---
# ------------------------------------------
# -- Database extension is used to manage
# --  database with db-operator
# ------------------------------------------
ext-database:
  enabled: true
  name: authentik-postgres16
  instance: postgres16
  credentials:
    host: "{{ .Hostname }}"
    username: "{{ .Username }}"
    password: "{{ .Password }}"
    database: "{{ .Database }}"
authentik:
  email:
    host: stalwart.badhouseplants.net
    port: 587
    username: bot@badhouseplants.net
    use_tls: true
    use_ssl: false
    timeout: 30
    from: bot@badhouseplants.net
  postgresql:
    host: file:///postgres-creds/host
    user: file:///postgres-creds/username
    password: file:///postgres-creds/password
    name: file:///postgres-creds/database
  # This sends anonymous usage-data, stack traces on errors and
  # performance data to authentik.error-reporting.a7k.io, and is fully opt-in
  error_reporting:
    enabled: false
redis:
  enabled: true
  master:
    persistence:
      enabled: false
server:
  ingress:
    annotations:
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
    enabled: true
    hosts:
      - authentik.badhouseplants.net
    tls:
    - secretName: authentik-tls-secret
      hosts:
        - authentik.badhouseplants.net
  volumes:
    - name: postgres-creds
      secret:
        secretName: authentik-postgres16-creds
  volumeMounts:
    - name: postgres-creds
      mountPath: /postgres-creds
      readOnly: true
  resources:
    requests:
      cpu: 100m
      memory: 1Gi
    limits:
      memory: 1Gi
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
    httpGet:
      path: /-/health/live/
      port: http

  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
    httpGet:
      path: /-/health/ready/
      port: http

  startupProbe:
    failureThreshold: 60
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
    httpGet:
      path: /-/health/live/
      port: http
worker:
  resources:
    requests:
      cpu: 100m
      memory: 512Mi
    limits:
      memory: 512Mi
  volumes:
    - name: postgres-creds
      secret:
        secretName: authentik-postgres16-creds
  volumeMounts:
    - name: postgres-creds
      mountPath: /postgres-creds
      readOnly: true
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
    exec:
      command:
        - ak
        - healthcheck

  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
    exec:
      command:
        - ak
        - healthcheck

  startupProbe:
    failureThreshold: 60
    initialDelaySeconds: 30
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 3
    exec:
      command:
        - ak
        - healthcheck