k3s-cluster/cluster/apps/authentik/helm-release.yaml

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: authentik
  namespace: authentik
  labels:
    needsDatabase: "yes"
spec:
  interval: 5m
  chart:
    spec:
      chart: authentik
      version: 2023.3.1
      sourceRef:
        kind: HelmRepository
        name: authentik-charts
        namespace: flux-system
  values:
    authentik:
#      secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
      # This sends anonymous usage-data, stack traces on errors and
      # performance data to sentry.beryju.org, and is fully opt-in
      #log_level: debug
      error_reporting:
        enabled: true
        environment: "k3s"
      postgresql:
        host: "postgresql.database"
        name: "authentik" # database name
        user: "k3spostgresql"
#        password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
#        port: 5432
      redis:
        host: "redis-master.database"
#        password: "${SECRET_DATABASE_REDIS_PASS}"
    
    env:
      AUTHENTIK_HOST: https://auth.${SECRET_NEW_DOMAIN}
      AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_NEW_DOMAIN}
    
    envValueFrom:
      AUTHENTIK_SECRET_KEY:
        secretKeyRef:
          key: authentikSecretKey
          name: authentik-secrets
      AUTHENTIK_POSTGRESQL__PASSWORD:
        secretKeyRef:
          key: pgsqlUserPassword
          name: authentik-secrets
      AUTHENTIK_REDIS__PASSWORD:
        secretKeyRef:
          key: redisUserPassword
          name: authentik-secrets

    ingress:
      enabled: true
      annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-production"
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
      hosts:
        - host: auth.${SECRET_NEW_DOMAIN}
          paths:
            - path: "/"
              pathType: Prefix

    monitoring:
      enabled: false # temporarily disable monitoring