authentik: global: env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-key-secret key: key - name: AUTHENTIK_POSTGRESQL__HOST valueFrom: secretKeyRef: name: authentik-postgresql-18-cluster-app key: host - name: AUTHENTIK_POSTGRESQL__NAME valueFrom: secretKeyRef: name: authentik-postgresql-18-cluster-app key: dbname - name: AUTHENTIK_POSTGRESQL__USER valueFrom: secretKeyRef: name: authentik-postgresql-18-cluster-app key: user - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: authentik-postgresql-18-cluster-app key: password authentik: redis: host: authentik-valkey server: replicas: 2 resources: requests: cpu: 100m memory: 700Mi livenessProbe: failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 metrics: enabled: true serviceMonitor: enabled: true route: main: enabled: true hostnames: - authentik.alexlebens.net parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik worker: name: worker replicas: 2 resources: requests: cpu: 100m memory: 512Mi metrics: enabled: true serviceMonitor: enabled: true prometheus: rules: enabled: true postgres-18-cluster: mode: recovery recovery: method: objectStore objectStore: index: 2 backup: objectStore: - name: garage-local index: 2 destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 5 14 * * *" backupName: garage-local