apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: authentik namespace: authentik labels: needsDatabase: "yes" spec: interval: 5m chart: spec: chart: authentik version: 2023.3.1 sourceRef: kind: HelmRepository name: authentik-charts namespace: flux-system values: containerSecurityContext: &securityContext runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch worker: containerSecurityContext: *securityContext geoip: containerSecurityContext: *securityContext authentik: # secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}" # This sends anonymous usage-data, stack traces on errors and # performance data to sentry.beryju.org, and is fully opt-in #log_level: debug error_reporting: enabled: true environment: "k3s" postgresql: host: "postgresql.database" name: "authentik" # database name user: "authentik" # password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}" # port: 5432 redis: host: "redis-master.database" # password: "${SECRET_DATABASE_REDIS_PASS}" env: AUTHENTIK_HOST: *host AUTHENTIK_HOST_BROWSER: *host envValueFrom: AUTHENTIK_SECRET_KEY: secretKeyRef: key: authentikSecretKey name: authentik-secrets AUTHENTIK_POSTGRESQL__PASSWORD: secretKeyRef: key: pgsqlUserPassword name: authentik-secrets AUTHENTIK_REDIS__PASSWORD: secretKeyRef: key: redisUserPassword name: authentik-secrets ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "auth.${SECRET_NEW_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - *host secretName: wildcard-main-tls monitoring: enabled: false # temporarily disable monitoring