From a0fe957d0f269922339f3d2da40ef27a9f6b6c7c Mon Sep 17 00:00:00 2001 From: chemavx Date: Thu, 26 Mar 2026 17:05:49 +0000 Subject: [PATCH] Add authentik/statefulsets.yaml --- authentik/statefulsets.yaml | 225 ++++++++++++++++++++++++++++++++++++ 1 file changed, 225 insertions(+) create mode 100644 authentik/statefulsets.yaml diff --git a/authentik/statefulsets.yaml b/authentik/statefulsets.yaml new file mode 100644 index 0000000..698b227 --- /dev/null +++ b/authentik/statefulsets.yaml @@ -0,0 +1,225 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + meta.helm.sh/release-name: authentik + meta.helm.sh/release-namespace: authentik + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.6.0 + helm.sh/chart: postgresql-16.7.27 + name: authentik-postgresql + namespace: authentik +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: postgresql + serviceName: authentik-postgresql-hl + template: + metadata: + annotations: + checksum/configuration: c7768a9df482d4c1de21ac88a598f24ff260dad3ff5925385ab5225b3ef8be39 + checksum/extended-configuration: f231c584ead90a4176b09eb6d6073240ab2939b8bd09b20013265962083b3208 + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.6.0 + helm.sh/chart: postgresql-16.7.27 + name: authentik-postgresql + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: postgresql + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: false + containers: + - args: + - -c + - config_file=/bitnami/postgresql/conf/postgresql.conf + - -c + - hba_file=/bitnami/postgresql/conf/pg_hba.conf + env: + - name: BITNAMI_DEBUG + value: 'false' + - name: POSTGRESQL_PORT_NUMBER + value: '5432' + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: authentik + - name: POSTGRES_PASSWORD_FILE + value: /opt/bitnami/postgresql/secrets/password + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: /opt/bitnami/postgresql/secrets/postgres-password + - name: POSTGRES_DATABASE + value: authentik + - name: POSTGRESQL_ENABLE_LDAP + value: 'no' + - name: POSTGRESQL_ENABLE_TLS + value: 'no' + - name: POSTGRESQL_LOG_HOSTNAME + value: 'false' + - name: POSTGRESQL_LOG_CONNECTIONS + value: 'false' + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: 'false' + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: 'off' + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + - name: POSTGRES_DB + value: authentik + image: docker.io/library/postgres:17.9-bookworm + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "authentik" -d "dbname=authentik" -h 127.0.0.1 -p + 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - 'exec pg_isready -U "authentik" -d "dbname=authentik" -h 127.0.0.1 -p + 5432 + + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized + ] + + ' + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: '1' + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + - mountPath: /opt/bitnami/postgresql/conf + name: empty-dir + subPath: app-conf-dir + - mountPath: /opt/bitnami/postgresql/tmp + name: empty-dir + subPath: app-tmp-dir + - mountPath: /bitnami/postgresql/conf/conf.d/ + name: postgresql-extended-config + - mountPath: /opt/bitnami/postgresql/secrets/ + name: postgresql-password + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data + - mountPath: /bitnami/postgresql/conf + name: postgresql-config + - mountPath: /var/run/postgresql + name: postgresql-socket + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + serviceAccount: authentik-postgresql + serviceAccountName: authentik-postgresql + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: empty-dir + - configMap: + defaultMode: 420 + name: authentik-postgresql-configuration + name: postgresql-config + - configMap: + defaultMode: 420 + name: authentik-postgresql-extended-configuration + name: postgresql-extended-config + - name: postgresql-password + secret: + defaultMode: 420 + secretName: authentik-postgresql + - emptyDir: {} + name: postgresql-socket + - emptyDir: + medium: Memory + name: dshm + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path + volumeMode: Filesystem + status: + phase: Pending +