fix(authentik): fix helm chart after many fields were deprecated

cluster/apps/authentik/helm-release.yaml

@@ -16,77 +16,76 @@ spec:
         name: authentik-charts
         namespace: flux-system
   values:
-    containerSecurityContext: &securityContext
+    global:
-      runAsUser: 10000
-      runAsGroup: 10000
-      fsGroup: 10000
-      fsGroupChangePolicy: OnRootMismatch
-
-    worker:
-      containerSecurityContext: *securityContext
-
-    geoip:
-      containerSecurityContext: *securityContext
-
-    authentik:
-#      secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"
-      # This sends anonymous usage-data, stack traces on errors and
-      # performance data to sentry.beryju.org, and is fully opt-in
-      #log_level: debug
-      error_reporting:
-        enabled: true
-        environment: "k3s"
-      postgresql:
-        host: "postgresql.database"
-        name: "authentik" # database name
-        user: "authentik"
-#        password: "${SECRET_DATABASE_PGSQL_ADMIN_PASS}"
-#        port: 5432
-      redis:
-        host: "redis-master.database"
-#        password: "${SECRET_DATABASE_REDIS_PASS}"
-    
-#    prometheus:
-#      serviceMonitor:
-#        create: true
-#        labels: 
-#          release: kube-prometheus-stack
-#      rules:
-#        create: true
-#        labels: 
-#          release: kube-prometheus-stack
-
       env:
-      AUTHENTIK_HOST: &host "auth.${SECRET_NEW_DOMAIN}"
+        - name: AUTHENTIK_HOST
-      AUTHENTIK_HOST_BROWSER: *host
+          value: &host "auth.${SECRET_NEW_DOMAIN}"
-    
+        - name: AUTHENTIK_HOST_BROWSER
-    envValueFrom:
+          value: *host
-      AUTHENTIK_SECRET_KEY:
+        - name: AUTHENTIK_SECRET_KEY
+          valueFrom:
             secretKeyRef:
               key: authentikSecretKey
               name: authentik-secrets
-      AUTHENTIK_POSTGRESQL__PASSWORD:
+        - name: AUTHENTIK_POSTGRESQL__PASSWORD
+          valueFrom:
             secretKeyRef:
               key: pgsqlUserPassword
               name: authentik-secrets
-      AUTHENTIK_REDIS__PASSWORD:
+        - name: AUTHENTIK_REDIS__PASSWORD
+          valueFrom:
             secretKeyRef:
               key: redisUserPassword
               name: authentik-secrets
       
+    server:
+#      containerSecurityContext: &securityContext
+#        runAsUser: 10000
+#        runAsGroup: 10000
+#        fsGroup: 10000
+#        fsGroupChangePolicy: OnRootMismatch
+
       ingress:
         enabled: true
         annotations:
           cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-        - host: *host
+          - *host
         paths:
-            - path: /
+          - /
         pathType: Prefix
         tls:
           - hosts:
               - *host
 
-    monitoring:
+      metrics:
-      enabled: false # temporarily disable monitoring
+        enabled: true
+        serviceMonitor:
+          enabled: true
+          labels:
+            release: kube-prometheus-stack
+
+    prometheus:
+      rules:
+        enabled: true
+
+#    worker:
+#      containerSecurityContext: *securityContext
+#
+#    geoip:
+#      containerSecurityContext: *securityContext
+
+    authentik:
+      # This sends anonymous usage-data, stack traces on errors and
+      # performance data to sentry.beryju.org, and is fully opt-in
+      log_level: debug
+      error_reporting:
+        enabled: true
+        environment: "k3s"
+      postgresql:
+        host: "postgresql.database"
+        name: "authentik" # database name
+        user: "authentik"
+      redis:
+        host: "redis-master.database"

cluster/apps/authentik/kustomization.yaml

@@ -8,4 +8,3 @@ resources:
 #- ./network_policy.yaml
 - ./traefik-middleware.yaml
 - ./dashboard.yaml
-- ./service-monitor.yaml

cluster/apps/authentik/service-monitor.yaml

@@ -1,17 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: authentik
-  namespace: authentik
-  labels:
-    release: kube-prometheus-stack
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: authentik
-      app.kubernetes.io/name: authentik
-  endpoints:
-  - port: http-metrics
-    interval: 30s
-    scrapeTimeout: 3s
-    path: /metrics