145 lines
3.6 KiB
YAML
145 lines
3.6 KiB
YAML
authentik:
|
|
|
|
authentik:
|
|
secret_key: "wgAt4swhmThtdOGZAqWHoXb1fLpcBeZvLy5X4RY6z6oAbvZCNLEzeH+ovbvG3mg2vy+zMLv0fpJxIhMy"
|
|
postgresql:
|
|
host: file:///postgres-creds/host
|
|
name: file:///postgres-creds/dbname
|
|
username: file:///postgres-creds/username
|
|
password: file:///postgres-creds/password
|
|
port: file:///postgres-creds/port
|
|
|
|
server:
|
|
route:
|
|
main:
|
|
enabled: true
|
|
hostnames:
|
|
- "auth.noxxos.nl"
|
|
- "authentik.noxxos.nl"
|
|
- "sso.noxxos.nl"
|
|
parentRefs:
|
|
- name: traefik-gateway
|
|
namespace: traefik
|
|
sectionName: websecure
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 512Mi
|
|
limits:
|
|
memory: 1Gi
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: authentik-pg-cluster-app
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
|
|
worker:
|
|
replicas: 2
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 512Mi
|
|
limits:
|
|
memory: 1Gi
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: authentik-pg-cluster-app
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
|
|
additionalObjects:
|
|
- apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: authentik-pg-cluster
|
|
namespace: authentik
|
|
spec:
|
|
instances: 2
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "200"
|
|
shared_buffers: "25MB"
|
|
effective_cache_size: "75MB"
|
|
maintenance_work_mem: "6400kB"
|
|
checkpoint_completion_target: "0.9"
|
|
wal_buffers: "768kB"
|
|
default_statistics_target: "100"
|
|
random_page_cost: "1.1"
|
|
effective_io_concurrency: "300"
|
|
work_mem: "640kB"
|
|
huge_pages: "off"
|
|
max_wal_size: "128MB"
|
|
bootstrap:
|
|
initdb:
|
|
database: authentik
|
|
owner: authentik
|
|
storage:
|
|
storageClass: local-path
|
|
size: 10Gi
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
limits:
|
|
memory: 512Mi
|
|
plugins:
|
|
- enabled: true
|
|
name: barman-cloud.cloudnative-pg.io
|
|
isWALArchiver: true
|
|
parameters:
|
|
barmanObjectName: authentik-backup-store
|
|
|
|
- apiVersion: barmancloud.cnpg.io/v1
|
|
kind: ObjectStore
|
|
metadata:
|
|
name: authentik-backup-store
|
|
namespace: authentik
|
|
spec:
|
|
retentionPolicy: "30d"
|
|
configuration:
|
|
destinationPath: s3://postgresql-backups/authentik
|
|
endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
|
|
s3Credentials:
|
|
accessKeyId:
|
|
name: authentik-pg-backup-creds
|
|
key: AWS_ACCESS_KEY_ID
|
|
secretAccessKey:
|
|
name: authentik-pg-backup-creds
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
wal:
|
|
compression: bzip2
|
|
data:
|
|
compression: bzip2
|
|
|
|
- apiVersion: postgresql.cnpg.io/v1
|
|
kind: ScheduledBackup
|
|
metadata:
|
|
name: authentik-pg-backup
|
|
namespace: authentik
|
|
spec:
|
|
method: plugin
|
|
immediate: true
|
|
schedule: "0 30 3 * * *" # 03:30 daily
|
|
backupOwnerReference: self
|
|
cluster:
|
|
name: authentik-pg-cluster
|
|
pluginConfiguration:
|
|
name: barman-cloud.cloudnative-pg.io
|
|
|
|
- apiVersion: objectbucket.io/v1alpha1
|
|
kind: ObjectBucketClaim
|
|
metadata:
|
|
name: authentik-pg-backups
|
|
namespace: authentik
|
|
spec:
|
|
bucketName: postgresql-backups
|
|
storageClassName: ceph-bucket
|
|
additionalConfig:
|
|
maxSize: "50Gi"
|