This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
app/apps/overlays/uat/authentik-terraform.yaml
T
Test User daf8a7bd56 fix(GRO-693): add UAT Terraform infrastructure with correct GitRepository
- Add terraform workspace at apps/overlays/uat/terraform/ (backend.tf,
  main.tf, variables.tf, users.tf, imports.tf, terraform.tfvars)
- Add Terraform CRD (authentik-terraform.yaml) with correct path
  ./apps/overlays/uat/terraform relative to groombook/app repo root
- Add GitRepository CRD (gitrepository-groombook.yaml) pointing to
  groombook/app at fix/gro-844-network-policy branch (NOT groombook/infra
  which no longer exists)
- Add kustomization.yaml to tie it together

Root cause: the GitRepository was pointing to https://github.com/groombook/infra
which no longer exists, and the terraform files were not committed to the
current repository at the correct path.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-21 19:55:35 +00:00

54 lines
1.8 KiB
YAML

# =============================================================================
# Terraform CRD for Flux ToFu Controller — Authentik groombook-uat
# =============================================================================
# This CRD tells the Flux ToFu Controller to reconcile the Terraform
# workspace at apps/overlays/uat/terraform/
#
# The ToFu Controller will:
# 1. Clone the groombook/app GitRepository
# 2. Run tofu init + tofu plan/apply in the specified path
# 3. Store Terraform state in a Kubernetes secret (backend.tf)
# 4. Inject TF_VAR_authentik_token from the authentik-credentials secret
# via tf-controller varsFrom (maps secret key to Terraform variable)
#
# ApiVersion: infra.contrib.fluxcd.io/v1alpha2 (tf-controller)
# =============================================================================
apiVersion: infra.contrib.fluxcd.io/v1alpha2
kind: Terraform
metadata:
name: authentik-uat
namespace: groombook-uat
labels:
app.kubernetes.io/name: authentik
app.kubernetes.io/part-of: groombook
app.kubernetes.io/env: uat
spec:
# Reconcile every hour
interval: 1h
# Path within the GitRepository (groombook/app)
path: ./apps/overlays/uat/terraform
# Source reference — must match the GitRepository name watching this repo
sourceRef:
kind: GitRepository
name: groombook
# Auto-approve plans (no manual intervention needed for infrastructure)
approvePlan: "auto"
# Clean up Terraform resources when this CRD is deleted
destroyResourcesOnDeletion: true
# Inject TF_VAR_authentik_token from the sealed secret via tf-controller varsFrom
# (maps secret key "authentik_token" to Terraform var.authentik_token)
varsFrom:
- kind: Secret
name: authentik-credentials
- kind: Secret
name: authentik-uat-users-credentials
runnerPodTemplate:
spec: {}