--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: authentik namespace: argocd spec: destination: name: '' namespace: apps-fuku server: https://kubernetes.default.svc sources: - chart: authentik repoURL: https://charts.goauthentik.io/ targetRevision: 2025.4.* helm: valuesObject: authentik: secret_key: file:///authentik-creds/secret_key email: host: mail.fukurokuju.dev port: 465 password: file:///authentik-creds/email_password username: auth@fukurokuju.dev use_ssl: true timeout: 30 from: auth@fukurokuju.dev postgresql: host: 192.168.1.3 port: 55432 name: auth user: file:///authentik-creds/pg_username password: file:///authentik-creds/pg_password redis: host: 192.168.1.3 port: 30036 password: file:///authentik-creds/redis_password error_reporting: enabled: true global: volumeMounts: - name: authentik-creds mountPath: /authentik-creds - name: media mountPath: /media volumes: - name: authentik-creds secret: secretName: secrets-authentik - name: media persistentVolumeClaim: claimName: pvc-authentik-media server: autoscaling: enabled: true minReplicas: 1 maxReplicas: 3 pdb: enabled: true minAvailable: 1 service: type: LoadBalancer servicePortHttp: 9000 servicePortHttps: 9443 annotations: traefik.ingress.kubernetes.io/service.serversscheme: https traefik.ingress.kubernetes.io/service.serverstransport: apps-fuku-skipverify-authentik@kubernetescrd # yamllint disable rule:line-length metrics: enabled: true service: type: LoadBalancer serviceMonitor: enabled: false ingress: enabled: true ingressClassName: traefik hosts: - auth.fukurokuju.dev tls: [] https: true worker: autoscaling: enabled: true minReplicas: 2 maxReplicas: 6 pdb: enabled: true minAvailable: 2 - repoURL: https://git.roboces.dev/catalin/fukuops.git path: k8s/services/authentik targetRevision: main project: fuku syncPolicy: automated: {}