Authentik + Postgrescluster
This commit is contained in:
parent
61f316b8e4
commit
92380a3b4b
48
homelab/authentik.yml
Normal file
48
homelab/authentik.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
authentik:
|
||||
# This sends anonymous usage-data, stack traces on errors and
|
||||
# performance data to sentry.io, and is fully opt-in
|
||||
error_reporting:
|
||||
enabled: false
|
||||
envValueFrom:
|
||||
AUTHENTIK_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: authentik-secrets
|
||||
key: secret-key
|
||||
AUTHENTIK_POSTGRESQL__HOST:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: host
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: password
|
||||
AUTHENTIK_POSTGRESQL__USER:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: user
|
||||
AUTHENTIK_POSTGRESQL__PORT:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: port
|
||||
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
create: true
|
||||
|
||||
ingress:
|
||||
# Specify kubernetes ingress controller class name
|
||||
ingressClassName: nginx
|
||||
enabled: true
|
||||
hosts:
|
||||
# Specify external host name
|
||||
- host: authentik.gmem.ca
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: Prefix
|
||||
# Specify external host name
|
||||
- host: prometheus.gmem.ca
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: Prefix
|
||||
redis:
|
||||
enabled: true
|
49
homelab/postgres-cluster.yml
Normal file
49
homelab/postgres-cluster.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
apiVersion: postgres-operator.crunchydata.com/v1beta1
|
||||
kind: PostgresCluster
|
||||
metadata:
|
||||
name: hippo
|
||||
spec:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
|
||||
postgresVersion: 15
|
||||
databaseInitSQL:
|
||||
key: init.sql
|
||||
name: init-sql
|
||||
instances:
|
||||
- name: instance1
|
||||
replicas: 3
|
||||
dataVolumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
backups:
|
||||
pgbackrest:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
|
||||
repos:
|
||||
- name: repo1
|
||||
volume:
|
||||
volumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
monitoring:
|
||||
pgmonitor:
|
||||
exporter:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0
|
||||
|
||||
users:
|
||||
- name: authentik
|
||||
databases:
|
||||
- authentik
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: init-sql
|
||||
data:
|
||||
init.sql: |
|
||||
\c authentik
|
||||
GRANT CREATE ON SCHEMA public TO "authentik";
|
Loading…
Reference in a new issue