flux-charts/infra-monitoring/templates/alertmanager/authentik-application.yaml

{{- if and
  .Values.commons.auth.enabled (eq .Values.commons.auth.type "authentik")
  .Values.alertmanager.ingress.enabled
}}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: authentik-application-alertmanager
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
  releaseName: authentik-application-infra-alertmanager
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $domain := .Values.alertmanager.ingress.host | default (printf "alertmanager.%s" .Values.commons.ingress.domain) }}
    {{- $url := printf "https://%s" $domain }}
    blueprint:
      authentik:
        domain: "https://{{ .Values.commons.auth.authentik.domain }}"
      provider:
        enabled: {{ not .Values.alertmanager.auth.anonymous.enabled }}
        type: "proxy"
        proxy:
          externalHost: {{ $url | quote }}
          skipPathRegex: |
            /favicon.ico
          ingress:
            enabled: true
            domain: {{ $domain | quote }}
            backend: {{ .Values.commons.auth.authentik.backend }}
            {{- with $.Values.commons.ingress.annotations }}
            annotations:
              {{- toYaml . | nindent 14 }}
            {{- end }}
            {{- if $.Values.commons.ingress.tls.enabled }}
            tls:
              {{- with $.Values.commons.ingress.tls.override }}
              {{- toYaml . | nindent 14 }}
              {{- else }}
              - secretName: "infra-monitoring-alertmanager-cert"
                hosts:
                  - {{ $domain | quote }}
              {{- end }}
            {{- end }}

      groups:
        - slug: "app: infra"
          bindID: "0e71f524-6fb5-43a5-9f60-95d4e103e390"

      application:
        group: "Infrastructure"
        policyEngineMode: "any"
        openInNewTab: true
        publisher: "WrenIX's Infra"
        slug: "infra-alertmanager"
        name: "Alertmanager"
        launchURL: {{ $url | quote }}
        icon: "{{ $url }}/favicon.ico"
        description: "The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integration such as email, PagerDuty, or OpsGenie. It also takes care of silencing and inhibition of alerts."
{{- end }}