apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: authentik namespace: authentik labels: needsDatabase: "yes" spec: interval: 5m chart: spec: chart: authentik version: 2023.3.1 sourceRef: kind: HelmRepository name: authentik-charts namespace: flux-system values: authentik: # secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}" # This sends anonymous usage-data, stack traces on errors and # performance data to sentry.beryju.org, and is fully opt-in #log_level: debug error_reporting: enabled: true environment: "k3s" postgresql: host: "postgresql.database" name: "authentik" # database name user: "k3spostgresql" # password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}" # port: 5432 redis: host: "redis-master.database" # password: "${SECRET_DATABASE_REDIS_PASS}" env: AUTHENTIK_HOST: https://auth.${SECRET_NEW_DOMAIN} AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_NEW_DOMAIN} envValueFrom: AUTHENTIK_SECRET_KEY: secretKeyRef: key: authentikSecretKey name: authentik-secrets AUTHENTIK_POSTGRESQL__PASSWORD: secretKeyRef: key: pgsqlUserPassword name: authentik-secrets AUTHENTIK_REDIS__PASSWORD: secretKeyRef: key: redisUserPassword name: authentik-secrets ingress: enabled: true annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "auth.${SECRET_NEW_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - *host secretName: wildcard-main-tls monitoring: enabled: false # temporarily disable monitoring