authentik: global: env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-key-secret key: key - name: AUTHENTIK_POSTGRESQL__HOST valueFrom: secretKeyRef: name: authentik-postgresql-16-cluster-app key: host - name: AUTHENTIK_POSTGRESQL__NAME valueFrom: secretKeyRef: name: authentik-postgresql-16-cluster-app key: dbname - name: AUTHENTIK_POSTGRESQL__USER valueFrom: secretKeyRef: name: authentik-postgresql-16-cluster-app key: user - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: authentik-postgresql-16-cluster-app key: password server: name: server replicas: 1 volumes: - name: custom-css configMap: name: authentik-custom-css volumeMounts: - name: custom-css mountPath: /web/dist/custom.css subPath: custom.css metrics: enabled: true serviceMonitor: enabled: true ingress: enabled: true ingressClassName: tailscale annotations: tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" hosts: - auth-cl01tl paths: - / tls: - secretName: auth-cl01tl hosts: - auth-cl01tl worker: name: worker replicas: 1 prometheus: rules: enabled: true postgresql: enabled: false redis: enabled: true cloudflared: existingSecretName: authentik-cloudflared-secret postgres-16-cluster: mode: standalone cluster: walStorage: storageClass: local-path storage: storageClass: local-path monitoring: enabled: true prometheusRule: enabled: false backup: enabled: true endpointURL: https://s3.us-east-2.amazonaws.com destinationPath: s3://cl01tl-postgresql-backups/authentik endpointCredentials: authentik-postgresql-16-cluster-backup-secret backupIndex: 1 tags: backupRetentionPolicy: "expire" user: "cl01tl-authentik-postgresql" historyTags: backupRetentionPolicy: "keep" user: "cl01tl-authentik-postgresql"