Feat/authentik media volume by FreekingDean · Pull Request #2101 · FreekingDean/homelab

FreekingDean · 2026-03-11T13:33:20Z

Adds authentik logos & assets

Add git-sync sidecar to server and worker pods that syncs the assets directory from the homelab repo into /media via sparse checkout. This allows custom branding logos to be managed in git. Co-Authored-By: Claude Opus 4.6 <[email protected]>

Co-Authored-By: Claude Opus 4.6 <[email protected]>

github-actions · 2026-03-11T13:34:11Z

--- kubernetes/apps/auth/authentik/app Kustomization: flux-system/cluster-apps-authentik HelmRelease: auth/authentik

+++ kubernetes/apps/auth/authentik/app Kustomization: flux-system/cluster-apps-authentik HelmRelease: auth/authentik

@@ -61,12 +61,27 @@

       envFrom:
       - secretRef:
           name: authentik-external
     postgresql:
       enabled: false
     server:
+      extraContainers:
+      - args:
+        - --repo=https://github.com/FreekingDean/homelab
+        - --ref=main
+        - --root=/media
+        - --link=current
+        - --period=60s
+        - --sparse-checkout-file=/etc/git-sync/sparse-checkout
+        image: registry.k8s.io/git-sync/git-sync:v4.4.1
+        name: git-sync
+        volumeMounts:
+        - mountPath: /media
+          name: media
+        - mountPath: /etc/git-sync
+          name: git-sync-sparse
       ingress:
         annotations:
           hajimari.io/icon: mdi:shield-lock
           public.ingress.home.arpa: 'true'
         enabled: true
         hosts:
@@ -78,13 +93,46 @@

           secretName: deangalvin-dev-production-tls
       metrics:
         enabled: true
         serviceMonitor:
           enabled: true
       replicas: 2
+      volumeMounts:
+      - mountPath: /media
+        name: media
+      volumes:
+      - emptyDir: {}
+        name: media
+      - configMap:
+          name: authentik-git-sync-sparse
+        name: git-sync-sparse
     worker:
+      extraContainers:
+      - args:
+        - --repo=https://github.com/FreekingDean/homelab
+        - --ref=main
+        - --root=/media
+        - --link=current
+        - --period=60s
+        - --sparse-checkout-file=/etc/git-sync/sparse-checkout
+        image: registry.k8s.io/git-sync/git-sync:v4.4.1
+        name: git-sync
+        volumeMounts:
+        - mountPath: /media
+          name: media
+        - mountPath: /etc/git-sync
+          name: git-sync-sparse
       metrics:
         enabled: true
         serviceMonitor:
           enabled: true
       replicas: 2
+      volumeMounts:
+      - mountPath: /media
+        name: media
+      volumes:
+      - emptyDir: {}
+        name: media
+      - configMap:
+          name: authentik-git-sync-sparse
+        name: git-sync-sparse
 
--- kubernetes/apps/auth/authentik/app Kustomization: flux-system/cluster-apps-authentik ConfigMap: auth/authentik-git-sync-sparse

+++ kubernetes/apps/auth/authentik/app Kustomization: flux-system/cluster-apps-authentik ConfigMap: auth/authentik-git-sync-sparse

@@ -0,0 +1,13 @@

+---
+apiVersion: v1
+data:
+  sparse-checkout: |
+    kubernetes/apps/auth/authentik/assets
+kind: ConfigMap
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps-authentik
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: authentik-git-sync-sparse
+  namespace: auth
+

github-actions · 2026-03-11T13:34:15Z

--- HelmRelease: auth/authentik Deployment: auth/authentik-server

+++ HelmRelease: auth/authentik Deployment: auth/authentik-server

@@ -58,12 +58,15 @@

           value: 0.0.0.0:9300
         envFrom:
         - secretRef:
             name: authentik
         - secretRef:
             name: authentik-external
+        volumeMounts:
+        - mountPath: /media
+          name: media
         ports:
         - name: http
           containerPort: 9000
           protocol: TCP
         - name: https
           containerPort: 9443
@@ -96,19 +99,39 @@

             port: http
           initialDelaySeconds: 5
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 3
         resources: {}
+      - args:
+        - --repo=https://github.com/FreekingDean/homelab
+        - --ref=main
+        - --root=/media
+        - --link=current
+        - --period=60s
+        - --sparse-checkout-file=/etc/git-sync/sparse-checkout
+        image: registry.k8s.io/git-sync/git-sync:v4.4.1
+        name: git-sync
+        volumeMounts:
+        - mountPath: /media
+          name: media
+        - mountPath: /etc/git-sync
+          name: git-sync-sparse
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
           - weight: 100
             podAffinityTerm:
               labelSelector:
                 matchLabels:
                   app.kubernetes.io/name: authentik
                   app.kubernetes.io/instance: authentik
                   app.kubernetes.io/component: server
               topologyKey: kubernetes.io/hostname
+      volumes:
+      - emptyDir: {}
+        name: media
+      - configMap:
+          name: authentik-git-sync-sparse
+        name: git-sync-sparse
       enableServiceLinks: true
 
--- HelmRelease: auth/authentik Deployment: auth/authentik-worker

+++ HelmRelease: auth/authentik Deployment: auth/authentik-worker

@@ -57,12 +57,15 @@

           value: 0.0.0.0:9300
         envFrom:
         - secretRef:
             name: authentik
         - secretRef:
             name: authentik-external
+        volumeMounts:
+        - mountPath: /media
+          name: media
         ports:
         - name: http
           containerPort: 9000
           protocol: TCP
         - name: metrics
           containerPort: 9300
@@ -95,19 +98,39 @@

           failureThreshold: 60
           initialDelaySeconds: 30
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 3
         resources: {}
+      - args:
+        - --repo=https://github.com/FreekingDean/homelab
+        - --ref=main
+        - --root=/media
+        - --link=current
+        - --period=60s
+        - --sparse-checkout-file=/etc/git-sync/sparse-checkout
+        image: registry.k8s.io/git-sync/git-sync:v4.4.1
+        name: git-sync
+        volumeMounts:
+        - mountPath: /media
+          name: media
+        - mountPath: /etc/git-sync
+          name: git-sync-sparse
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
           - weight: 100
             podAffinityTerm:
               labelSelector:
                 matchLabels:
                   app.kubernetes.io/name: authentik
                   app.kubernetes.io/instance: authentik
                   app.kubernetes.io/component: worker
               topologyKey: kubernetes.io/hostname
+      volumes:
+      - emptyDir: {}
+        name: media
+      - configMap:
+          name: authentik-git-sync-sparse
+        name: git-sync-sparse
       enableServiceLinks: true

This reverts commit ddadd90.

FreekingDean and others added 2 commits March 11, 2026 09:30

feat(authentik): add deanslab logo asset

9d14d6d

Co-Authored-By: Claude Opus 4.6 <[email protected]>

github-actions bot added the area/kubernetes label Mar 11, 2026

Adds ico

9271bae

FreekingDean merged commit ddadd90 into main Mar 11, 2026
4 checks passed

FreekingDean added a commit that referenced this pull request Mar 11, 2026

Revert "Feat/authentik media volume (#2101)"

0583b4b

This reverts commit ddadd90.

FreekingDean mentioned this pull request Mar 11, 2026

Revert "Feat/authentik media volume" #2102

Merged

FreekingDean added a commit that referenced this pull request Mar 11, 2026

Revert "Feat/authentik media volume (#2101)" (#2102)

cbaef13

This reverts commit ddadd90.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feat/authentik media volume#2101

Feat/authentik media volume#2101
FreekingDean merged 3 commits intomainfrom
feat/authentik-media-volume

FreekingDean commented Mar 11, 2026

Uh oh!

github-actions bot commented Mar 11, 2026

Uh oh!

github-actions bot commented Mar 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

FreekingDean commented Mar 11, 2026

Uh oh!

github-actions bot commented Mar 11, 2026

Uh oh!

github-actions bot commented Mar 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant