From 7dbb6952df781a618faa6d3441d613a07ee0469f Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:27:52 -0500 Subject: [PATCH] feat: refactor authentik --- clusters/cl01tl/helm/authentik/Chart.yaml | 5 +- .../authentik/templates/external-secret.yaml | 3 - clusters/cl01tl/helm/authentik/values.yaml | 63 ++++++++----------- 3 files changed, 28 insertions(+), 43 deletions(-) diff --git a/clusters/cl01tl/helm/authentik/Chart.yaml b/clusters/cl01tl/helm/authentik/Chart.yaml index 835427327..313143d47 100644 --- a/clusters/cl01tl/helm/authentik/Chart.yaml +++ b/clusters/cl01tl/helm/authentik/Chart.yaml @@ -6,10 +6,8 @@ keywords: - authentik - sso - oidc - - ldap - - idp - authentication -home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d +home: https://docs.alexlebens.dev/applications/authentik/ sources: - https://github.com/goauthentik/authentik - https://github.com/cloudflare/cloudflared @@ -17,6 +15,7 @@ sources: - https://github.com/goauthentik/helm - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml index 244e4eb04..dfbf0456a 100644 --- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/authentik/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/helm/authentik/values.yaml b/clusters/cl01tl/helm/authentik/values.yaml index f3eb618f9..a093e7e91 100644 --- a/clusters/cl01tl/helm/authentik/values.yaml +++ b/clusters/cl01tl/helm/authentik/values.yaml @@ -30,8 +30,23 @@ authentik: redis: host: authentik-valkey server: - name: server - replicas: 1 + replicas: 2 + resources: + requests: + cpu: 100m + memory: 700Mi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 metrics: enabled: true serviceMonitor: @@ -39,8 +54,6 @@ authentik: route: main: enabled: true - apiVersion: gateway.networking.k8s.io/v1 - kind: HTTPRoute hostnames: - authentik.alexlebens.net parentRefs: @@ -48,21 +61,20 @@ authentik: kind: Gateway name: traefik-gateway namespace: traefik - httpsRedirect: false - matches: - - path: - type: PathPrefix - value: / worker: name: worker - replicas: 1 + replicas: 2 + resources: + requests: + cpu: 100m + memory: 512Mi + metrics: + enabled: true + serviceMonitor: + enabled: true prometheus: rules: enabled: true - postgresql: - enabled: false - redis: - enabled: false postgres-18-cluster: mode: recovery recovery: @@ -76,32 +88,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 5 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external