homelab/infra/controllers/authentik/authentik.yaml

---
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: authentik-secret-key
  namespace: authentik-system
spec:
  itemPath: "vaults/cluster/items/authentik-secret-key"
---
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: authentik-postgresql-password
  namespace: authentik-system
spec:
  itemPath: "vaults/cluster/items/authentik-postgresql-password"
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: authentik-repo
  namespace: authentik-system
spec:
  interval: 15m0s
  url: https://charts.goauthentik.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: authentik
  namespace: authentik-system
spec:
  chart:
    spec:
      chart: authentik
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: authentik-repo
      version: 2025.4.0
  interval: 1m0s
  values:
    global:
      env:
        - name: AUTHENTIK_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: authentik-secret-key
              key: password
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: authentik-postgresql-password
              key: password
    authentik:
      error_reporting:
        enabled: false
    postgresql:
      enabled: true
      auth:
        existingSecret: "authentik-postgresql-password"
    redis:
      enabled: true