--- apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: "{{ .Release.Name }}-hr" spec: chart: spec: sourceRef: kind: HelmRepository name: "authentik" chart: "authentik" install: {{- toYaml .Values.commons.helm.release.install | nindent 4 }} test: {{- toYaml .Values.commons.helm.release.test | nindent 4 }} upgrade: {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} driftDetection: {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} interval: 10m values: authentik: secret_key: {{ .Values.secret_key | default (derivePassword 1 "long" .Values.commons.masterPassword "authentik" "secret_key") | quote }} avatars: "none" postgresql: host: {{ .Values.database.host | quote }} name: {{ .Values.database.name | quote }} user: {{ .Values.database.username | quote }} password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "authentik" "database_password") | quote }} email: host: {{ .Values.commons.mail.host | quote }} username: {{ .Values.commons.mail.username | quote }} password: {{ .Values.commons.mail.password | quote }} use_tls: {{ .Values.commons.mail.use_tls }} use_ssl: {{ .Values.commons.mail.use_ssl }} from: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "authentik" .Values.commons.mail.from) | quote }} redis: enabled: true architecture: replication replica: replicaCount: 1 metrics: enabled: true serviceMonitor: enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} additionalLabels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }} prometheusRule: # empty rules enabled: false # {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} additionalLabels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }} rules: [] postgresql: enabled: false prometheus: serviceMonitor: create: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} labels: {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} rules: create: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} labels: {{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }} {{- $host := .Values.ingress.host | default (printf "auth.%s" .Values.commons.ingress.domain) }} ingress: enabled: true annotations: {{- with .Values.commons.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 8 }} {{- end }} hosts: - host: "{{ $host }}" paths: - path: "/" pathType: "Prefix" {{- if .Values.commons.ingress.tls.enabled }} tls: {{- with .Values.commons.ingress.tls.override }} {{- toYaml . | nindent 8 }} {{- else }} - secretName: "mycloud-authentik-cert" hosts: - "{{ $host }}" {{- end }} {{- end }} # # https://github.com/goauthentik/helm/pull/146 # serviceAccount: create: true additionalContainers: - name: sidecar-blueprints image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1" env: - name: "FOLDER" value: "/blueprints/sidecar" - name: "LABEL" value: "goauthentik_blueprint" - name: "LABEL_VALUE" value: "1" # - name: "NAMESPACE" # value: "ALL" - name: "RESOURCE" value: "both" - name: "UNIQUE_FILENAMES" value: "true" volumeMounts: - name: sidecar-blueprints mountPath: /blueprints/sidecar volumeMounts: - name: sidecar-blueprints mountPath: /blueprints/sidecar volumes: - name: sidecar-blueprints emptyDir: {}