124 lines
3.1 KiB
YAML
124 lines
3.1 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: authentik
|
|
namespace: argocd
|
|
spec:
|
|
destination:
|
|
namespace: authentik
|
|
server: {{ .Values.spec.destination.server }}
|
|
project: default
|
|
syncPolicy:
|
|
automated:
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
source:
|
|
chart: authentik
|
|
repoURL: https://charts.goauthentik.io
|
|
targetRevision: 2025.4.0
|
|
helm:
|
|
valuesObject:
|
|
global:
|
|
priorityClassName: homelab-critical
|
|
env:
|
|
- name: AUTHENTIK_DATABASE__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pg-authentik-cluster-app
|
|
key: host
|
|
- name: AUTHENTIK_POSTGRESQL__NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pg-authentik-cluster-app
|
|
key: dbname
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pg-authentik-cluster-app
|
|
key: password
|
|
- name: AUTHENTIK_POSTGRESQL__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pg-authentik-cluster-app
|
|
key: username
|
|
authentik:
|
|
secret_key: bGd7nChCpPQmypR64rgF
|
|
server:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
ingress:
|
|
ingressClassName: traefik
|
|
enabled: true
|
|
hosts:
|
|
- authentik.noxxos.nl
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web
|
|
postgresql:
|
|
enabled: false
|
|
redis:
|
|
enabled: true
|
|
prometheus:
|
|
rules:
|
|
enabled: true
|
|
---
|
|
|
|
apiVersion: objectbucket.io/v1alpha1
|
|
kind: ObjectBucketClaim
|
|
metadata:
|
|
name: postgres-authentik-backup
|
|
namespace: authentik
|
|
spec:
|
|
bucketName: postgres-authentik-backup
|
|
storageClassName: rgw-bulk
|
|
additionalConfig:
|
|
maxSize: "10G"
|
|
---
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: pg-authentik-cluster
|
|
namespace: authentik
|
|
spec:
|
|
instances: 2
|
|
priorityClassName: homelab-critical
|
|
resources:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: '1'
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "200"
|
|
shared_buffers: "32MB"
|
|
effective_cache_size: "96MB"
|
|
maintenance_work_mem: "8MB"
|
|
wal_buffers: "2MB"
|
|
random_page_cost: "1.1"
|
|
effective_io_concurrency: "300"
|
|
work_mem: "1MB"
|
|
monitoring:
|
|
enablePodMonitor: true
|
|
storage:
|
|
size: 1Gi
|
|
storageClass: local-path
|
|
backup:
|
|
barmanObjectStore:
|
|
endpointURL: http://rook-ceph-rgw-rgw-bulk.ceph.svc:80
|
|
destinationPath: s3://postgres-authentik-backup/
|
|
s3Credentials:
|
|
accessKeyId:
|
|
name: postgres-authentik-backup
|
|
key: AWS_ACCESS_KEY_ID
|
|
secretAccessKey:
|
|
name: postgres-authentik-backup
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
data:
|
|
compression: bzip2
|
|
wal:
|
|
compression: bzip2
|
|
retentionPolicy: "60d" |