k3s-cluster/cluster/apps/authentik/helm-release.yaml

70 lines
1.8 KiB
YAML
Raw Normal View History

2023-04-07 03:01:51 +00:00
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
2023-04-07 03:05:39 +00:00
name: authentik
2023-04-07 03:01:51 +00:00
namespace: authentik
2023-04-07 03:29:26 +00:00
labels:
needsDatabase: "yes"
2023-04-07 03:01:51 +00:00
spec:
interval: 5m
chart:
spec:
chart: authentik
version: 2023.3.1
sourceRef:
kind: HelmRepository
name: authentik-charts
namespace: flux-system
values:
authentik:
2023-04-07 05:20:41 +00:00
# secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
2023-04-07 03:01:51 +00:00
# This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.beryju.org, and is fully opt-in
2023-04-08 05:59:30 +00:00
#log_level: debug
2023-04-07 03:01:51 +00:00
error_reporting:
enabled: true
2023-04-07 03:55:48 +00:00
environment: "k3s"
2023-04-07 03:01:51 +00:00
postgresql:
host: "postgresql.database"
2023-04-07 04:31:17 +00:00
name: "authentik" # database name
user: "k3spostgresql"
# password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
# port: 5432
2023-04-07 03:01:51 +00:00
redis:
host: "redis-master.database"
# password: "${SECRET_DATABASE_REDIS_PASS}"
2023-04-08 16:54:28 +00:00
env:
2023-04-11 03:55:28 +00:00
AUTHENTIK_HOST: https://auth.${SECRET_NEW_DOMAIN}
AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_NEW_DOMAIN}
envValueFrom:
2023-04-07 04:51:13 +00:00
AUTHENTIK_SECRET_KEY:
secretKeyRef:
key: authentikSecretKey
name: authentik-secrets
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: pgsqlUserPassword
name: authentik-secrets
AUTHENTIK_REDIS__PASSWORD:
secretKeyRef:
key: redisUserPassword
name: authentik-secrets
2023-04-07 03:01:51 +00:00
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
2023-04-07 03:01:51 +00:00
hosts:
2023-04-13 05:21:06 +00:00
- host: &host "auth.${SECRET_NEW_DOMAIN}"
2023-04-07 03:01:51 +00:00
paths:
2023-04-13 05:21:06 +00:00
- path: /
2023-04-07 03:55:48 +00:00
pathType: Prefix
2023-04-13 05:21:06 +00:00
tls:
- hosts:
- *host
secretName: wildcard-main-tls
2023-04-07 04:31:17 +00:00
2023-04-07 03:55:48 +00:00
monitoring:
enabled: false # temporarily disable monitoring