valinor/kubernetes/apps/security/authentik/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: authentik
  namespace: security
spec:
  interval: 30m
  chart:
    spec:
      chart: authentik
      version: 2023.8.3
      interval: 30m
      sourceRef:
        kind: HelmRepository
        name: authentik
        namespace: flux-system
  values:
    annotations:
      secret.reloader.stakater.com/reload: authentik-secret,authentik-pguser-authentik,authentik-redis-secret

    authentik:
      log_level: info
      email:
        port: 587
        use_tls: true
      error_reporting:
        enabled: false
        send_pii: false
      redis:
        host: "authentik-redis.security.svc.cluster.local"
        password: ""

    envValueFrom:
      AUTHENTIK_SECRET_KEY:
        secretKeyRef:
          name: authentik-secret
          key: authentik_secret_key
      AUTHENTIK_EMAIL__HOST:
        secretKeyRef:
          name: authentik-secret
          key: authentik_email_host
      AUTHENTIK_EMAIL__USERNAME:
        secretKeyRef:
          name: authentik-secret
          key: authentik_email_username
      AUTHENTIK_EMAIL__PASSWORD:
        secretKeyRef:
          name: authentik-secret
          key: authentik_email_password
      AUTHENTIK_EMAIL__FROM:
        secretKeyRef:
          name: authentik-secret
          key: authentik_email_from
      AUTHENTIK_POSTGRESQL__HOST:
        secretKeyRef:
          name: authentik-pguser-authentik
          key: host
      AUTHENTIK_POSTGRESQL__NAME:
        secretKeyRef:
          name: authentik-pguser-authentik
          key: dbname
      AUTHENTIK_POSTGRESQL__USER:
        secretKeyRef:
          name: authentik-pguser-authentik
          key: user
      AUTHENTIK_POSTGRESQL__PASSWORD:
        secretKeyRef:
          name: authentik-pguser-authentik
          key: password
      AUTHENTIK_REDIS__PASSWORD:
        secretKeyRef:
          name: authentik-redis-secret
          key: AUTHENTIK_REDIS_PASSWORD

    ingress:
      enabled: true
      ingressClassName: nginx
      annotations:
        external-dns.alpha.kubernetes.io/target: ingress.hsn.dev
        nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
        nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
      hosts:
        - host: &host authentik.hsn.dev
          paths:
            - path: /
      tls:
        - hosts:
            - *host

    postgresql:
      enabled: false

    prometheus:
      rules:
        create: true
      serviceMonitor:
        create: true

    redis:
      enabled: false
Adding authentik. 2023-10-06 15:40:53 -05:00			`---`
			`# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json`
			`apiVersion: helm.toolkit.fluxcd.io/v2beta1`
			`kind: HelmRelease`
			`metadata:`
			`name: authentik`
			`namespace: security`
			`spec:`
			`interval: 30m`
			`chart:`
			`spec:`
			`chart: authentik`
			`version: 2023.8.3`
			`interval: 30m`
			`sourceRef:`
			`kind: HelmRepository`
			`name: authentik`
			`namespace: flux-system`
			`values:`
			`annotations:`
			`secret.reloader.stakater.com/reload: authentik-secret,authentik-pguser-authentik,authentik-redis-secret`

			`authentik:`
			`log_level: info`
			`email:`
			`port: 587`
			`use_tls: true`
			`error_reporting:`
			`enabled: false`
			`send_pii: false`
			`redis:`
			`host: "authentik-redis.security.svc.cluster.local"`
			`password: ""`

			`envValueFrom:`
			`AUTHENTIK_SECRET_KEY:`
			`secretKeyRef:`
			`name: authentik-secret`
			`key: authentik_secret_key`
			`AUTHENTIK_EMAIL__HOST:`
			`secretKeyRef:`
			`name: authentik-secret`
			`key: authentik_email_host`
			`AUTHENTIK_EMAIL__USERNAME:`
			`secretKeyRef:`
			`name: authentik-secret`
			`key: authentik_email_username`
			`AUTHENTIK_EMAIL__PASSWORD:`
			`secretKeyRef:`
			`name: authentik-secret`
			`key: authentik_email_password`
			`AUTHENTIK_EMAIL__FROM:`
			`secretKeyRef:`
			`name: authentik-secret`
			`key: authentik_email_from`
			`AUTHENTIK_POSTGRESQL__HOST:`
			`secretKeyRef:`
			`name: authentik-pguser-authentik`
			`key: host`
			`AUTHENTIK_POSTGRESQL__NAME:`
			`secretKeyRef:`
			`name: authentik-pguser-authentik`
			`key: dbname`
			`AUTHENTIK_POSTGRESQL__USER:`
			`secretKeyRef:`
			`name: authentik-pguser-authentik`
			`key: user`
			`AUTHENTIK_POSTGRESQL__PASSWORD:`
			`secretKeyRef:`
			`name: authentik-pguser-authentik`
			`key: password`
			`AUTHENTIK_REDIS__PASSWORD:`
			`secretKeyRef:`
			`name: authentik-redis-secret`
			`key: AUTHENTIK_REDIS_PASSWORD`

			`ingress:`
			`enabled: true`
			`ingressClassName: nginx`
			`annotations:`
			`external-dns.alpha.kubernetes.io/target: ingress.hsn.dev`
			`nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"`
			`nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"`
			`hosts:`
			`- host: &host authentik.hsn.dev`
			`paths:`
			`- path: /`
			`tls:`
			`- hosts:`
			`- *host`

			`postgresql:`
			`enabled: false`

			`prometheus:`
			`rules:`
			`create: true`
			`serviceMonitor:`
			`create: true`

			`redis:`
			`enabled: false`