# -- Server replicas
replicas: 1
# -- Custom priority class for different treatment by the scheduler
priorityClassName:
# -- server securityContext
securityContext: {}

worker:
  # -- worker replicas
  replicas: 1
  # -- Custom priority class for different treatment by the scheduler
  priorityClassName:
  # -- worker securityContext
  securityContext: {}

image:
  repository: ghcr.io/goauthentik/server
  tag: 2023.4.1
  pullPolicy: IfNotPresent
  pullSecrets: []

# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values
initContainers: {}

# -- See https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#values
additionalContainers: {}

authentik:
  # -- Log level for server and worker
  log_level: info
  # -- Secret key used for cookie singing and unique user IDs,
  # don't change this after the first install
  secret_key: "K9F5uNx1gzsk3q5tnjwFabBYgjBJcAv0qM135QRgzL81hRg4"
  # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
  geoip: /geoip/GeoLite2-City.mmdb
  # -- Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none'
  avatars: gravatar

  outposts:
    # -- Template used for managed outposts. The following placeholders can be used
    # %(type)s - the type of the outpost
    # %(version)s - version of your authentik install
    # %(build_hash)s - only for beta versions, the build hash of the image
    container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
  error_reporting:
    # -- This sends anonymous usage-data, stack traces on errors and
    # performance data to sentry.beryju.org, and is fully opt-in
    enabled: false
    # -- This is a string that is sent to sentry with your error reports
    environment: "k8s"
    # -- Send PII (Personally identifiable information) data to sentry
    send_pii: false


  postgresql:
    # -- set the postgresql hostname to talk to
    # if unset and .Values.postgresql.enabled == true, will generate the default
    # @default -- `{{ .Release.Name }}-postgresql`
    host: 'postgres-postgresql.postgres'
    # -- postgresql Database name
    # @default -- `authentik`
    name: "authentik"
    # -- postgresql Username
    # @default -- `authentik`
    user: "authentik"
    password: "authentik"
    port: 5432


  redis:
    # -- set the redis hostname to talk to
    # @default -- `{{ .Release.Name }}-redis-master`
    host: '{{ .Release.Name }}-redis-master'
    password: ""

# -- see configuration options at https://goauthentik.io/docs/installation/configuration/
env: {}
# AUTHENTIK_VAR_NAME: VALUE

envFrom: []
#  - configMapRef:
#      name: special-config

envValueFrom: {}
#  AUTHENTIK_VAR_NAME:
#    secretKeyRef:
#      key: password
#      name: my-secret

service:
  # -- Service that is created to access authentik
  enabled: true
  type: ClusterIP
  port: 80
  name: http
  protocol: TCP
  labels: {}
  annotations: {}

volumes: []

volumeMounts: []

# -- affinity applied to the deployments
affinity: {}

# -- nodeSelector applied to the deployments

resources:
  server: {}
  worker: {}

# WARNING! When initially deploying, authentik has to do a few DB migrations. This may cause it to die from probe
# failure, but will continue on reboot. You can disable this during deployment if this is not desired
livenessProbe:
  # -- enables or disables the livenessProbe
  enabled: true
  httpGet:
    # -- liveness probe url path
    path: /-/health/live/
    port: http
  initialDelaySeconds: 50
  periodSeconds: 10

readinessProbe:
  enabled: true
  httpGet:
    path: /-/health/ready/
    port: http
  initialDelaySeconds: 50
  periodSeconds: 10

serviceAccount:
  # -- Service account is needed for managed outposts
  create: true

prometheus:
  serviceMonitor:
    create: false
    interval: 30s
    scrapeTimeout: 3s
  rules:
    create: false

geoip:
  # -- optional GeoIP, deploys a cronjob to download the maxmind database
  enabled: false
  # -- sign up under https://www.maxmind.com/en/geolite2/signup
  accountId: ""
  # -- sign up under https://www.maxmind.com/en/geolite2/signup
  licenseKey: ""
  editionIds: "GeoLite2-City"
  image: maxmindinc/geoipupdate:v4.8
  # -- number of hours between update runs
  updateInterval: 8

postgresql:
  # -- enable the bundled bitnami postgresql chart
  enabled: false
  postgresqlUsername: "authentik"
  postgresqlPassword: "authentik"
  postgresqlDatabase: "authentik"
  # persistence:
  #   enabled: true
  #   existingClaim: authentik-postgres-nfs
redis:
  # -- enable the bundled bitnami redis chart
  enabled: true
  architecture: standalone
  auth:
    enabled: false