mirror of
https://github.com/michaelthomson0797/fleet-infra.git
synced 2026-02-04 13:09:53 +00:00
70 lines
1.9 KiB
YAML
70 lines
1.9 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: authentik
|
|
namespace: authentik
|
|
spec:
|
|
chart:
|
|
spec:
|
|
chart: authentik
|
|
version: 2025.8.4
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: authentik
|
|
interval: 15m
|
|
releaseName: authentik
|
|
values:
|
|
authentik:
|
|
secret_key: file:///secret-key/key
|
|
postgresql:
|
|
host: postgres-cluster-rw
|
|
user: file:///postgres-creds/username
|
|
password: file:///postgres-creds/password
|
|
server:
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
|
|
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
hosts:
|
|
- authentik.michaelthomson.dev
|
|
tls:
|
|
- secretName: authentik-tls
|
|
hosts:
|
|
- authentik.michaelthomson.dev
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: authentik-postgres-credentials
|
|
- name: secret-key
|
|
secret:
|
|
secretName: authentik-secret-key
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
- name: secret-key
|
|
mountPath: /secret-key
|
|
readOnly: true
|
|
worker:
|
|
env:
|
|
- name: AUTHENTIK_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secret-key
|
|
key: key
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: authentik-postgres-credentials
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
redis:
|
|
enabled: true
|