53 lines
1.4 KiB
YAML
53 lines
1.4 KiB
YAML
# Authentik — noble lab (Helm: goauthentik/authentik)
|
|
#
|
|
# Secrets (secret_key, postgres password, bootstrap) are supplied at install time by Ansible
|
|
# (-f authentik-extra-values.yaml from noble_authentik role). Do not commit real secrets here.
|
|
#
|
|
# DNS: auth.apps.noble.lab.pcenicni.dev → Traefik LB (see traefik/values.yaml).
|
|
#
|
|
# helm repo add goauthentik https://charts.goauthentik.io && helm repo update
|
|
# kubectl apply -f clusters/noble/bootstrap/authentik/namespace.yaml
|
|
# helm upgrade --install authentik goauthentik/authentik -n authentik --create-namespace \
|
|
# --version 2026.2.3 -f clusters/noble/bootstrap/authentik/values.yaml -f /path/to/extra.yaml --wait
|
|
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
username: authentik
|
|
database: authentik
|
|
password: ""
|
|
primary:
|
|
persistence:
|
|
enabled: true
|
|
storageClassName: longhorn
|
|
size: 10Gi
|
|
|
|
authentik:
|
|
secret_key: ""
|
|
postgresql:
|
|
name: authentik
|
|
user: authentik
|
|
password: ""
|
|
port: 5432
|
|
|
|
server:
|
|
replicas: 1
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
# Chart expects **strings** (FQDNs only); paths come from **server.ingress.paths** / **pathType**.
|
|
hosts:
|
|
- auth.apps.noble.lab.pcenicni.dev
|
|
paths:
|
|
- /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: authentik-apps-noble-tls
|
|
hosts:
|
|
- auth.apps.noble.lab.pcenicni.dev
|
|
|
|
worker:
|
|
replicas: 1
|