jacklull
6ac391b7fc
Increase authentik memory requests and limits from 512Mi to 1Gi Issue: allanger/k8s-deployment#1
140 lines
3.0 KiB
YAML
140 lines
3.0 KiB
YAML
---
|
|
# ------------------------------------------
|
|
# -- Database extension is used to manage
|
|
# -- database with db-operator
|
|
# ------------------------------------------
|
|
ext-database:
|
|
enabled: true
|
|
name: authentik-postgres16
|
|
instance: postgres16
|
|
credentials:
|
|
host: "{{ .Hostname }}"
|
|
username: "{{ .Username }}"
|
|
password: "{{ .Password }}"
|
|
database: "{{ .Database }}"
|
|
authentik:
|
|
email:
|
|
host: email.badhouseplants.net
|
|
port: 587
|
|
username: bot@badhouseplants.net
|
|
use_tls: false
|
|
use_ssl: false
|
|
timeout: 30
|
|
from: bot@badhouseplants.net
|
|
postgresql:
|
|
host: file:///postgres-creds/host
|
|
user: file:///postgres-creds/username
|
|
password: file:///postgres-creds/password
|
|
name: file:///postgres-creds/database
|
|
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
|
|
# This sends anonymous usage-data, stack traces on errors and
|
|
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
|
|
error_reporting:
|
|
enabled: false
|
|
redis:
|
|
enabled: true
|
|
master:
|
|
persistence:
|
|
enabled: false
|
|
server:
|
|
ingress:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
|
enabled: true
|
|
hosts:
|
|
- authentik.badhouseplants.net
|
|
tls:
|
|
- secretName: authentik-tls-secret
|
|
hosts:
|
|
- authentik.badhouseplants.net
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: authentik-postgres16-creds
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 1Gi
|
|
limits:
|
|
memory: 1Gi
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
httpGet:
|
|
path: /-/health/live/
|
|
port: http
|
|
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
httpGet:
|
|
path: /-/health/ready/
|
|
port: http
|
|
|
|
startupProbe:
|
|
failureThreshold: 60
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
httpGet:
|
|
path: /-/health/live/
|
|
port: http
|
|
worker:
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 512Mi
|
|
limits:
|
|
memory: 512Mi
|
|
volumes:
|
|
- name: postgres-creds
|
|
secret:
|
|
secretName: authentik-postgres16-creds
|
|
volumeMounts:
|
|
- name: postgres-creds
|
|
mountPath: /postgres-creds
|
|
readOnly: true
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
exec:
|
|
command:
|
|
- ak
|
|
- healthcheck
|
|
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
exec:
|
|
command:
|
|
- ak
|
|
- healthcheck
|
|
|
|
startupProbe:
|
|
failureThreshold: 60
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 3
|
|
exec:
|
|
command:
|
|
- ak
|
|
- healthcheck
|