authentik: server: replicas: 3 volumeMounts: - name: cert-dubyatp-xyz readOnly: true mountPath: "/certs/dubyatp-xyz" volumes: - name: cert-dubyatp-xyz secret: defaultMode: 0644 secretName: cert-dubyatp-xyz metrics: enabled: true service: labels: metrics_enabled: "true" worker: replicas: 3 volumeMounts: - name: cert-dubyatp-xyz readOnly: true mountPath: "/certs/dubyatp-xyz" volumes: - name: cert-dubyatp-xyz secret: secretName: cert-dubyatp-xyz global: env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-credentials key: authentik-secret-key - name: AUTHENTIK_POSTGRESQL__HOST value: pooler-weyma-rw.cloudnativepg.svc.cluster.local - name: AUTHENTIK_POSTGRESQL__NAME value: authentik - name: AUTHENTIK_POSTGRESQL__USER value: authentik - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: authentik-db-auth key: password - name: AUTHENTIK_EMAIL__FROM value: authentik_dubyatp@em924671.dubyatp.xyz - name: AUTHENTIK_EMAIL__HOST value: mail.smtp2go.com - name: AUTHENTIK_EMAIL__USE_TLS value: "true" - name: AUTHENTIK_EMAIL__USERNAME value: authentik_dubyatp - name: AUTHENTIK_EMAIL__PASSWORD valueFrom: secretKeyRef: name: authentik-credentials key: smtp-password - name: AUTHENTIK_EMAIL__TIMEOUT value: "30" additionalObjects: - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file name: authentik-ingress spec: ingressClassName: traefik rules: - host: auth.dubyatp.xyz http: paths: - backend: service: name: authentik-server port: number: 80 path: / pathType: Prefix tls: - hosts: - auth.dubyatp.xyz secretName: cert-dubyatp-xyz - apiVersion: v1 kind: Secret metadata: name: cert-dubyatp-xyz annotations: replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" data: tls.crt: "" tls.key: "" - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: authentik-credentials spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: authentik-credentials creationPolicy: Owner data: - secretKey: admin-password remoteRef: key: authentik property: admin-password - secretKey: authentik-secret-key remoteRef: key: authentik property: authentik-secret-key - secretKey: replication-password remoteRef: key: authentik property: replication-password - secretKey: user-password remoteRef: key: authentik property: user-password - secretKey: smtp-password remoteRef: key: authentik property: smtp-password - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: authentik-db-auth spec: data: - remoteRef: conversionStrategy: Default decodingStrategy: None key: cloudnativepg metadataPolicy: None property: authentik_pw secretKey: password refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: weyma-vault target: creationPolicy: Owner deletionPolicy: Retain name: authentik-db-auth