Authentik + Postgrescluster

2023-10-30 12:26:40 +00:00 · 2023-10-30 12:26:40 +00:00 · 92380a3b4b
parent 61f316b8e4
commit 92380a3b4b
2 changed files with 97 additions and 0 deletions
--- a/homelab/authentik.yml
+++ b/homelab/authentik.yml
@ -0,0 +1,48 @@
+authentik:
+    # This sends anonymous usage-data, stack traces on errors and
+    # performance data to sentry.io, and is fully opt-in
+    error_reporting:
+        enabled: false
+envValueFrom:
+  AUTHENTIK_SECRET_KEY:
+    secretKeyRef:
+      name: authentik-secrets
+      key: secret-key
+  AUTHENTIK_POSTGRESQL__HOST:
+    secretKeyRef:
+      name: hippo-pguser-authentik
+      key: host
+  AUTHENTIK_POSTGRESQL__PASSWORD:
+    secretKeyRef:
+      name: hippo-pguser-authentik
+      key: password
+  AUTHENTIK_POSTGRESQL__USER:
+    secretKeyRef:
+      name: hippo-pguser-authentik
+      key: user
+  AUTHENTIK_POSTGRESQL__PORT:
+    secretKeyRef:
+      name: hippo-pguser-authentik
+      key: port
+
+prometheus:
+  serviceMonitor:
+    create: true
+
+ingress:
+    # Specify kubernetes ingress controller class name
+    ingressClassName: nginx
+    enabled: true
+    hosts:
+        # Specify external host name
+        - host: authentik.gmem.ca
+          paths:
+              - path: "/"
+                pathType: Prefix
+        # Specify external host name
+        - host: prometheus.gmem.ca
+          paths:
+              - path: "/"
+                pathType: Prefix
+redis:
+    enabled: true
--- a/homelab/postgres-cluster.yml
+++ b/homelab/postgres-cluster.yml
@ -0,0 +1,49 @@
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: hippo
+spec:
+  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
+  postgresVersion: 15
+  databaseInitSQL:
+    key: init.sql
+    name: init-sql
+  instances:
+    - name: instance1
+      replicas: 3
+      dataVolumeClaimSpec:
+        accessModes:
+        - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 1Gi
+  backups:
+    pgbackrest:
+      image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
+      repos:
+      - name: repo1
+        volume:
+          volumeClaimSpec:
+            accessModes:
+            - "ReadWriteOnce"
+            resources:
+              requests:
+                storage: 1Gi
+  monitoring:
+    pgmonitor:
+      exporter:
+        image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0
+
+  users:
+    - name: authentik
+      databases:
+        - authentik
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: init-sql
+data:
+  init.sql: |
+    \c authentik
+    GRANT CREATE ON SCHEMA public TO "authentik";