuration options for dedicated S3 bucket and credentials. Update README and default values to clarify usage and requirements for S3 integration, ensuring compatibility with Velero settings. Enhance Ansible tasks to load S3 configurations from the environment.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 20:07:52 -04:00
parent 57a149b3d2
commit e48b19b64c
8 changed files with 186 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
clusters/noble/bootstrap/authentik/values.yaml
View File

@@ -11,23 +11,8 @@
# helm upgrade --install authentik goauthentik/authentik -n authentik --create-namespace \
# --version 2026.2.3 -f clusters/noble/bootstrap/authentik/values.yaml -f /path/to/extra.yaml --wait
#
# **Media / uploads:** PVC **`authentik-data`** at **`/data`** is mounted on **server only**. Longhorn **RWO** allows
# a single attachment — the same PVC on **server** and **worker** causes **Multi-Attach** errors. For shared media from
# workers, use **S3** or an **RWX** StorageClass (e.g. **`longhorn-rwx`** when installed) and **ReadWriteMany** on the PVC.
additionalObjects:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: authentik-data
namespace: "{{ .Release.Namespace }}"
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 10Gi
# **Media / uploads:** **S3** (same endpoint/credentials pattern as **Velero** — see **ansible/roles/noble_authentik** and **.env.sample**).
# Ansible sets **`AUTHENTIK_STORAGE__BACKEND=s3`** in **`authentik-extra-values.yaml.j2`**; use a **dedicated** media bucket, not the Velero backup bucket.
postgresql:
enabled: true
@@ -51,13 +36,6 @@ authentik:
server:
replicas: 1
volumes:
- name: authentik-data
persistentVolumeClaim:
claimName: authentik-data
volumeMounts:
- name: authentik-data
mountPath: /data
ingress:
enabled: true
ingressClassName: traefik

2
clusters/noble/bootstrap/velero/README.md
View File

@@ -19,6 +19,8 @@ Ansible-managed core stack — **not** reconciled by Argo CD (`clusters/noble/ap
4. **S3-compatible** endpoint (MinIO, VersityGW, AWS, etc.) and a **bucket**.
5. **Authentik** (when **`noble_authentik_install=true`**) can reuse the **same** S3 endpoint and access-key credentials for a **separate** media bucket (**`NOBLE_AUTHENTIK_MEDIA_S3_BUCKET`**); see **`ansible/roles/noble_authentik/README.md`**.
## Credentials Secret
Velero expects **`velero/velero-cloud-credentials`**, key **`cloud`**, in **INI** form for the AWS plugin: