From 7928992e2a8d037a002d805a997211ce81750e9c Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Fri, 17 Apr 2026 21:16:18 +0200
Subject: [PATCH] Tuned authentik worker

---
 auth-system/authentik-values.yaml | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/auth-system/authentik-values.yaml b/auth-system/authentik-values.yaml
index e67ce29..e5b8d02 100644
--- a/auth-system/authentik-values.yaml
+++ b/auth-system/authentik-values.yaml
@@ -2,6 +2,14 @@
 # Authentik Helm Chart Custom Values - SHARED POSTGRESQL VERSION
 # For dooplex homelab deployment with centralized PostgreSQL
 # Version: 2025.12.3
+#
+# ============================================================================
+# 2026-04 tuning for worker task pile-up (issue #18368):
+# - THREADS 2 -> 4: doubles concurrent task slots per worker (4 -> 8)
+# - TASK_EXPIRATION 30d -> 3d: reduces task table bloat & cleanup load
+# - worker resources: guaranteed 500m CPU instead of burst-only 100m
+# Applies to workload of ~15 outposts; revisit if outpost count grows.
+# ============================================================================
 
 global:
   image:
@@ -134,12 +142,26 @@ worker:
   name: worker
   replicas: 1
   
-  # Resource limits
+  # Tuning for issue #18368 (task pile-up on 2025.10+ due to Postgres broker).
+  # These env vars are worker-only; don't promote to global.env.
+  env:
+    # 2 (default) -> 4. Slots = replicas × PROCESSES × THREADS.
+    # 1 × 2 × 4 = 8 concurrent tasks. Docs: below 2 not recommended.
+    - name: AUTHENTIK_WORKER__THREADS
+      value: "4"
+    # 30d (default) -> 3d. Shrinks authentik_tasks_tasks table, making
+    # daily purge cheaper and reducing the dequeue cost per task.
+    - name: AUTHENTIK_WORKER__TASK_EXPIRATION
+      value: "days=3"
+  
+  # Resource limits - bumped from 100m/1Gi for worker throughput.
+  # A single send_update burst from 15 outposts can saturate the old budget.
   resources:
     requests:
-      cpu: 100m
+      cpu: 500m
       memory: 512Mi
     limits:
+      cpu: "2"
       memory: 1Gi
   
   # Persistent volume for media files (shared with server)
@@ -199,4 +221,4 @@ serviceAccount:
 # Prometheus metrics
 prometheus:
   rules:
-    enabled: false
+    enabled: false
\ No newline at end of file