authentik:
  log_level: warning
  # log_level: trace
  secret_key: "${secret_key}"
  # This sends anonymous usage-data, stack traces on errors and
  # performance data to authentik.error-reporting.a7k.io, and is fully opt-in
  error_reporting:
    enabled: true
  postgresql:
    # host: postgresql.dbaas
    host: pgbouncer.authentik
    port: 6432
    user: authentik
    password: ${postgres_password}
  redis:
    host: ${redis_host}

server:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  resources:
    requests:
      cpu: 100m
      memory: 1Gi
    limits:
      memory: 1Gi
  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: kubernetes.io/hostname
      whenUnsatisfiable: ScheduleAnyway
      labelSelector:
        matchLabels:
          app.kubernetes.io/component: server
  ingress:
    enabled: false
    # hosts:
    #   - authentik.viktorbarzin.me
  podAnnotations:
    diun.enable: true
    diun.include_tags: "^202[0-9].[0-9]+.*$" # no need to annotate the worker as it uses the same image
  pdb:
    enabled: true
    minAvailable: 2
global:
  addPrometheusAnnotations: true

worker:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
  resources:
    requests:
      cpu: 100m
      memory: 896Mi
    limits:
      memory: 896Mi
  topologySpreadConstraints:
    - maxSkew: 1
      topologyKey: kubernetes.io/hostname
      whenUnsatisfiable: ScheduleAnyway
      labelSelector:
        matchLabels:
          app.kubernetes.io/component: worker
  pdb:
    enabled: true
    maxUnavailable: 1