feat: refactor authentik

clusters/cl01tl/helm/authentik/Chart.yaml

@@ -6,10 +6,8 @@ keywords:
   - authentik
   - sso
   - oidc
-  - ldap
-  - idp
   - authentication
-home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d
+home: https://docs.alexlebens.dev/applications/authentik/
 sources:
   - https://github.com/goauthentik/authentik
   - https://github.com/cloudflare/cloudflared
@@ -17,6 +15,7 @@ sources:
   - https://github.com/goauthentik/helm
   - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
   - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
   - name: alexlebens
 dependencies:

clusters/cl01tl/helm/authentik/templates/external-secret.yaml

@@ -14,8 +14,5 @@ spec:
   data:
     - secretKey: key
       remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
         key: /cl01tl/authentik/key
-        metadataPolicy: None
         property: key

clusters/cl01tl/helm/authentik/values.yaml

@@ -30,8 +30,23 @@ authentik:
     redis:
       host: authentik-valkey
   server:
-    name: server
+    replicas: 2
-    replicas: 1
+    resources:
+      requests:
+        cpu: 100m
+        memory: 700Mi
+    livenessProbe:
+      failureThreshold: 3
+      initialDelaySeconds: 15
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 5
+    readinessProbe:
+      failureThreshold: 3
+      initialDelaySeconds: 15
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 5
     metrics:
       enabled: true
       serviceMonitor:
@@ -39,8 +54,6 @@ authentik:
     route:
       main:
         enabled: true
-        apiVersion: gateway.networking.k8s.io/v1
-        kind: HTTPRoute
         hostnames:
           - authentik.alexlebens.net
         parentRefs:
@@ -48,21 +61,20 @@ authentik:
             kind: Gateway
             name: traefik-gateway
             namespace: traefik
-        httpsRedirect: false
-        matches:
-          - path:
-              type: PathPrefix
-              value: /
   worker:
     name: worker
-    replicas: 1
+    replicas: 2
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
   prometheus:
     rules:
       enabled: true
-  postgresql:
-    enabled: false
-  redis:
-    enabled: false
 postgres-18-cluster:
   mode: recovery
   recovery:
@@ -76,32 +88,9 @@ postgres-18-cluster:
         destinationBucket: postgres-backups
         externalSecretCredentialPath: /garage/home-infra/postgres-backups
         isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
         suspend: false
         immediate: true
         schedule: "0 5 14 * * *"
         backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external