global: addPrometheusAnnotations: true securityContext: runAsUser: 1000 fsGroup: 1000 podLabels: app: authentik nodeSelector: nodepool: worker topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app: authentik env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-secret-key key: password - name: AUTHENTIK_EMAIL__USERNAME valueFrom: secretKeyRef: name: smtp-token key: authentik-username - name: AUTHENTIK_EMAIL__PASSWORD valueFrom: secretKeyRef: name: smtp-token key: authentik-password - name: AUTHENTIK_EMAIL__FROM valueFrom: secretKeyRef: name: smtp-token key: authentik-username - name: AUTHENTIK_EMAIL__USE_TLS value: "true" - name: AUTHENTIK_POSTGRESQL__SSLMODE value: verify-full - name: AUTHENTIK_POSTGRESQL__SSLROOTCERT value: "/opt/authentik/certs/ca.crt" - name: AUTHENTIK_POSTGRESQL__SSLCERT value: "/opt/authentik/certs/tls.crt" - name: AUTHENTIK_POSTGRESQL__SSLKEY value: "/opt/authentik/certs/tls.key" - name: AUTHENTIK_REDIS__PASSWORD valueFrom: secretKeyRef: name: valkey key: password volumes: - name: ssl-bundle projected: sources: - secret: name: authentik-client-cert items: - key: tls.crt path: tls.crt - key: tls.key path: tls.key mode: 0600 - secret: name: postgres-server-cert items: - key: ca.crt path: ca.crt volumeMounts: - name: ssl-bundle mountPath: /opt/authentik/certs readOnly: true authentik: error_reporting: enabled: false email: host: "smtp.protonmail.ch" port: 587 postgresql: host: postgres-cluster-rw user: authentik name: authentik redis: host: valkey server: replicas: 3 ingress: enabled: true annotations: cert-manager.io/cluster-issuer: cloudflare-issuer cert-manager.io/acme-challenge-type: dns01 cert-manager.io/private-key-size: "4096" ingressClassName: traefik hosts: - auth.dogar.dev tls: - secretName: authentik-tls hosts: - auth.dogar.dev worker: replicas: 3 postgresql: enabled: false redis: enabled: false