apiVersion: v2
name: authentik-application
type: application

version: 0.3.4
description: |-
  A Chart to deploy a secret for the authentik blueprint-sidecar.

  for usage, deploy:
  https://github.com/goauthentik/helm/pull/146

  or use:
  ```yaml
  serviceAccount:
    create: true

  additionalContainers:
    - name: sidecar-blueprints
      image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
      env:
        - name: "FOLDER"
          value: "/blueprints/sidecar"
        - name: "LABEL"
          value: "goauthentik_blueprint"
        - name: "LABEL_VALUE"
          value: "1"
        # - name: "NAMESPACE"
        #   value: "ALL"
        - name: "RESOURCE"
          value: "both"
        - name: "UNIQUE_FILENAMES"
          value: "true"
      volumeMounts:
        - name: sidecar-blueprints
          mountPath: /blueprints/sidecar

  volumeMounts:
    - name: sidecar-blueprints
      mountPath: /blueprints/sidecar

  volumes:
    - name: sidecar-blueprints
      emptyDir: {}
  ```
  and create an serviceaccount to read secrets:
  ```yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    name: authentik-blueprint-sidecar
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: authentik-blueprint-sidecar
  subjects:
    - kind: ServiceAccount
      name: authentik
  ---
  apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    name: authentik-blueprint-sidecar
  rules:
    - apiGroups: [""]
      resources: ["configmaps", "secrets"]
      verbs: ["get", "watch", "list"]
  ```