Refactor authentik values.yaml to streamline PostgreSQL configuration and enhance backup settings

2025-11-11 20:40:09 +01:00 · 2025-11-11 20:40:09 +01:00 · e37e86b5c5
commit e37e86b5c5
parent 7d6d38d8e0
1 changed files with 86 additions and 88 deletions
--- a/apps/authentik/values.yaml
+++ b/apps/authentik/values.yaml
@ -53,93 +53,91 @@ authentik:
        readOnly: true
  extraObjects:
-    - apiVersion: postgresql.cnpg.io/v1
+  - apiVersion: postgresql.cnpg.io/v1
-      kind: Cluster
+    kind: Cluster
-      metadata:
+    metadata:
-        name: authentik-pg-cluster
+      name: authentik-pg-cluster
-        namespace: authentik
+      namespace: authentik
-      spec:
+    spec:
-        instances: 2
+      instances: 2
-        postgresql:
+      postgresql:
-          parameters:
+        parameters:
-            max_connections: "20"
+          max_connections: "20"
-            shared_buffers: "25MB"
+          shared_buffers: "25MB"
-            effective_cache_size: "75MB"
+          effective_cache_size: "75MB"
-            maintenance_work_mem: "6400kB"
+          maintenance_work_mem: "6400kB"
-            checkpoint_completion_target: "0.9"
+          checkpoint_completion_target: "0.9"
-            wal_buffers: "768kB"
+          wal_buffers: "768kB"
-            default_statistics_target: "100"
+          default_statistics_target: "100"
-            random_page_cost: "1.1"
+          random_page_cost: "1.1"
-            effective_io_concurrency: "300"
+          effective_io_concurrency: "300"
-            work_mem: "640kB"
+          work_mem: "640kB"
-            huge_pages: "off"
+          huge_pages: "off"
-            max_wal_size: "128MB"
+          max_wal_size: "128MB"
-        bootstrap:
+      bootstrap:
-          initdb:
+        initdb:
-            database: authentik
+          database: authentik
-            owner: authentik
+          owner: authentik
-            secret:
+      storage:
-              name: authentik-pg-cluster-app
+        storageClass: ceph-block
-        storage:
+        size: 10Gi
-          storageClass: ceph-block
+      resources:
-          size: 10Gi
+        requests:
-        resources:
+          cpu: 100m
-          requests:
+          memory: 100Mi
-            cpu: 100m
+        limits:
-            memory: 100Mi
+          memory: 512Mi
-          limits:
+      plugins:
-            memory: 512Mi
+        - enabled: true
        plugins:
          - enabled: true
            name: barman-cloud.cloudnative-pg.io
            isWALArchiver: true
            parameters:
              barmanObjectName: authentik-backup-store
    - apiVersion: barmancloud.cnpg.io/v1
      kind: ObjectStore
      metadata:
        name: authentik-backup-store
        namespace: authentik
      spec:
        retentionPolicy: "30d"
        configuration:
          destinationPath: s3://postgresql-backups/authentik
          endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
          s3Credentials:
            accessKeyId:
              name: authentik-pg-backup-creds
              key: AWS_ACCESS_KEY_ID
            secretAccessKey:
              name: authentik-pg-backup-creds
              key: AWS_SECRET_ACCESS_KEY
          wal:
            compression: bzip2
          data:
            compression: bzip2
    - apiVersion: postgresql.cnpg.io/v1
      kind: ScheduledBackup
      metadata:
        name: authentik-pg-backup
        namespace: authentik
      spec:
        method: plugin
        immediate: true
        schedule: "0 30 3 * * *"  # 03:30 daily
        backupOwnerReference: self
        cluster:
          name: authentik-pg-cluster
        pluginConfiguration:
          name: barman-cloud.cloudnative-pg.io
          isWALArchiver: true
          parameters:
            barmanObjectName: authentik-backup-store
-    - apiVersion: objectbucket.io/v1alpha1
+  - apiVersion: barmancloud.cnpg.io/v1
-      kind: ObjectBucketClaim
+    kind: ObjectStore
-      metadata:
+    metadata:
-        name: authentik-pg-backups
+      name: authentik-backup-store
-        namespace: authentik
+      namespace: authentik
-      spec:
+    spec:
-        bucketName: postgresql-backups
+      retentionPolicy: "30d"
-        storageClassName: ceph-bucket
+      configuration:
-        additionalConfig:
+        destinationPath: s3://postgresql-backups/authentik
-          maxSize: "50Gi"
+        endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
        s3Credentials:
          accessKeyId:
            name: authentik-pg-backup-creds
            key: AWS_ACCESS_KEY_ID
          secretAccessKey:
            name: authentik-pg-backup-creds
            key: AWS_SECRET_ACCESS_KEY
        wal:
          compression: bzip2
        data:
          compression: bzip2
  - apiVersion: postgresql.cnpg.io/v1
    kind: ScheduledBackup
    metadata:
      name: authentik-pg-backup
      namespace: authentik
    spec:
      method: plugin
      immediate: true
      schedule: "0 30 3 * * *"  # 03:30 daily
      backupOwnerReference: self
      cluster:
        name: authentik-pg-cluster
      pluginConfiguration:
        name: barman-cloud.cloudnative-pg.io
  - apiVersion: objectbucket.io/v1alpha1
    kind: ObjectBucketClaim
    metadata:
      name: authentik-pg-backups
      namespace: authentik
    spec:
      bucketName: postgresql-backups
      storageClassName: ceph-bucket
      additionalConfig:
        maxSize: "50Gi"