105 lines
2.6 KiB
YAML
105 lines
2.6 KiB
YAML
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: authentik
|
|
namespace: authentik
|
|
labels:
|
|
needsDatabase: "yes"
|
|
spec:
|
|
interval: 5m
|
|
chart:
|
|
spec:
|
|
chart: authentik
|
|
version: 2024.10.4
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: authentik-charts
|
|
namespace: flux-system
|
|
dependsOn:
|
|
- name: redis
|
|
namespace: database
|
|
values:
|
|
global:
|
|
env:
|
|
- name: AUTHENTIK_HOST
|
|
value: &host "auth.${SECRET_NEW_DOMAIN}"
|
|
- name: AUTHENTIK_HOST_BROWSER
|
|
value: *host
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: authentikSecretKey
|
|
name: authentik-secrets
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: pgsqlUserPassword
|
|
name: authentik-secrets
|
|
- name: AUTHENTIK_REDIS__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: redisUserPassword
|
|
name: authentik-secrets
|
|
|
|
server:
|
|
# containerSecurityContext: &securityContext
|
|
# runAsUser: 10000
|
|
# runAsGroup: 10000
|
|
# fsGroup: 10000
|
|
# fsGroupChangePolicy: OnRootMismatch
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
hosts:
|
|
- *host
|
|
paths:
|
|
- /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- *host
|
|
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
labels:
|
|
release: kube-prometheus-stack
|
|
|
|
prometheus:
|
|
rules:
|
|
enabled: true
|
|
|
|
# worker:
|
|
# containerSecurityContext: *securityContext
|
|
#
|
|
# geoip:
|
|
# containerSecurityContext: *securityContext
|
|
|
|
authentik:
|
|
# This sends anonymous usage-data, stack traces on errors and
|
|
# performance data to sentry.beryju.org, and is fully opt-in
|
|
log_level: debug
|
|
error_reporting:
|
|
enabled: true
|
|
environment: "k3s"
|
|
postgresql:
|
|
host: "postgres16-rw.database.svc"
|
|
name: "authentik" # database name
|
|
user: "authentik"
|
|
redis:
|
|
host: "redis-master.database"
|
|
|
|
email:
|
|
host: exim.default
|
|
port: 8025
|
|
username: ""
|
|
password: ""
|
|
use_tls: false
|
|
use_ssl: false
|
|
timeout: 30
|
|
from: karasu@${SECRET_NEW_DOMAIN} |