helm [Question] Environment variables failing to be detected

Describe your question/ Hi, I'm using ArgoCD with Helm to deploy Authentik to my k8s cluster.

Relevant info Kube version: v1.28.8+k3s1 ArgoCD: 2.10.6 Authentik Helm Chart Version: 2024.2.2

Screenshots If applicable, add screenshots to help explain your problem.

Logs

{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241332.2785354}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241333.3092413}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241334.339394}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241335.3650475}

Version and Deployment (please complete the following information):

authentik version: 2024.2.2]
Deployment: [helm]

Additional context Chart.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  destination:
    namespace: authentik
    name: enterprise
  project: default
  sources:
    # Chart from Chart Repo
    - chart: authentik
      repoURL: https://charts.goauthentik.io
      targetRevision: 2024.2.2
      helm:
        valueFiles:
        - $values/enterprise/authentik/values.yaml
        - $values/enterprise/authentik/sealed-secrets.yaml
    # Values from Git
    - repoURL: 'https://git.enterprise.com/enterprise/argocd'
      targetRevision: HEAD
      ref: values
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

values.yaml

global:
  addPrometheusAnnotations: true
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
authentik:
  log_level: debug
  error_reporting:
    enabled: false
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentika"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
worker:
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentika"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
server:
  service:
    type: LoadBalancer
  metrics:
    enabled: true

I'm not sure what I'm missing but the server fails to spin up claiming that the postgres cannot be reached correctly.

I've verified that the password is correct, my strong guess is that the env variables are not honoured.

Thank you.

Apr 16 '24 04:04 plsnotracking

you can run ak dump_config in the container to see what config authentik interpreted

Apr 16 '24 09:04 BeryJu

Works as intended, user (my) problem. Thanks @BeryJu

Jul 18 '24 19:07 plsnotracking

helm helm copied to clipboard

[Question] Environment variables failing to be detected

helm
helm copied to clipboard