Argo/apps/templates/authentik.yaml

83 lines
2.0 KiB
YAML

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authentik
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: authentik
project: default
source:
chart: authentik
helm:
values: |
image:
repository: ghcr.io/goauthentik/server
authentik:
error_reporting:
enabled: true
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/acme-challenge-type: dns01
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
hosts:
- host: authentik.roxedus.com
paths:
- path: "/"
pathType: Prefix
tls:
- hosts:
- authentik.roxedus.com
secretName: authentik-roxedus-com-cert
envValueFrom:
AUTHENTIK_SECRET_KEY:
secretKeyRef:
key: AUTHENTIK_SECRET_KEY
name: authentik-secret
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: password
name: postgres-secret
prometheus.rules.create: true
postgresql:
image:
registry: ghcr.io
repository: zcube/bitnami-compat/postgresql
tag: 11.18.0-debian-11-r39
enabled: true
# auth:
# existingSecret: authentik-postgresql
persistence:
enabled: true
storageClass: longhorn
accessModes:
- ReadWriteOnce
redis:
enabled: true
image:
registry: ghcr.io
repository: zcube/bitnami-compat/redis
tag: 6.2.7-debian-11-r39
repoURL: https://charts.goauthentik.io
targetRevision: 2023.1.2
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true