121 lines
2.8 KiB
YAML
121 lines
2.8 KiB
YAML
---
|
|
# REDIS
|
|
# HINWEIS:
|
|
# - Redis nutzt ein Longhorn-Volume (PVC) für Persistenz.
|
|
# - Repliken = 1 bedeutet: Kein echtes Redis-HA, aber Daten überleben Node-/Pod-Neustarts.
|
|
# - Für echtes Redis-HA (Multi-Node) brauchst du später Redis Sentinel / Redis Operator
|
|
# oder ein externes/managed Redis.
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: authentik-redis
|
|
namespace: authentik
|
|
spec:
|
|
serviceName: authentik-redis
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: authentik-redis
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: authentik-redis
|
|
spec:
|
|
containers:
|
|
- name: redis
|
|
image: redis:7-alpine
|
|
command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"]
|
|
ports:
|
|
- containerPort: 6379
|
|
env:
|
|
- name: REDIS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: AUTHENTIK_REDIS__PASSWORD
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 128Mi
|
|
volumeMounts:
|
|
- name: redis-data
|
|
mountPath: /data
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: redis-data
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
storageClassName: longhorn
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: authentik-redis
|
|
namespace: authentik
|
|
spec:
|
|
ports:
|
|
- port: 6379
|
|
targetPort: 6379
|
|
selector:
|
|
app: authentik-redis
|
|
---
|
|
# POSTGRES
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: authentik-postgresql
|
|
namespace: authentik
|
|
spec:
|
|
serviceName: authentik-postgresql
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: authentik-postgresql
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: authentik-postgresql
|
|
spec:
|
|
containers:
|
|
- name: postgres
|
|
image: postgres:15-alpine
|
|
ports:
|
|
- containerPort: 5432
|
|
env:
|
|
- name: POSTGRES_DB
|
|
value: authentik
|
|
- name: POSTGRES_USER
|
|
value: authentik
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: authentik-secrets
|
|
key: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
volumeMounts:
|
|
- name: postgres-data
|
|
mountPath: /var/lib/postgresql/data
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: postgres-data
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
storageClassName: longhorn
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: authentik-postgresql
|
|
namespace: authentik
|
|
spec:
|
|
ports:
|
|
- port: 5432
|
|
targetPort: 5432
|
|
selector:
|
|
app: authentik-postgresql
|