apiVersion: apps/v1 kind: StatefulSet metadata: annotations: meta.helm.sh/release-name: authentik meta.helm.sh/release-namespace: authentik labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: authentik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.6.0 helm.sh/chart: postgresql-16.7.27 name: authentik-postgresql namespace: authentik spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain podManagementPolicy: OrderedReady replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: authentik app.kubernetes.io/name: postgresql serviceName: authentik-postgresql-hl template: metadata: annotations: checksum/configuration: c7768a9df482d4c1de21ac88a598f24ff260dad3ff5925385ab5225b3ef8be39 checksum/extended-configuration: f231c584ead90a4176b09eb6d6073240ab2939b8bd09b20013265962083b3208 labels: app.kubernetes.io/component: primary app.kubernetes.io/instance: authentik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.6.0 helm.sh/chart: postgresql-16.7.27 name: authentik-postgresql spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: authentik app.kubernetes.io/name: postgresql topologyKey: kubernetes.io/hostname weight: 1 automountServiceAccountToken: false containers: - args: - -c - config_file=/bitnami/postgresql/conf/postgresql.conf - -c - hba_file=/bitnami/postgresql/conf/pg_hba.conf env: - name: BITNAMI_DEBUG value: 'false' - name: POSTGRESQL_PORT_NUMBER value: '5432' - name: POSTGRESQL_VOLUME_DIR value: /bitnami/postgresql - name: PGDATA value: /bitnami/postgresql/data - name: POSTGRES_USER value: authentik - name: POSTGRES_PASSWORD_FILE value: /opt/bitnami/postgresql/secrets/password - name: POSTGRES_POSTGRES_PASSWORD_FILE value: /opt/bitnami/postgresql/secrets/postgres-password - name: POSTGRES_DATABASE value: authentik - name: POSTGRESQL_ENABLE_LDAP value: 'no' - name: POSTGRESQL_ENABLE_TLS value: 'no' - name: POSTGRESQL_LOG_HOSTNAME value: 'false' - name: POSTGRESQL_LOG_CONNECTIONS value: 'false' - name: POSTGRESQL_LOG_DISCONNECTIONS value: 'false' - name: POSTGRESQL_PGAUDIT_LOG_CATALOG value: 'off' - name: POSTGRESQL_CLIENT_MIN_MESSAGES value: error - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES value: pgaudit - name: POSTGRES_DB value: authentik image: docker.io/library/postgres:17.9-bookworm imagePullPolicy: IfNotPresent livenessProbe: exec: command: - /bin/sh - -c - exec pg_isready -U "authentik" -d "dbname=authentik" -h 127.0.0.1 -p 5432 failureThreshold: 6 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: postgresql ports: - containerPort: 5432 name: tcp-postgresql protocol: TCP readinessProbe: exec: command: - /bin/sh - -c - -e - 'exec pg_isready -U "authentik" -d "dbname=authentik" -h 127.0.0.1 -p 5432 [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] ' failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: '1' memory: 512Mi requests: cpu: 100m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: empty-dir subPath: tmp-dir - mountPath: /opt/bitnami/postgresql/conf name: empty-dir subPath: app-conf-dir - mountPath: /opt/bitnami/postgresql/tmp name: empty-dir subPath: app-tmp-dir - mountPath: /bitnami/postgresql/conf/conf.d/ name: postgresql-extended-config - mountPath: /opt/bitnami/postgresql/secrets/ name: postgresql-password - mountPath: /dev/shm name: dshm - mountPath: /bitnami/postgresql name: data - mountPath: /bitnami/postgresql/conf name: postgresql-config - mountPath: /var/run/postgresql name: postgresql-socket dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1001 fsGroupChangePolicy: Always serviceAccount: authentik-postgresql serviceAccountName: authentik-postgresql terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: empty-dir - configMap: defaultMode: 420 name: authentik-postgresql-configuration name: postgresql-config - configMap: defaultMode: 420 name: authentik-postgresql-extended-configuration name: postgresql-extended-config - name: postgresql-password secret: defaultMode: 420 secretName: authentik-postgresql - emptyDir: {} name: postgresql-socket - emptyDir: medium: Memory name: dshm updateStrategy: rollingUpdate: partition: 0 type: RollingUpdate volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: local-path volumeMode: Filesystem status: phase: Pending