---
apiVersion: v1
kind: Namespace
metadata:
  name: authentik
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: authentik
  namespace: flux-system
spec:
  url: https://charts.goauthentik.io/
  interval: 1h
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: authentik
  namespace: authentik
spec:
  interval: 30m
  chart:
    spec:
      chart: authentik
      version: 2024.4.2
      sourceRef:
        kind: HelmRepository
        name: authentik
        namespace: flux-system
  install:
    createNamespace: true
  upgrade:
    disableWait: false
  timeout: 10m
  values:
    secret:
      create: false
      existingSecret: authentik-secret
    server:
      ingress:
        enabled: true
        ingressClassName: traefik
        annotations:
          cert-manager.io/cluster-issuer: "letsencrypt-prod"
          external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
        hosts:
          - host: auth.hxme.net
            paths:
              - path: /
                pathType: Prefix
        tls:
          - secretName: authentik-tls
            hosts:
              - auth.hxme.net
    postgresql:
      enabled: true  # Set to false if using external DB
    redis:
      enabled: true  # Set to false if using external Redis