home-server/applications/40-authentik/authentik.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://charts.goauthentik.io
    chart: "authentik"
    targetRevision: 2025.6.4
    type: helm
    helm:
      values: |
        postgresql:
          enabled: false
        redis:
          enabled: false
        postgresqlConfig:
          host: postgresql.database
          port: 5432
          database: authentik
          username: authentik
          existingSecret: authentik-secrets
          existingSecretKey: postgresql-password
        redisConfig:
          host: redis.database
          port: <your-external-redis-port>
          existingSecret: authentik-secrets
          existingSecretKey: redis-password
        authentik:
          secret_key_existing_secret: authentik-secrets
          secret_key_existing_secret_key: secret-key
          external_url: "https://authentik.yourdomain.com/"
          ingress:
            enabled: true
            hosts:
              - host: authentik.hxme.net
                paths:
                  - path: /
                    pathType: Prefix
  destination:
    server: https://kubernetes.default.svc
    namespace: home-server
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`apiVersion: argoproj.io/v1alpha1`
			`kind: Application`
			`metadata:`
			`name: authentik`
			`namespace: argocd`
			`spec:`
			`project: default`
			`source:`
copy/paste from web 2025-08-17 13:44:49 +00:00			`repoURL: https://charts.goauthentik.io`
Tidy auth 2025-08-17 13:42:44 +00:00			`chart: "authentik"`
Upgrade version 2025-08-17 13:44:03 +00:00			`targetRevision: 2025.6.4`
Tell it specifically that this is helm 2025-08-17 13:45:57 +00:00			`type: helm`
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`helm:`
Re-attempt authentik with known working version and values to match 2025-08-17 13:04:55 +00:00			`values: \|`
			`postgresql:`
			`enabled: false`
			`redis:`
			`enabled: false`
			`postgresqlConfig:`
			`host: postgresql.database`
			`port: 5432`
			`database: authentik`
			`username: authentik`
			`existingSecret: authentik-secrets`
			`existingSecretKey: postgresql-password`
			`redisConfig:`
Tidy auth 2025-08-17 13:42:44 +00:00			`host: redis.database`
Re-attempt authentik with known working version and values to match 2025-08-17 13:04:55 +00:00			`port: <your-external-redis-port>`
			`existingSecret: authentik-secrets`
			`existingSecretKey: redis-password`
			`authentik:`
			`secret_key_existing_secret: authentik-secrets`
			`secret_key_existing_secret_key: secret-key`
			`external_url: "https://authentik.yourdomain.com/"`
			`ingress:`
			`enabled: true`
			`hosts:`
			`- host: authentik.hxme.net`
			`paths:`
			`- path: /`
			`pathType: Prefix`
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`destination:`
Re-attempt authentik with known working version and values to match 2025-08-17 13:04:55 +00:00			`server: https://kubernetes.default.svc`
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`namespace: home-server`
			`syncPolicy:`
			`automated:`
			`selfHeal: true`
Re-attempt authentik with known working version and values to match 2025-08-17 13:04:55 +00:00			`prune: true`
Move namespacing around. Add DNS & LE. Add authentik. 2025-08-14 00:39:59 +10:00			`syncOptions:`
			`- CreateNamespace=true`