Increase the number of authentik replicas

2024-10-21 11:42:58 +05:00 · 2024-10-21 11:42:58 +05:00 · 5ea94924d2
commit 5ea94924d2
parent cb9e1245d8
3 changed files with 18 additions and 6 deletions
--- a/roles/authentik/tasks/main.yml
+++ b/roles/authentik/tasks/main.yml
@ -35,7 +35,7 @@
 - name: Run authentik server container
  become: true
  community.docker.docker_container:
-    name: authentik
+    name: authentik-{{ item }}
    image: "{{ image }}:{{ tag }}"
    command: ["server"]
    networks:
@ -51,6 +51,7 @@
      - /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
      - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
    env_file: /etc/authentik/.env
+  loop: ["1", "2"]
 - name: Run authentik worker container
  become: true
  community.docker.docker_container:
@ -69,17 +70,16 @@
 - name: Run authentik LDAP outpost
  become: true
  community.docker.docker_container:
-    name: authentik-ldap
+    name: authentik-ldap-{{ item }}
    image: ghcr.io/goauthentik/ldap:{{ tag }}
    networks:
      - name: authentik
      - name: haproxy
-    ports:
-      - 389:3389
    volumes:
      - authentik-certs:/certs
      - /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/certs/comfycamp.space/fullchain.pem:ro
      - /etc/letsencrypt/live/comfycamp.space/privkey.pem:/certs/comfycamp.space/privkey.pem:ro
    env:
-      AUTHENTIK_HOST: http://authentik:9000
+      AUTHENTIK_HOST: http://authentik-{{ item }}:9000
      AUTHENTIK_TOKEN: "{{ ldap_outpost_token }}"
+  loop: ["1", "2"]
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@ -78,6 +78,11 @@ frontend matrix-federation

    default_backend matrix

+frontend authentik_ldap
+    mode tcp
+    bind *:389
+    default_backend authentik_ldap
+
 backend comfycamp
    mode http
    server green comfycamp:4000 check
@ -134,4 +139,10 @@ backend peertube
 backend authentik
    mode http
    option forwardfor
-    server s1 authentik:9000
+    server s1 authentik-1:9000 check
+    server s2 authentik-2:9000 check
+
+backend authentik_ldap
+    mode tcp
+    server s1 authentik-ldap-1:3389 check
+    server s2 authentik-ldap-2:3389 check
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -61,6 +61,7 @@
      net.ipv4.ip_unprivileged_port_start: 0
    ports:
      - 80:80
+      - 389:389
      - 443:443
    restart_policy: unless-stopped
 - name: Reload haproxy