home-server/applications/40-authentik/authentik.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  project: default
  source:
    repoURL: "https://charts.goauthentik.io/"
    chart: "authentik"
    targetRevision: "2025.6.4"
    type: "helm"
    helm:
      releaseName: "authentik"
      values: |
        global:
          envFrom:
            - secretRef:
                name: authentik-secret
        authentik:
          secret_key: "env://AUTHENTIK_SECRET_KEY"
          postgresql:
            password: "env://AUTHENTIK_POSTGRES_PASSWORD"
          error_reporting:
            enabled: true

        database:
          host: postgresql.database
          existingSecret: authentik-db-credentials
          secretKeys:
            username: POSTGRES_USER
            password: POSTGRES_PASSWORD
            name: POSTGRES_DB

        server:
          ingress:
            enabled: true
            hosts:
              - auth.hxme.net
            annotations:
              external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
            tls:
              - secretName: wildcard-hxme-net
                hosts:
                  - auth.hxme.net
        postgresql:
          enabled: false
        redis:
          enabled: false

  destination:
    server: "https://kubernetes.default.svc"
    namespace: home-server
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`apiVersion: argoproj.io/v1alpha1`
			`kind: Application`
			`metadata:`
			`name: authentik`
			`namespace: argocd`
			`spec:`
			`project: default`
			`source:`
			`repoURL: "https://charts.goauthentik.io/"`
			`chart: "authentik"`
Fix version 2025-08-14 00:53:22 +10:00			`targetRevision: "2025.6.4"`
Try to force a helm chart because argo things its git 2025-08-14 01:03:22 +10:00			`type: "helm"`
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`helm:`
			`releaseName: "authentik"`
envFrom under global 2025-08-16 06:54:28 +00:00			`values: \|`
			`global:`
			`envFrom:`
			`- secretRef:`
ngl I asked gpt again, its an addiction 2025-08-16 07:02:10 +00:00			`name: authentik-secret`
			`authentik:`
			`secret_key: "env://AUTHENTIK_SECRET_KEY"`
			`postgresql:`
			`password: "env://AUTHENTIK_POSTGRES_PASSWORD"`
			`error_reporting:`
			`enabled: true`
database secrets outside of env 2025-08-16 23:37:57 +00:00
			`database:`
			`host: postgresql.database`
			`existingSecret: authentik-db-credentials`
			`secretKeys:`
			`username: POSTGRES_USER`
			`password: POSTGRES_PASSWORD`
			`name: POSTGRES_DB`

ngl I asked gpt again, its an addiction 2025-08-16 07:02:10 +00:00			`server:`
			`ingress:`
			`enabled: true`
			`hosts:`
			`- auth.hxme.net`
			`annotations:`
			`external-dns.alpha.kubernetes.io/hostname: auth.hxme.net`
			`tls:`
			`- secretName: wildcard-hxme-net`
			`hosts:`
			`- auth.hxme.net`
			`postgresql:`
			`enabled: false`
			`redis:`
			`enabled: false`

Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`destination:`
			`server: "https://kubernetes.default.svc"`
			`namespace: home-server`
			`syncPolicy:`
			`automated:`
			`prune: true`
			`selfHeal: true`
			`syncOptions:`
			`- CreateNamespace=true`
Try to force a helm chart because argo things its git 2025-08-14 01:03:22 +10:00