admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d47aed4906cc302556471a162b9675c9bca98d1b
homelab-manifests/auth-system/authentik-values.yaml
T
kisfenyo d47aed4906 added authentik app
2025-12-27 18:57:41 +01:00

200 lines
4.4 KiB
YAML
Raw Blame History

---
# Authentik Helm Chart Custom Values - SHARED POSTGRESQL VERSION
# For dooplex homelab deployment with centralized PostgreSQL
# Version: 2025.10.3
global:
image:
repository: ghcr.io/goauthentik/server
tag: "2025.10.3"
deploymentAnnotations:
reloader.stakater.com/auto: "true" # Auto-reload on secret changes (if using Reloader)
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9300"
# Environment variables for all pods
envFrom:
- secretRef:
name: authentik-secret-key
env:
- name: AUTHENTIK_REDIS__HOST
value: "authentik-redis-master"
# PostgreSQL config for SHARED database
- name: AUTHENTIK_POSTGRESQL__HOST
value: "postgresql.database-system.svc.cluster.local"
- name: AUTHENTIK_POSTGRESQL__NAME
value: "authentik"
- name: AUTHENTIK_POSTGRESQL__USER
value: "authentik"
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-postgresql
key: password
- name: AUTHENTIK_EMAIL__HOST
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: AUTHENTIK_EMAIL__PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: AUTHENTIK_EMAIL__USERNAME
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: AUTHENTIK_EMAIL__PASSWORD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: AUTHENTIK_EMAIL__FROM
valueFrom:
secretKeyRef:
name: smtp-credentials
key: from-address
authentik:
# Secret key will come from authentik-secret-key secret via envFrom
secret_key: ""
log_level: info
# PostgreSQL configuration for SHARED database
postgresql:
host: "postgresql.database-system.svc.cluster.local"
name: "authentik"
user: "authentik"
# Password comes from secret via global.env
error_reporting:
enabled: false
server:
enabled: true
name: server
replicas: 1
# Ingress configuration
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/hostname: "authentik.dooplex.hu"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
hosts:
- host: authentik.dooplex.hu
paths:
- path: /
pathType: Prefix
tls:
- secretName: authentik-tls
hosts:
- authentik.dooplex.hu
# Resource limits
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
memory: 1Gi
# Persistent volume for media files
volumes:
- name: media
persistentVolumeClaim:
claimName: authentik-media
volumeMounts:
- name: media
mountPath: /media
metrics:
enabled: true
serviceMonitor:
enabled: true
interval: 30s
worker:
enabled: true
name: worker
replicas: 1
# Resource limits
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
memory: 1Gi
# Persistent volume for media files (shared with server)
volumes:
- name: media
persistentVolumeClaim:
claimName: authentik-media
volumeMounts:
- name: media
mountPath: /media
metrics:
enabled: true
serviceMonitor:
enabled: true
interval: 30s
# DISABLE bundled PostgreSQL - using shared instance
postgresql:
enabled: false
# Enable bundled Redis (required for Authentik)
redis:
enabled: true
architecture: standalone
auth:
enabled: false # Internal only, no need for auth
master:
persistence:
enabled: true
storageClass: longhorn
size: 1Gi
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
memory: 256Mi
# GeoIP configuration (optional, for geo-blocking features)
geoip:
enabled: false
# To enable later:
# 1. Sign up at https://www.maxmind.com/en/geolite2/signup
# 2. Get accountId and licenseKey
# 3. Uncomment and fill:
# accountId: ""
# licenseKey: ""
# Service Account
serviceAccount:
create: true
annotations:
argocd.argoproj.io/sync-wave: "-1"
# Prometheus metrics
prometheus:
rules:
enabled: false
Reference in New Issue View Git Blame Copy Permalink