jpallison0625/swarm-production
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-11-16. You can view files and clone it, but cannot push or open issues or pull requests.
Files
b62b8904825c34ac76c90b47de35ede4d1703627
swarm-production/stacks/apps/authentik/stack.yml
John b62b890482 Add healthchecks and resource constraints to all services 
Added healthchecks:
- adminer: PHP file_get_contents check
- authentik_server: ak healthcheck command
- authentik_redis: redis-cli ping
- paperless_redis: redis-cli ping
- paperless_webserver: curl localhost:8000
- n8n: wget healthz endpoint
- traefik: wget ping endpoint (with --ping enabled)
- tracker-nginx: curl localhost:80

Added resource limits:
- adminer: 512M limit, 128M reservation
- authentik_server: 1G/1 CPU limit, 512M reservation
- authentik_worker: 1G/1 CPU limit, 512M reservation
- authentik_redis: 512M limit, 128M reservation
- paperless_redis: 512M limit, 128M reservation
- paperless_webserver: 2G/2 CPU limit, 1G reservation
- traefik: 512M/0.5 CPU limit, 256M reservation
- tracker-nginx: 256M limit, 64M reservation

All services now have proper health monitoring and resource constraints
to prevent resource exhaustion and improve reliability.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-30 09:08:49 +00:00

112 lines
3.1 KiB
YAML
Raw Blame History

services:
redis:
image: redis:alpine
command: --save 60 1 --loglevel warning
volumes:
- /home/doc/swarm-data/appdata/authentik/redis:/data
ports:
- 6379:6379
networks:
- homelab
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
deploy:
replicas: 1
resources:
limits:
memory: 512M
reservations:
memory: 128M
authentik_server:
image: ghcr.io/goauthentik/server:2025.10.0
command: server
environment:
AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
AUTHENTIK_REDIS__HOST: "redis"
AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_POSTGRESQL__USER: "admin"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
# Optional: Set error reporting (set to false for privacy)
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
secrets:
- auth-key
- postgres-master
volumes:
- /home/doc/swarm-data/appdata/authentik/media:/media
- /home/doc/swarm-data/appdata/authentik/templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
networks:
- homelab
healthcheck:
test: ["CMD-SHELL", "ak healthcheck"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
deploy:
replicas: 1
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls.certresolver=cloudflare"
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
- "traefik.docker.network=homelab"
depends_on:
- redis
authentik_worker:
image: ghcr.io/goauthentik/server:2025.10.0
command: worker
environment:
AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
AUTHENTIK_REDIS__HOST: "redis"
AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_POSTGRESQL__USER: "admin"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
# Optional: Set error reporting (set to false for privacy)
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
secrets:
- auth-key
- postgres-master
volumes:
- /home/doc/swarm-data/appdata/authentik/media:/media
- /home/doc/swarm-data/appdata/authentik/templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
networks:
- homelab
deploy:
replicas: 1
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
depends_on:
- redis
networks:
homelab:
external: true
secrets:
postgres-master:
external: true
auth-key:
external: true
Reference in New Issue View Git Blame Copy Permalink