144 lines
3.5 KiB
YAML
144 lines
3.5 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: authentik
|
|
namespace: argocd
|
|
spec:
|
|
destination:
|
|
namespace: authentik
|
|
server: {{ .Values.spec.destination.server }}
|
|
project: default
|
|
syncPolicy:
|
|
automated:
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
source:
|
|
chart: authentik
|
|
repoURL: https://charts.goauthentik.io
|
|
targetRevision: 2025.8.4
|
|
helm:
|
|
valuesObject:
|
|
global:
|
|
priorityClassName: homelab-critical
|
|
authentik:
|
|
secret_key: bGd7nChCpPQmypR64rgF
|
|
postgresql:
|
|
host: file:///postgres-creds/host
|
|
name: file:///postgres-creds/dbname
|
|
user: file:///postgres-creds/username
|
|
password: file:///postgres-creds/password
|
|
server:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
hosts:
|
|
- authentik.noxxos.nl
|
|
- auth.noxxos.nl
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: pg-authentik-cluster-app
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
worker:
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: pg-authentik-cluster-app
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
postgresql:
|
|
enabled: false
|
|
redis:
|
|
enabled: true
|
|
master:
|
|
persistence:
|
|
enabled: false
|
|
prometheus:
|
|
rules:
|
|
enabled: true
|
|
---
|
|
apiVersion: objectbucket.io/v1alpha1
|
|
kind: ObjectBucketClaim
|
|
metadata:
|
|
name: postgres-authentik-backup
|
|
namespace: authentik
|
|
spec:
|
|
bucketName: postgres-authentik-backup
|
|
storageClassName: rgw-bulk
|
|
additionalConfig:
|
|
maxSize: "10G"
|
|
---
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: pg-authentik-cluster
|
|
namespace: authentik
|
|
spec:
|
|
instances: 2
|
|
priorityClassName: homelab-critical
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: '1'
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "200"
|
|
shared_buffers: "32MB"
|
|
effective_cache_size: "96MB"
|
|
maintenance_work_mem: "8MB"
|
|
wal_buffers: "2MB"
|
|
random_page_cost: "1.1"
|
|
effective_io_concurrency: "300"
|
|
work_mem: "1MB"
|
|
monitoring:
|
|
enablePodMonitor: true
|
|
storage:
|
|
size: 1Gi
|
|
storageClass: local-path
|
|
backup:
|
|
barmanObjectStore:
|
|
endpointURL: http://rook-ceph-rgw-rgw-bulk.ceph.svc:80
|
|
destinationPath: s3://postgres-authentik-backup/
|
|
s3Credentials:
|
|
accessKeyId:
|
|
name: postgres-authentik-backup
|
|
key: AWS_ACCESS_KEY_ID
|
|
secretAccessKey:
|
|
name: postgres-authentik-backup
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
data:
|
|
compression: bzip2
|
|
wal:
|
|
compression: bzip2
|
|
retentionPolicy: "60d"
|
|
---
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: ScheduledBackup
|
|
metadata:
|
|
name: backup-pg-authentik
|
|
namespace: authentik
|
|
spec:
|
|
schedule: "0 0 0 * * *"
|
|
method: barmanObjectStore
|
|
immediate: true
|
|
backupOwnerReference: self
|
|
cluster:
|
|
name: pg-authentik-cluster
|
|
|
|
|
|
|
|
|