Argo/apps/templates/authentik.yaml

87 lines
2.1 KiB
YAML
Raw Normal View History

2022-11-30 13:32:46 +01:00
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authentik
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: authentik
project: default
source:
chart: authentik
helm:
values: |
image:
repository: ghcr.io/goauthentik/server
2022-12-06 02:22:05 +01:00
tag: 2022.11.3
2022-11-30 13:32:46 +01:00
authentik:
error_reporting:
enabled: true
2022-12-01 00:43:06 +01:00
ingress:
2022-11-30 13:50:44 +01:00
enabled: true
2022-12-01 00:43:06 +01:00
ingressClassName: traefik
2022-12-01 00:50:45 +01:00
annotations:
cert-manager.io/acme-challenge-type: dns01
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
2022-12-01 00:43:06 +01:00
hosts:
- host: authentik.roxedus.com
paths:
- path: "/"
pathType: Prefix
2022-11-30 13:50:44 +01:00
2022-12-01 00:45:58 +01:00
tls:
- hosts:
- authentik.roxedus.com
secretName: authentik-roxedus-com-cert
2022-11-30 13:32:46 +01:00
envValueFrom:
2022-12-06 03:42:04 +01:00
POSTGRES_PASSWORD:
secretKeyRef:
key: postgresql-password
name: authentik-postgresql
2022-12-06 03:29:01 +01:00
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
2022-12-06 03:39:49 +01:00
key: postgresql-postgres-password
2022-12-06 03:29:01 +01:00
name: authentik-postgresql
2022-11-30 13:32:46 +01:00
AUTHENTIK_SECRET_KEY:
secretKeyRef:
key: AUTHENTIK_SECRET_KEY
name: authentik-secret
postgresql:
image:
registry: ghcr.io
repository: zcube/bitnami-compat/postgresql
tag: 11.18.0-debian-11-r39
enabled: true
auth:
existingSecret: authentik-postgresql
persistence:
enabled: true
storageClass: longhorn
accessModes:
- ReadWriteOnce
redis:
enabled: true
image:
registry: ghcr.io
repository: zcube/bitnami-compat/redis
tag: 6.2.7-debian-11-r39
repoURL: https://charts.goauthentik.io
2022-12-06 02:25:40 +01:00
targetRevision: 2022.11.3
2022-11-30 13:32:46 +01:00
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true