helm icon indicating copy to clipboard operation
helm copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

[Question] Environment variables failing to be detected

Open plsnotracking opened this issue 2 months ago • 1 comments

Describe your question/ Hi, I'm using ArgoCD with Helm to deploy Authentik to my k8s cluster.

Relevant info Kube version: v1.28.8+k3s1 ArgoCD: 2.10.6 Authentik Helm Chart Version: 2024.2.2

Screenshots If applicable, add screenshots to help explain your problem.

Logs

{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241332.2785354}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241333.3092413}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241334.339394}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241335.3650475}

Version and Deployment (please complete the following information):

  • authentik version: 2024.2.2]
  • Deployment: [helm]

Additional context Chart.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  destination:
    namespace: authentik
    name: enterprise
  project: default
  sources:
    # Chart from Chart Repo
    - chart: authentik
      repoURL: https://charts.goauthentik.io
      targetRevision: 2024.2.2
      helm:
        valueFiles:
        - $values/enterprise/authentik/values.yaml
        - $values/enterprise/authentik/sealed-secrets.yaml
    # Values from Git
    - repoURL: 'https://git.enterprise.com/enterprise/argocd'
      targetRevision: HEAD
      ref: values
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

values.yaml

global:
  addPrometheusAnnotations: true
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
authentik:
  log_level: debug
  error_reporting:
    enabled: false
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentika"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
worker:
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentika"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
server:
  service:
    type: LoadBalancer
  metrics:
    enabled: true

I'm not sure what I'm missing but the server fails to spin up claiming that the postgres cannot be reached correctly.

I've verified that the password is correct, my strong guess is that the env variables are not honoured.

Thank you.

plsnotracking avatar Apr 16 '24 04:04 plsnotracking