infrastructure/clusters/cl01tl/manifests/authentik/Deployment-authentik-server.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: authentik-server
  namespace: "authentik"
  labels:
    helm.sh/chart: "authentik-2025.10.3"
    app.kubernetes.io/name: "authentik"
    app.kubernetes.io/instance: "authentik"
    app.kubernetes.io/component: "server"
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/part-of: "authentik"
    app.kubernetes.io/version: "2025.10.3"
spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: "authentik"
      app.kubernetes.io/instance: "authentik"
      app.kubernetes.io/component: "server"
  template:
    metadata:
      labels:
        helm.sh/chart: "authentik-2025.10.3"
        app.kubernetes.io/name: "authentik"
        app.kubernetes.io/instance: "authentik"
        app.kubernetes.io/component: "server"
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/part-of: "authentik"
        app.kubernetes.io/version: "2025.10.3"
      annotations:
        checksum/secret: 81023a537ff1b052b9aa8885a264a3bc8d874319f2925e0905ff49b51381495c
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - name: server
          image: ghcr.io/goauthentik/server:2025.10.3
          imagePullPolicy: IfNotPresent
          args:
            - server
          env:
            - name: AUTHENTIK_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  key: key
                  name: authentik-key-secret
            - name: AUTHENTIK_POSTGRESQL__HOST
              valueFrom:
                secretKeyRef:
                  key: host
                  name: authentik-postgresql-18-cluster-app
            - name: AUTHENTIK_POSTGRESQL__NAME
              valueFrom:
                secretKeyRef:
                  key: dbname
                  name: authentik-postgresql-18-cluster-app
            - name: AUTHENTIK_POSTGRESQL__USER
              valueFrom:
                secretKeyRef:
                  key: user
                  name: authentik-postgresql-18-cluster-app
            - name: AUTHENTIK_POSTGRESQL__PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: authentik-postgresql-18-cluster-app
            - name: AUTHENTIK_LISTEN__HTTP
              value: "0.0.0.0:9000"
            - name: AUTHENTIK_LISTEN__HTTPS
              value: "0.0.0.0:9443"
            - name: AUTHENTIK_LISTEN__METRICS
              value: "0.0.0.0:9300"
          envFrom:
            - secretRef:
                name: authentik
          ports:
            - name: http
              containerPort: 9000
              protocol: TCP
            - name: https
              containerPort: 9443
              protocol: TCP
            - name: metrics
              containerPort: 9300
              protocol: TCP
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: '/-/health/live/'
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 3
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: '/-/health/ready/'
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 3
          startupProbe:
            failureThreshold: 60
            httpGet:
              path: '/-/health/live/'
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 3
          resources: {}
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: "authentik"
                    app.kubernetes.io/instance: "authentik"
                    app.kubernetes.io/component: "server"
                topologyKey: kubernetes.io/hostname
      enableServiceLinks: true