diff --git a/authentik/deployments.yaml b/authentik/deployments.yaml new file mode 100644 index 0000000..380d4dd --- /dev/null +++ b/authentik/deployments.yaml @@ -0,0 +1,252 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: '4' + meta.helm.sh/release-name: authentik + meta.helm.sh/release-namespace: authentik + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik + app.kubernetes.io/part-of: authentik + app.kubernetes.io/version: 2026.2.1 + helm.sh/chart: authentik-2026.2.1 + name: authentik-server + namespace: authentik +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: authentik + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/secret: 33bbfa6b27c433d2d2ee2d03db5b13ab0eb5a19c87496fc82077dfacba684a24 + kubectl.kubernetes.io/restartedAt: '2026-03-25T21:08:04Z' + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik + app.kubernetes.io/part-of: authentik + app.kubernetes.io/version: 2026.2.1 + helm.sh/chart: authentik-2026.2.1 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: authentik + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - server + env: + - name: AUTHENTIK_LISTEN__HTTP + value: 0.0.0.0:9000 + - name: AUTHENTIK_LISTEN__HTTPS + value: 0.0.0.0:9443 + - name: AUTHENTIK_LISTEN__METRICS + value: 0.0.0.0:9300 + envFrom: + - secretRef: + name: authentik + image: ghcr.io/goauthentik/server:2026.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /-/health/live/ + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + name: server + ports: + - containerPort: 9000 + name: http + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP + - containerPort: 9300 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /-/health/ready/ + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: + cpu: 800m + memory: 1Gi + requests: + cpu: 300m + memory: 512Mi + startupProbe: + failureThreshold: 60 + httpGet: + path: /-/health/live/ + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + enableServiceLinks: true + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: '3' + meta.helm.sh/release-name: authentik + meta.helm.sh/release-namespace: authentik + labels: + app.kubernetes.io/component: worker + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik + app.kubernetes.io/part-of: authentik + app.kubernetes.io/version: 2026.2.1 + helm.sh/chart: authentik-2026.2.1 + name: authentik-worker + namespace: authentik +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/component: worker + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: authentik + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/secret: 33bbfa6b27c433d2d2ee2d03db5b13ab0eb5a19c87496fc82077dfacba684a24 + labels: + app.kubernetes.io/component: worker + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: authentik + app.kubernetes.io/part-of: authentik + app.kubernetes.io/version: 2026.2.1 + helm.sh/chart: authentik-2026.2.1 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: worker + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: authentik + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - worker + env: + - name: AUTHENTIK_LISTEN__HTTP + value: 0.0.0.0:9000 + - name: AUTHENTIK_LISTEN__METRICS + value: 0.0.0.0:9300 + envFrom: + - secretRef: + name: authentik + image: ghcr.io/goauthentik/server:2026.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - ak + - healthcheck + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + name: worker + ports: + - containerPort: 9000 + name: http + protocol: TCP + - containerPort: 9300 + name: metrics + protocol: TCP + readinessProbe: + exec: + command: + - ak + - healthcheck + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + startupProbe: + exec: + command: + - ak + - healthcheck + failureThreshold: 60 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + enableServiceLinks: true + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: authentik + serviceAccountName: authentik + terminationGracePeriodSeconds: 30 +