From cb7f7dbc4dc83d57d829bafc011ae8a9944bc6c1 Mon Sep 17 00:00:00 2001 From: Andrew Stoltz Date: Mon, 25 May 2026 16:03:03 -0500 Subject: [PATCH] authentik: generous startup/liveness probes for first-boot migration The server pod was getting killed by liveness probe at 60s while still waiting on migration DB lock (worker pod also running migrations against same DB). Add startupProbe with 10.5 min budget so liveness doesn't fire until migrations finish. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/authentik/authentik.yaml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/apps/authentik/authentik.yaml b/apps/authentik/authentik.yaml index ce95942..4d54a87 100644 --- a/apps/authentik/authentik.yaml +++ b/apps/authentik/authentik.yaml @@ -286,22 +286,34 @@ spec: value: "false" - name: AUTHENTIK_LOG_LEVEL value: info + # First-boot Authentik can take 3+ min on the migration phase + # (waiting on DB lock while worker also runs migrations). Initial + # delays are generous so kubelet doesn't kill the pod mid-migration; + # periodSeconds keeps post-startup probing responsive. readinessProbe: httpGet: path: /-/health/ready/ port: 9000 - initialDelaySeconds: 30 + initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 - failureThreshold: 6 + failureThreshold: 12 livenessProbe: httpGet: path: /-/health/live/ port: 9000 - initialDelaySeconds: 60 + initialDelaySeconds: 300 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 + startupProbe: + httpGet: + path: /-/health/live/ + port: 9000 + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 40 # 30s + 40*15s = 10.5 min budget resources: requests: { cpu: 150m, memory: 512Mi } limits: { cpu: 1500m, memory: 1Gi }