k3s-cluster/kubernetes/main/apps/authentik/app/helm-release.yaml

105 lines
2.7 KiB
YAML
Raw Permalink Normal View History

# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
2023-04-07 03:01:51 +00:00
kind: HelmRelease
metadata:
2023-04-07 03:05:39 +00:00
name: authentik
2023-04-07 03:01:51 +00:00
namespace: authentik
2023-04-07 03:29:26 +00:00
labels:
needsDatabase: "yes"
2023-04-07 03:01:51 +00:00
spec:
interval: 5m
chart:
spec:
chart: authentik
version: 2024.10.4
2023-04-07 03:01:51 +00:00
sourceRef:
kind: HelmRepository
name: authentik-charts
namespace: flux-system
dependsOn:
- name: redis
namespace: database
2023-04-07 03:01:51 +00:00
values:
global:
env:
- name: AUTHENTIK_HOST
value: http://authentik-server.authentik.svc
- name: AUTHENTIK_HOST_BROWSER
value: "https://auth.${SECRET_NEW_DOMAIN}"
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
key: authentikSecretKey
name: authentik-secrets
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
key: pgsqlUserPassword
name: authentik-secrets
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
key: redisUserPassword
name: authentik-secrets
server:
# containerSecurityContext: &securityContext
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
2023-06-02 02:26:42 +00:00
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- &host "auth.${SECRET_NEW_DOMAIN}"
paths:
- /
pathType: Prefix
tls:
- hosts:
- *host
metrics:
enabled: true
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
prometheus:
rules:
enabled: true
2023-06-02 02:26:42 +00:00
# worker:
# containerSecurityContext: *securityContext
#
# geoip:
# containerSecurityContext: *securityContext
2023-06-02 02:26:42 +00:00
2023-04-07 03:01:51 +00:00
authentik:
# This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.beryju.org, and is fully opt-in
log_level: debug
2023-04-07 03:01:51 +00:00
error_reporting:
enabled: true
2023-04-07 03:55:48 +00:00
environment: "k3s"
2023-04-07 03:01:51 +00:00
postgresql:
host: "postgres16-rw.database.svc"
2023-04-07 04:31:17 +00:00
name: "authentik" # database name
user: "authentik"
2023-04-07 03:01:51 +00:00
redis:
2024-06-05 22:19:29 +00:00
host: "redis-master.database"
email:
host: exim.default
port: 8025
username: ""
password: ""
use_tls: false
2024-06-05 22:38:16 +00:00
use_ssl: false
2024-06-05 22:19:29 +00:00
timeout: 30
from: karasu@${SECRET_NEW_DOMAIN}