gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
home-server/clusters/noble/bootstrap/authentik/values.yaml

59 lines
2.3 KiB
YAML
Raw Permalink Blame History

# Authentik — noble lab (Helm: goauthentik/authentik)
#
# Secrets (secret_key, postgres password, bootstrap) are supplied at install time by Ansible
# (-f authentik-extra-values.yaml from noble_authentik role). Do not commit real secrets here.
#
# DNS: auth.apps.noble.lab.pcenicni.dev → Traefik LB (see traefik/values.yaml). Optional **extra** Ingress hostnames
# (e.g. a public Pangolin FQDN) are merged by Ansible — **`noble_authentik_ingress_extra_hosts`** in **group_vars** (see **noble_authentik** README).
#
# helm repo add goauthentik https://charts.goauthentik.io && helm repo update
# kubectl apply -f clusters/noble/bootstrap/authentik/namespace.yaml
# helm upgrade --install authentik goauthentik/authentik -n authentik --create-namespace \
# --version 2026.2.3 -f clusters/noble/bootstrap/authentik/values.yaml -f /path/to/extra.yaml --wait
#
# **Media / uploads:** **S3** (same endpoint/credentials pattern as **Velero** — see **ansible/roles/noble_authentik** and **.env.sample**).
# Ansible sets **`AUTHENTIK_STORAGE__BACKEND=s3`** in **`authentik-extra-values.yaml.j2`**; use a **dedicated** media bucket, not the Velero backup bucket.
# **SMTP:** optional — set **`NOBLE_AUTHENTIK_SMTP_HOST`** + **`NOBLE_AUTHENTIK_SMTP_FROM`** in repo **`.env`** so Ansible injects **`AUTHENTIK_EMAIL__*`** into Helm **`global.env`** (see role README).
# **Blueprints:** optional **`blueprints.configMaps`** is merged by Ansible when **`noble_authentik_blueprints_enabled`** is true — see **`ansible/roles/noble_authentik/README.md`**.
postgresql:
enabled: true
auth:
username: authentik
database: authentik
password: ""
primary:
persistence:
enabled: true
storageClassName: longhorn
size: 10Gi
authentik:
secret_key: ""
postgresql:
name: authentik
user: authentik
password: ""
port: 5432
server:
replicas: 1
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
# Chart expects **strings** (FQDNs only); paths come from **server.ingress.paths** / **pathType**.
hosts:
- auth.apps.noble.lab.pcenicni.dev
paths:
- /
pathType: Prefix
tls:
- secretName: authentik-apps-noble-tls
hosts:
- auth.apps.noble.lab.pcenicni.dev
worker:
replicas: 1
Reference in New Issue View Git Blame Copy Permalink