From c4953f349d654d9b8917b433ace0be26adc06ddc Mon Sep 17 00:00:00 2001
From: SeanOMik <seanomik@gmail.com>
Date: Fri, 19 Apr 2024 13:57:21 -0400
Subject: [PATCH] fix(authentik): fix helm chart after many fields were
 deprecated

---
 cluster/apps/authentik/helm-release.yaml    | 119 ++++++++++----------
 cluster/apps/authentik/kustomization.yaml   |   3 +-
 cluster/apps/authentik/service-monitor.yaml |  17 ---
 3 files changed, 60 insertions(+), 79 deletions(-)
 delete mode 100644 cluster/apps/authentik/service-monitor.yaml

diff --git a/cluster/apps/authentik/helm-release.yaml b/cluster/apps/authentik/helm-release.yaml
index 4b25b4d..a927ddd 100644
--- a/cluster/apps/authentik/helm-release.yaml
+++ b/cluster/apps/authentik/helm-release.yaml
@@ -16,23 +16,70 @@ spec:
         name: authentik-charts
         namespace: flux-system
   values:
-    containerSecurityContext: &securityContext
-      runAsUser: 10000
-      runAsGroup: 10000
-      fsGroup: 10000
-      fsGroupChangePolicy: OnRootMismatch
+    global:
+      env:
+        - name: AUTHENTIK_HOST
+          value: &host "auth.${SECRET_NEW_DOMAIN}"
+        - name: AUTHENTIK_HOST_BROWSER
+          value: *host
+        - name: AUTHENTIK_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              key: authentikSecretKey
+              name: authentik-secrets
+        - name: AUTHENTIK_POSTGRESQL__PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: pgsqlUserPassword
+              name: authentik-secrets
+        - name: AUTHENTIK_REDIS__PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: redisUserPassword
+              name: authentik-secrets
+      
+    server:
+#      containerSecurityContext: &securityContext
+#        runAsUser: 10000
+#        runAsGroup: 10000
+#        fsGroup: 10000
+#        fsGroupChangePolicy: OnRootMismatch
 
-    worker:
-      containerSecurityContext: *securityContext
+      ingress:
+        enabled: true
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+          - *host
+        paths:
+          - /
+        pathType: Prefix
+        tls:
+          - hosts:
+              - *host
 
-    geoip:
-      containerSecurityContext: *securityContext
+      metrics:
+        enabled: true
+        serviceMonitor:
+          enabled: true
+          labels:
+            release: kube-prometheus-stack
+
+    prometheus:
+      rules:
+        enabled: true
+
+#    worker:
+#      containerSecurityContext: *securityContext
+#
+#    geoip:
+#      containerSecurityContext: *securityContext
 
     authentik:
-#      secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
       # This sends anonymous usage-data, stack traces on errors and
       # performance data to sentry.beryju.org, and is fully opt-in
-      #log_level: debug
+      log_level: debug
       error_reporting:
         enabled: true
         environment: "k3s"
@@ -40,53 +87,5 @@ spec:
         host: "postgresql.database"
         name: "authentik" # database name
         user: "authentik"
-#        password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
-#        port: 5432
       redis:
-        host: "redis-master.database"
-#        password: "${SECRET_DATABASE_REDIS_PASS}"
-    
-#    prometheus:
-#      serviceMonitor:
-#        create: true
-#        labels: 
-#          release: kube-prometheus-stack
-#      rules:
-#        create: true
-#        labels: 
-#          release: kube-prometheus-stack
-
-    env:
-      AUTHENTIK_HOST: &host "auth.${SECRET_NEW_DOMAIN}"
-      AUTHENTIK_HOST_BROWSER: *host
-    
-    envValueFrom:
-      AUTHENTIK_SECRET_KEY:
-        secretKeyRef:
-          key: authentikSecretKey
-          name: authentik-secrets
-      AUTHENTIK_POSTGRESQL__PASSWORD:
-        secretKeyRef:
-          key: pgsqlUserPassword
-          name: authentik-secrets
-      AUTHENTIK_REDIS__PASSWORD:
-        secretKeyRef:
-          key: redisUserPassword
-          name: authentik-secrets
-
-    ingress:
-      enabled: true
-      annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-production
-        traefik.ingress.kubernetes.io/router.entrypoints: websecure
-      hosts:
-        - host: *host
-          paths:
-            - path: /
-              pathType: Prefix
-      tls:
-        - hosts:
-            - *host
-
-    monitoring:
-      enabled: false # temporarily disable monitoring
\ No newline at end of file
+        host: "redis-master.database"
\ No newline at end of file
diff --git a/cluster/apps/authentik/kustomization.yaml b/cluster/apps/authentik/kustomization.yaml
index 90b7c33..98b6206 100644
--- a/cluster/apps/authentik/kustomization.yaml
+++ b/cluster/apps/authentik/kustomization.yaml
@@ -7,5 +7,4 @@ resources:
 - ./helm-release.yaml
 #- ./network_policy.yaml
 - ./traefik-middleware.yaml
-- ./dashboard.yaml
-- ./service-monitor.yaml
\ No newline at end of file
+- ./dashboard.yaml
\ No newline at end of file
diff --git a/cluster/apps/authentik/service-monitor.yaml b/cluster/apps/authentik/service-monitor.yaml
deleted file mode 100644
index 98fa8fc..0000000
--- a/cluster/apps/authentik/service-monitor.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: authentik
-  namespace: authentik
-  labels:
-    release: kube-prometheus-stack
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: authentik
-      app.kubernetes.io/name: authentik
-  endpoints:
-  - port: http-metrics
-    interval: 30s
-    scrapeTimeout: 3s
-    path: /metrics
\ No newline at end of file