From 4e297d609bb58fda4632edef0f82c3be8d5b82e9 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sun, 11 Jan 2026 12:42:30 +0000
Subject: [PATCH] scale pgbouncer to 3 for resilience and run them on separate
 nodes [ci skip]

---
 modules/kubernetes/authentik/pgbouncer.tf | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/modules/kubernetes/authentik/pgbouncer.tf b/modules/kubernetes/authentik/pgbouncer.tf
index d6d24a8b..ac027e76 100644
--- a/modules/kubernetes/authentik/pgbouncer.tf
+++ b/modules/kubernetes/authentik/pgbouncer.tf
@@ -35,7 +35,7 @@ resource "kubernetes_deployment" "pgbouncer" {
   }
 
   spec {
-    replicas = 1
+    replicas = 3
 
     selector {
       match_labels = {
@@ -51,6 +51,20 @@ resource "kubernetes_deployment" "pgbouncer" {
       }
 
       spec {
+        affinity {
+          pod_anti_affinity {
+            required_during_scheduling_ignored_during_execution {
+              label_selector {
+                match_expressions {
+                  key      = "component"
+                  operator = "In"
+                  values   = ["server"]
+                }
+              }
+              topology_key = "kubernetes.io/hostname"
+            }
+          }
+        }
         container {
           name              = "pgbouncer"
           image             = "edoburu/pgbouncer:latest"