Files
argocd-apps/apps/base/authentik/cnpg_pooler.yaml
T
unkinben d33c2b649f
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
Add Authentik identity provider deployment
- CNPG PostgreSQL cluster (3 instances) with rw and ro poolers (2 instances each)
- Redis with persistent storage
- Gateway API: identity.unkin.net (HTTPS) + LDAPS via TLSRoute on ldap.k8s.syd1.au.unkin.net and ldap.main.unkin.net
- HTTPRoute for external-dns record creation on LDAP hostnames
- Vault secrets: postgres-credentials, authentik-credentials, s3-credentials
- S3 storage via RadosGW
- Helm chart authentik 2026.5.3 with 3 server replicas, 2 worker replicas
- Woodpecker ServiceAccount for terraform-authentik CI
- Platform applicationset and project updated
2026-06-28 09:25:13 +10:00

67 lines
1.4 KiB
YAML

---
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: postgres-pooler-rw
namespace: authentik
spec:
cluster:
name: postgres
instances: 2
pgbouncer:
parameters:
default_pool_size: "100"
max_client_conn: "400"
paused: false
poolMode: session
template:
metadata:
labels:
app: pooler-rw
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pooler-rw
topologyKey: kubernetes.io/hostname
containers: []
type: rw
---
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: postgres-pooler-ro
namespace: authentik
spec:
cluster:
name: postgres
instances: 2
pgbouncer:
parameters:
default_pool_size: "100"
max_client_conn: "400"
paused: false
poolMode: session
template:
metadata:
labels:
app: pooler-ro
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pooler-ro
topologyKey: kubernetes.io/hostname
containers: []
type: ro