2023-04-07 03:01:51 +00:00
|
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
|
|
kind: HelmRelease
|
|
|
|
metadata:
|
2023-04-07 03:05:39 +00:00
|
|
|
name: authentik
|
2023-04-07 03:01:51 +00:00
|
|
|
namespace: authentik
|
2023-04-07 03:29:26 +00:00
|
|
|
labels:
|
|
|
|
needsDatabase: "yes"
|
2023-04-07 03:01:51 +00:00
|
|
|
spec:
|
|
|
|
interval: 5m
|
|
|
|
chart:
|
|
|
|
spec:
|
|
|
|
chart: authentik
|
|
|
|
version: 2023.3.1
|
|
|
|
sourceRef:
|
|
|
|
kind: HelmRepository
|
|
|
|
name: authentik-charts
|
|
|
|
namespace: flux-system
|
|
|
|
values:
|
|
|
|
authentik:
|
2023-04-07 05:20:41 +00:00
|
|
|
# secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
|
2023-04-07 03:01:51 +00:00
|
|
|
# This sends anonymous usage-data, stack traces on errors and
|
|
|
|
# performance data to sentry.beryju.org, and is fully opt-in
|
2023-04-08 05:59:30 +00:00
|
|
|
#log_level: debug
|
2023-04-07 03:01:51 +00:00
|
|
|
error_reporting:
|
|
|
|
enabled: true
|
2023-04-07 03:55:48 +00:00
|
|
|
environment: "k3s"
|
2023-04-07 03:01:51 +00:00
|
|
|
postgresql:
|
|
|
|
host: "postgresql.database"
|
2023-04-07 04:31:17 +00:00
|
|
|
name: "authentik" # database name
|
2023-04-07 04:49:39 +00:00
|
|
|
user: "k3spostgresql"
|
|
|
|
# password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
|
|
|
|
# port: 5432
|
2023-04-07 03:01:51 +00:00
|
|
|
redis:
|
|
|
|
host: "redis-master.database"
|
2023-04-07 04:49:39 +00:00
|
|
|
# password: "${SECRET_DATABASE_REDIS_PASS}"
|
|
|
|
|
2023-04-08 16:54:28 +00:00
|
|
|
env:
|
2023-04-11 03:55:28 +00:00
|
|
|
AUTHENTIK_HOST: https://auth.${SECRET_NEW_DOMAIN}
|
|
|
|
AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_NEW_DOMAIN}
|
2023-04-07 04:49:39 +00:00
|
|
|
|
|
|
|
envValueFrom:
|
2023-04-07 04:51:13 +00:00
|
|
|
AUTHENTIK_SECRET_KEY:
|
|
|
|
secretKeyRef:
|
|
|
|
key: authentikSecretKey
|
|
|
|
name: authentik-secrets
|
2023-04-07 04:49:39 +00:00
|
|
|
AUTHENTIK_POSTGRESQL__PASSWORD:
|
|
|
|
secretKeyRef:
|
|
|
|
key: pgsqlUserPassword
|
|
|
|
name: authentik-secrets
|
|
|
|
AUTHENTIK_REDIS__PASSWORD:
|
|
|
|
secretKeyRef:
|
|
|
|
key: redisUserPassword
|
|
|
|
name: authentik-secrets
|
2023-04-07 03:01:51 +00:00
|
|
|
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
2023-04-07 03:21:01 +00:00
|
|
|
annotations:
|
|
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
2023-04-07 03:01:51 +00:00
|
|
|
hosts:
|
2023-04-13 05:21:06 +00:00
|
|
|
- host: &host "auth.${SECRET_NEW_DOMAIN}"
|
2023-04-07 03:01:51 +00:00
|
|
|
paths:
|
2023-04-13 05:21:06 +00:00
|
|
|
- path: /
|
2023-04-07 03:55:48 +00:00
|
|
|
pathType: Prefix
|
2023-04-13 05:21:06 +00:00
|
|
|
tls:
|
|
|
|
- hosts:
|
|
|
|
- *host
|
|
|
|
secretName: wildcard-main-tls
|
2023-04-07 04:31:17 +00:00
|
|
|
|
2023-04-07 03:55:48 +00:00
|
|
|
monitoring:
|
|
|
|
enabled: false # temporarily disable monitoring
|