Authentik + Postgrescluster

This commit is contained in:
Gabriel Simmer 2023-10-30 12:26:40 +00:00
parent 61f316b8e4
commit 92380a3b4b
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
2 changed files with 97 additions and 0 deletions

48
homelab/authentik.yml Normal file
View file

@ -0,0 +1,48 @@
authentik:
# This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.io, and is fully opt-in
error_reporting:
enabled: false
envValueFrom:
AUTHENTIK_SECRET_KEY:
secretKeyRef:
name: authentik-secrets
key: secret-key
AUTHENTIK_POSTGRESQL__HOST:
secretKeyRef:
name: hippo-pguser-authentik
key: host
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
name: hippo-pguser-authentik
key: password
AUTHENTIK_POSTGRESQL__USER:
secretKeyRef:
name: hippo-pguser-authentik
key: user
AUTHENTIK_POSTGRESQL__PORT:
secretKeyRef:
name: hippo-pguser-authentik
key: port
prometheus:
serviceMonitor:
create: true
ingress:
# Specify kubernetes ingress controller class name
ingressClassName: nginx
enabled: true
hosts:
# Specify external host name
- host: authentik.gmem.ca
paths:
- path: "/"
pathType: Prefix
# Specify external host name
- host: prometheus.gmem.ca
paths:
- path: "/"
pathType: Prefix
redis:
enabled: true

View file

@ -0,0 +1,49 @@
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: hippo
spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
postgresVersion: 15
databaseInitSQL:
key: init.sql
name: init-sql
instances:
- name: instance1
replicas: 3
dataVolumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
backups:
pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
repos:
- name: repo1
volume:
volumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
monitoring:
pgmonitor:
exporter:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0
users:
- name: authentik
databases:
- authentik
---
apiVersion: v1
kind: ConfigMap
metadata:
name: init-sql
data:
init.sql: |
\c authentik
GRANT CREATE ON SCHEMA public TO "authentik";