authentik

2026-02-05 05:19:59 +00:00 · 2025-06-09 18:04:34 -04:00
parent 6749d92a43
commit 073e66ea82
10 changed files with 129 additions and 46 deletions
--- a/apps/authentik/release.yaml
+++ b/apps/authentik/release.yaml
@@ -0,0 +1,60 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: authentik
+  namespace: authentik
+spec:
+  chart:
+    spec:
+      chart: authentik
+      version: 2025.6.1
+      sourceRef:
+        kind: HelmRepository
+        name: authentik
+  interval: 15m
+  releaseName: immich
+  values:
+    authentik:
+      secret_key: file:///secret-key/key
+      postgresql:
+        host: authentik-postgres-rw
+        user: file:///postgres-creds/username
+        password: file:///postgres-creds/password
+    server:
+      ingress:
+        enabled: true
+        ingressClassName: traefik
+        annotations:
+          traefik.ingress.kubernetes.io/router.tls: "true"
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+          - authentik.michaelthomson.dev
+        tls:
+          - secretName: letsencrypt-wildcard-cert-michaelthomson.dev
+            hosts:
+              - authentik.michaelthomson.dev
+      volumes:
+        - name: postgres-creds
+          secret:
+            secretName: authentik-postgres-credentials
+        - name: secret-key
+          secret:
+            secretName: authentik-secret-key
+      volumeMounts:
+        - name: postgres-creds
+          mountPath: /postgres-creds
+          readOnly: true
+        - name: secret-key
+          mountPath: /secret-key
+          readOnly: true
+    worker:
+      volumes:
+        - name: postgres-creds
+          secret:
+            secretName: authentik-postgres-credentials
+      volumeMounts:
+        - name: postgres-creds
+          mountPath: /postgres-creds
+          readOnly: true
+    redis:
+      enabled: true