64 lines
1.5 KiB
YAML
64 lines
1.5 KiB
YAML
authentik:
|
|
# --- App Configuration ---
|
|
authentik:
|
|
error_reporting:
|
|
enabled: false
|
|
email:
|
|
host: "smtp.example.com"
|
|
port: 587
|
|
username: "user"
|
|
use_tls: true
|
|
from: "authentik@stabify.de"
|
|
secret_key: "" # Via Env Var
|
|
|
|
# --- Server Component (UI & API) ---
|
|
server:
|
|
envFrom:
|
|
- secretRef:
|
|
name: authentik-secrets
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
hosts:
|
|
- "auth.apps.k3s.stabify.de"
|
|
paths:
|
|
- "/"
|
|
tls:
|
|
- secretName: authentik-tls
|
|
hosts:
|
|
- "auth.apps.k3s.stabify.de"
|
|
|
|
# --- Worker Component ---
|
|
worker:
|
|
envFrom:
|
|
- secretRef:
|
|
name: authentik-secrets
|
|
|
|
# --- Dependencies (Postgres & Redis) ---
|
|
postgresql:
|
|
enabled: true
|
|
image:
|
|
tag: "15.5.0-debian-11-r2" # Älter aber existent
|
|
auth:
|
|
existingSecret: "authentik-secrets"
|
|
secretKeys:
|
|
adminPasswordKey: "postgres-password"
|
|
userPasswordKey: "postgres-password"
|
|
primary:
|
|
persistence:
|
|
enabled: true
|
|
size: 8Gi
|
|
|
|
redis:
|
|
enabled: true
|
|
image:
|
|
tag: "7.2.4-debian-11-r2" # Älter aber existent
|
|
auth:
|
|
existingSecret: "authentik-secrets"
|
|
existingSecretPasswordKey: "redis-password"
|
|
architecture: standalone
|