[Question] Environment variables failing to be detected #258

plsnotracking · 2024-04-16T04:26:35Z

Describe your question/
Hi, I'm using ArgoCD with Helm to deploy Authentik to my k8s cluster.

Relevant info
Kube version: v1.28.8+k3s1
ArgoCD: 2.10.6
Authentik Helm Chart Version: 2024.2.2

Screenshots
If applicable, add screenshots to help explain your problem.

Logs

{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241332.2785354}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241333.3092413}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241334.339394}
{"event": "PostgreSQL connection failed, retrying... (connection failed: FATAL:  password authentication failed for user \"authentik\")", "level": "info", "logger": "authentik.lib.config", "timestamp": 1713241335.3650475}

Version and Deployment (please complete the following information):

authentik version: 2024.2.2]
Deployment: [helm]

Additional context
Chart.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  destination:
    namespace: authentik
    name: enterprise
  project: default
  sources:
    # Chart from Chart Repo
    - chart: authentik
      repoURL: https://charts.goauthentik.io
      targetRevision: 2024.2.2
      helm:
        valueFiles:
        - $values/enterprise/authentik/values.yaml
        - $values/enterprise/authentik/sealed-secrets.yaml
    # Values from Git
    - repoURL: 'https://git.enterprise.com/enterprise/argocd'
      targetRevision: HEAD
      ref: values
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

values.yaml

global:
  addPrometheusAnnotations: true
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
authentik:
  log_level: debug
  error_reporting:
    enabled: false
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentika"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
worker:
  env:
    - name: AUTHENTIK_POSTGRESQL__HOST
      value: "postgresql.postgresql.svc.cluster.local"
    - name: AUTHENTIK_POSTGRESQL__NAME
      value: "authentika"
    - name: AUTHENTIK_POSTGRESQL__USER
      value: "authentik"
    - name: AUTHENTIK_POSTGRESQL__PORT
      value: "5432"
    - name: AUTHENTIK_POSTGRESQL__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: postgres-password
    - name: AUTHENTIK_REDIS__HOST
      value: redis-master.redis.svc.cluster.local
    - name: AUTHENTIK_REDIS__PORT
      value: "6379"
    - name: AUTHENTIK_REDIS__PASSWORD
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: redis-password
    - name: AUTHENTIK_SECRET_KEY
      valueFrom:
        secretKeyRef:
          name: authentik-secret
          key: authentik-secret
server:
  service:
    type: LoadBalancer
  metrics:
    enabled: true

I'm not sure what I'm missing but the server fails to spin up claiming that the postgres cannot be reached correctly.

I've verified that the password is correct, my strong guess is that the env variables are not honoured.

Thank you.

The text was updated successfully, but these errors were encountered:

BeryJu · 2024-04-16T09:46:46Z

you can run ak dump_config in the container to see what config authentik interpreted

plsnotracking added the question Further information is requested label Apr 16, 2024

BeryJu transferred this issue from goauthentik/authentik Apr 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Question] Environment variables failing to be detected #258

[Question] Environment variables failing to be detected #258

plsnotracking commented Apr 16, 2024

BeryJu commented Apr 16, 2024

[Question] Environment variables failing to be detected #258

[Question] Environment variables failing to be detected #258

Comments

plsnotracking commented Apr 16, 2024

BeryJu commented Apr 16, 2024