Refactor authentik values.yaml to streamline PostgreSQL configuration and enhance backup settings

2025-11-11 20:40:09 +01:00 · 2025-11-11 20:40:09 +01:00 · e37e86b5c5
commit e37e86b5c5
parent 7d6d38d8e0
1 changed files with 86 additions and 88 deletions
--- a/apps/authentik/values.yaml
+++ b/apps/authentik/values.yaml
@ -53,93 +53,91 @@ authentik:
        readOnly: true

  extraObjects:
-    - apiVersion: postgresql.cnpg.io/v1
-      kind: Cluster
-      metadata:
-        name: authentik-pg-cluster
-        namespace: authentik
-      spec:
-        instances: 2
-        postgresql:
-          parameters:
-            max_connections: "20"
-            shared_buffers: "25MB"
-            effective_cache_size: "75MB"
-            maintenance_work_mem: "6400kB"
-            checkpoint_completion_target: "0.9"
-            wal_buffers: "768kB"
-            default_statistics_target: "100"
-            random_page_cost: "1.1"
-            effective_io_concurrency: "300"
-            work_mem: "640kB"
-            huge_pages: "off"
-            max_wal_size: "128MB"
-        bootstrap:
-          initdb:
-            database: authentik
-            owner: authentik
-            secret:
-              name: authentik-pg-cluster-app
-        storage:
-          storageClass: ceph-block
-          size: 10Gi
-        resources:
-          requests:
-            cpu: 100m
-            memory: 100Mi
-          limits:
-            memory: 512Mi
-        plugins:
-          - enabled: true
-            name: barman-cloud.cloudnative-pg.io
-            isWALArchiver: true
-            parameters:
-              barmanObjectName: authentik-backup-store
-
-    - apiVersion: barmancloud.cnpg.io/v1
-      kind: ObjectStore
-      metadata:
-        name: authentik-backup-store
-        namespace: authentik
-      spec:
-        retentionPolicy: "30d"
-        configuration:
-          destinationPath: s3://postgresql-backups/authentik
-          endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
-          s3Credentials:
-            accessKeyId:
-              name: authentik-pg-backup-creds
-              key: AWS_ACCESS_KEY_ID
-            secretAccessKey:
-              name: authentik-pg-backup-creds
-              key: AWS_SECRET_ACCESS_KEY
-          wal:
-            compression: bzip2
-          data:
-            compression: bzip2
-
-    - apiVersion: postgresql.cnpg.io/v1
-      kind: ScheduledBackup
-      metadata:
-        name: authentik-pg-backup
-        namespace: authentik
-      spec:
-        method: plugin
-        immediate: true
-        schedule: "0 30 3 * * *"  # 03:30 daily
-        backupOwnerReference: self
-        cluster:
-          name: authentik-pg-cluster
-        pluginConfiguration:
+  - apiVersion: postgresql.cnpg.io/v1
+    kind: Cluster
+    metadata:
+      name: authentik-pg-cluster
+      namespace: authentik
+    spec:
+      instances: 2
+      postgresql:
+        parameters:
+          max_connections: "20"
+          shared_buffers: "25MB"
+          effective_cache_size: "75MB"
+          maintenance_work_mem: "6400kB"
+          checkpoint_completion_target: "0.9"
+          wal_buffers: "768kB"
+          default_statistics_target: "100"
+          random_page_cost: "1.1"
+          effective_io_concurrency: "300"
+          work_mem: "640kB"
+          huge_pages: "off"
+          max_wal_size: "128MB"
+      bootstrap:
+        initdb:
+          database: authentik
+          owner: authentik
+      storage:
+        storageClass: ceph-block
+        size: 10Gi
+      resources:
+        requests:
+          cpu: 100m
+          memory: 100Mi
+        limits:
+          memory: 512Mi
+      plugins:
+        - enabled: true
          name: barman-cloud.cloudnative-pg.io
+          isWALArchiver: true
+          parameters:
+            barmanObjectName: authentik-backup-store

-    - apiVersion: objectbucket.io/v1alpha1
-      kind: ObjectBucketClaim
-      metadata:
-        name: authentik-pg-backups
-        namespace: authentik
-      spec:
-        bucketName: postgresql-backups
-        storageClassName: ceph-bucket
-        additionalConfig:
-          maxSize: "50Gi"
+  - apiVersion: barmancloud.cnpg.io/v1
+    kind: ObjectStore
+    metadata:
+      name: authentik-backup-store
+      namespace: authentik
+    spec:
+      retentionPolicy: "30d"
+      configuration:
+        destinationPath: s3://postgresql-backups/authentik
+        endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
+        s3Credentials:
+          accessKeyId:
+            name: authentik-pg-backup-creds
+            key: AWS_ACCESS_KEY_ID
+          secretAccessKey:
+            name: authentik-pg-backup-creds
+            key: AWS_SECRET_ACCESS_KEY
+        wal:
+          compression: bzip2
+        data:
+          compression: bzip2
+
+  - apiVersion: postgresql.cnpg.io/v1
+    kind: ScheduledBackup
+    metadata:
+      name: authentik-pg-backup
+      namespace: authentik
+    spec:
+      method: plugin
+      immediate: true
+      schedule: "0 30 3 * * *"  # 03:30 daily
+      backupOwnerReference: self
+      cluster:
+        name: authentik-pg-cluster
+      pluginConfiguration:
+        name: barman-cloud.cloudnative-pg.io
+
+  - apiVersion: objectbucket.io/v1alpha1
+    kind: ObjectBucketClaim
+    metadata:
+      name: authentik-pg-backups
+      namespace: authentik
+    spec:
+      bucketName: postgresql-backups
+      storageClassName: ceph-bucket
+      additionalConfig:
+        maxSize: "50Gi"