found a bug or got stuck at authentik

.envs/.identity/.authentik-postgresql.template

@@ -1 +0,0 @@
-password=

.envs/.identity/.authentik-secret-key.template

@@ -1 +0,0 @@
-key=

.gitignore

@@ -1,2 +1,2 @@
-.envs/.*/.*
+**/*/.envs/.*
-!.envs/.*/.*.template
+!**/*/.envs/.*.template

stages/base/kustomization.yaml

@@ -10,11 +10,11 @@ resources:
 secretGenerator:
   - name: cert-manager-cloudflare
     envs:
-      - ../../.envs/.cloudflare
+      - .envs/.cloudflare
     namespace: cert-manager
   - name: pihole-admin
     envs:
-      - ../../.envs/.pihole
+      - .envs/.pihole
     namespace: pihole
     options:
       disableNameSuffixHash: true

stages/base/values/argocd.values.yaml

@@ -1,33 +0,0 @@
-global:
-  domain: argo.kropcloud.net
-
-configs:
-  params:
-    server.insecure: true
-
-redis-ha:
-  enabled: true
-
-controller:
-  replicas: 1
-
-server:
-  replicas: 2
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-        cert-manager.io/cluster-issuer: cloudflare-issuer
-    extraTls:
-      - hosts:
-          - argo.kropcloud.net
-        secretName: argocd-tls
-
-
-repoServer:
-  replicas: 2
-
-applicationSet:
-  replicas: 2

stages/base/values/external-dns-pihole.values.yaml

@@ -7,4 +7,4 @@ pihole:
   secretName: pihole-admin
 
 ingressClassFilters:
-  - ingress-nginx
+  - nginx

stages/delivery/helmfile.yaml

@@ -11,3 +11,4 @@ releases:
     version: 7.7.21
     values:
       - ./values/argocd.values.yaml
+    installed: false

stages/identity/.envs/.authentik-postgresql.template

@@ -0,0 +1 @@
+{{ pw "bdf24fa1-8638-4cd1-a17a-df5f0bc8adee" }}

stages/identity/.envs/.authentik-secret-key.template

@@ -0,0 +1 @@
+{{ pw "0e694c6c-9b5c-48c5-b884-6f7274c74832" }}

stages/identity/helmfile.yaml

@@ -4,8 +4,9 @@ repositories:
 ---
 releases:
   - name: authentik
-    namespace: identity--authentik
+    namespace: authentik
     chart: authentik/authentik
     version: 2024.12.3
     values:
-      - ./values/authentik.values.yaml
+      - ./values/authentik.values.yaml.gotmpl
+    installed: false

stages/identity/kustomization.yaml

@@ -1,23 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-
-secretGenerator:
-  - name: authentik-db-password
-    namespace: identity--authentik
-    envs:
-      - ../../.envs/.identity/.authentik-postgresql
-    options:
-      disableNameSuffixHash: true
-  - name: authentik-secret-key
-    namespace: identity--authentik
-    envs:
-      - ../../.envs/.identity/.authentik-secret-key
-    options:
-      disableNameSuffixHash: true
-
-
-labels:
-- includeSelectors: true
-  pairs:
-    app.kubernetes.io/managed-by: Kustomize

stages/identity/values/authentik.values.yaml.gotmpl

@@ -1,28 +1,20 @@
 postgresql:
   enabled: true
   auth:
-    existingSecret: authentik-db-password
+    password: {{ readFile "../.envs/.authentik-postgresql" }}
-    secretKeys:
-      userPasswordKey: password
 
-global:
+authentik:
-  env:
+  secret_key: {{ readFile "../.envs/.authentik-secret-key" }}
-    - name: AUTHENTIK_POSTGRESQL__PASSWORD
+
-      valueFrom:
+  postgresql:
-        secretKeyRef:
+    password: {{ readFile "../.envs/.authentik-postgresql" }}
-          name: authentik-db-password
-          key: password
-    - name: AUTHENTIK_SECRET_KEY
-      valueFrom:
-        secretKeyRef:
-          name: authentik-secret-key
-          key: key
 
 redis:
   enabled: true
 
 server:
   ingress:
+    ingressClassName: nginx
     enabled: true
     hosts:
       - idp.kropcloud.net