From 63c9043cf8b65dd846e9bfec1d0f2be840ea54a8 Mon Sep 17 00:00:00 2001 From: Marco van Zijl Date: Sat, 10 May 2025 17:05:49 +0200 Subject: [PATCH] Add authentik application and PostgreSQL cluster configuration --- applications/templates/authentik.yaml | 124 ++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 applications/templates/authentik.yaml diff --git a/applications/templates/authentik.yaml b/applications/templates/authentik.yaml new file mode 100644 index 0000000..7092b67 --- /dev/null +++ b/applications/templates/authentik.yaml @@ -0,0 +1,124 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authentik + namespace: argocd +spec: + destination: + namespace: authentik + server: {{ .Values.spec.destination.server }} + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + source: + chart: authentik + repoURL: https://charts.goauthentik.io + targetRevision: 2025.4.0 + helm: + valuesObject: + global: + priorityClassName: homelab-critical + env: + - name: AUTHENTIK_DATABASE__HOST + valueFrom: + secretKeyRef: + name: postgres-authentik-app + key: host + - name: AUTHENTIK_POSTGRESQL__NAME + valueFrom: + secretKeyRef: + name: postgres-authentik-app + key: dbname + - name: AUTHENTIK_POSTGRESQL__PASSWORD + valueFrom: + secretKeyRef: + name: postgres-authentik-app + key: password + - name: AUTHENTIK_POSTGRESQL__USER + valueFrom: + secretKeyRef: + name: postgres-authentik-app + key: username + authentik: + secret_key: bGd7nChCpPQmypR64rgF + server: + metrics: + enabled: true + serviceMonitor: + enabled: true + ingress: + ingressClassName: traefik + enabled: true + hosts: + - authentik.noxxos.nl + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web + postgresql: + enabled: false + redis: + enabled: true + prometheus: + rules: + enabled: true +--- + +apiVersion: objectbucket.io/v1alpha1 +kind: ObjectBucketClaim +metadata: + name: postgres-authentik-backup + namespace: authentik +spec: + bucketName: postgres-authentik-backup + storageClassName: rgw-bulk + additionalConfig: + maxSize: "10G" +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: pg-authentik-cluster + namespace: authentik +spec: + instances: 2 + priorityClassName: homelab-critical + resources: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 1Gi + cpu: '1' + postgresql: + parameters: + max_connections: "200" + shared_buffers: "32MB" + effective_cache_size: "96MB" + maintenance_work_mem: "8MB" + wal_buffers: "2MB" + random_page_cost: "1.1" + effective_io_concurrency: "300" + work_mem: "1MB" + monitoring: + enablePodMonitor: true + storage: + size: 1Gi + storageClass: local-path + backup: + barmanObjectStore: + endpointURL: http://rook-ceph-rgw-rgw-bulk.ceph.svc:80 + destinationPath: s3://postgres-authentik-backup/ + s3Credentials: + accessKeyId: + name: postgres-authentik-backup + key: AWS_ACCESS_KEY_ID + secretAccessKey: + name: postgres-authentik-backup + key: AWS_SECRET_ACCESS_KEY + data: + compression: bzip2 + wal: + compression: bzip2 + retentionPolicy: "60d" \ No newline at end of file