apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: authentik namespace: argo-cd finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: server: https://kubernetes.default.svc namespace: authentik project: default source: chart: authentik helm: values: | image: repository: ghcr.io/goauthentik/server tag: 2022.10.0 authentik: error_reporting: enabled: true service: enabled: true type: ClusterIP port: 9443 name: server protocol: TCP envValueFrom: AUTHENTIK_POSTGRESQL__PASSWORD: secretKeyRef: key: postgresql-password name: authentik-postgresql AUTHENTIK_SECRET_KEY: secretKeyRef: key: AUTHENTIK_SECRET_KEY name: authentik-secret postgresql: image: registry: ghcr.io repository: zcube/bitnami-compat/postgresql tag: 11.18.0-debian-11-r39 enabled: true auth: existingSecret: authentik-postgresql persistence: enabled: true storageClass: longhorn accessModes: - ReadWriteOnce redis: enabled: true image: registry: ghcr.io repository: zcube/bitnami-compat/redis tag: 6.2.7-debian-11-r39 repoURL: https://charts.goauthentik.io targetRevision: 2022.09.0 syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: authentik-traefik namespace: authentik spec: entryPoints: - websecure routes: - kind: Rule match: Host("authentik.roxedus.com") services: - name: authentik-server port: 9443 scheme: https serversTransport: selfsigned tls: certResolver: cloudflare