apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argo-cd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: authentik
  project: default
  source:
    chart: authentik
    helm:
      values: |

        image:
          repository: ghcr.io/goauthentik/server

        authentik:
          error_reporting:
            enabled: true

        ingress:
          enabled: true
          ingressClassName: traefik
          annotations:
            cert-manager.io/acme-challenge-type: dns01
            cert-manager.io/cluster-issuer: roxedus.com-cloudflare
          hosts:
            - host: authentik.roxedus.com
              paths:
                - path: "/"
                  pathType: Prefix

          tls:
          - hosts:
            - authentik.roxedus.com
            secretName: authentik-roxedus-com-cert

        envValueFrom:
          AUTHENTIK_SECRET_KEY:
            secretKeyRef:
              key: AUTHENTIK_SECRET_KEY
              name: authentik-secret

          AUTHENTIK_POSTGRESQL__PASSWORD:
            secretKeyRef:
              key: password
              name: postgres-secret

        prometheus.rules.create: true

        postgresql:
          image:
            registry: ghcr.io
            repository: zcube/bitnami-compat/postgresql
            tag: 11.18.0-debian-11-r39
          enabled: true
          # auth:
          #   existingSecret: authentik-postgresql
          persistence:
            enabled: true
            storageClass: longhorn
            accessModes:
              - ReadWriteOnce
        redis:
          enabled: true
          image:
            registry: ghcr.io
            repository: zcube/bitnami-compat/redis
            tag: 6.2.7-debian-11-r39

    repoURL: https://charts.goauthentik.io
    targetRevision: 2022.12.2
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true