apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: authentik
  namespace: authentik
spec:
  chart:
    spec:
      chart: authentik
      version: 2024.8.3
      sourceRef:
        kind: HelmRepository
        name: authentik
        namespace: flux-system
  interval: 15m
  timeout: 5m
  releaseName: authentik
  values:
    global:
      env:
        - name: AUTHENTIK_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: authentik-secret-key
              key: AUTHENTIK_SECRET_KEY
        - name: AUTHENTIK_POSTGRESQL__PASSWORD
          valueFrom:
            secretKeyRef:
              name: authentik-postgresql-password
              key: AUTHENTIK_POSTGRESQL__PASSWORD
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: authentik-postgresql-password
              key: AUTHENTIK_POSTGRESQL__PASSWORD
        - name: AUTHENTIK_EMAIL__PASSWORD
          valueFrom:
            secretKeyRef:
              name: authentik-email-password
              key: AUTHENTIK_EMAIL__PASSWORD

    server:
      ingress:
        enabled: true
        ingressClassName: traefik
        annotations:
          traefik.ingress.kubernetes.io/router.tls: "true"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - authentik.michaelthomson.dev
        tls:
          - secretName: letsencrypt-wildcard-cert-michaelthomson.dev
            hosts:
              - authentik.michaelthomson.dev

    postgresql:
      enabled: true
      auth:
        existingSecret: authentik-postgresql-password
        secretKeys:
          adminPasswordKey: AUTHENTIK_POSTGRESQL__PASSWORD
          userPasswordKey: AUTHENTIK_POSTGRESQL__PASSWORD
          replicationPasswordKey: AUTHENTIK_POSTGRESQL__PASSWORD

    redis:
      enabled: true

    email:
      host: mail.michaelthomson.dev
      port: 465
      username: server@michaelthomson.dev
      use_tls: true
      from: "Michael's Server <server@michaelthomson.dev>"