fukuops/k8s/argo-apps/authentik.yaml

---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  destination:
    name: ''
    namespace: apps-fuku
    server: https://kubernetes.default.svc
  sources:
    - chart: authentik
      repoURL: https://charts.goauthentik.io/
      targetRevision: 2025.2.*
      helm:
        valuesObject:
          authentik:
            secret_key: file:///authentik-creds/secret_key
            email:
              host: mail.fukurokuju.dev
              port: 465
              password: file:///authentik-creds/email_password
              username: auth@fukurokuju.dev
              use_ssl: true
              timeout: 30
              from: auth@fukurokuju.dev
            postgresql:
              host: 192.168.1.3
              port: 55432
              name: auth
              user: file:///authentik-creds/pg_username
              password: file:///authentik-creds/pg_password
            redis:
              host: 192.168.1.3
              port: 30036
              password: file:///authentik-creds/redis_password
            error_reporting:
              enabled: true
          global:
            volumeMounts:
              - name: authentik-creds
                mountPath: /authentik-creds
              - name: media
                mountPath: /media
            volumes:
              - name: authentik-creds
                secret:
                  secretName: secrets-authentik
              - name: media
                persistentVolumeClaim:
                  claimName: pvc-authentik-media
          server:
            autoscaling:
              enabled: true
              minReplicas: 1
              maxReplicas: 3
            pdb:
              enabled: true
              minAvailable: 1
            service:
              type: LoadBalancer
              servicePortHttp: 9000
              servicePortHttps: 9443
              annotations:
                traefik.ingress.kubernetes.io/service.serversscheme: https
                traefik.ingress.kubernetes.io/service.serverstransport: apps-fuku-skipverify-authentik@kubernetescrd  # yamllint disable rule:line-length
            metrics:
              enabled: true
              service:
                type: LoadBalancer
              serviceMonitor:
                enabled: false
            ingress:
              enabled: true
              ingressClassName: traefik
              hosts:
                - auth.fukurokuju.dev
              tls: []
              https: true
          worker:
            autoscaling:
              enabled: true
              minReplicas: 2
              maxReplicas: 6
            pdb:
              enabled: true
              minAvailable: 2

    - repoURL: https://git.roboces.dev/catalin/fukuops.git
      path: k8s/services/authentik
      targetRevision: main
  project: fuku
  syncPolicy:
    automated: {}