Giter Site home page Giter Site logo

Comments (4)

BeryJu avatar BeryJu commented on August 27, 2024

how are you setting the value in the helm chart? As the helm chart sets a default log level value via authentik.log_level which is set to info by default, adding an environment variable might be overwritten by that

from authentik.

fullykubed avatar fullykubed commented on August 27, 2024

I am fairly confident everything is set up per the docs and that the Helm chart propagated the value appropriately.

Here are the relevant Helm values:

authentik:
  email:
    from: [email protected]
    host: email-smtp.us-east-2.amazonaws.com
    password: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    port: 587
    timeout: 30
    use_tls: true
    username: XXXXXXXXXXXXXXXXXXXXX
  error_reporting:
    enabled: true
  log_level: error
  postgresql:
    host: pg-2c0d-pooler-rw.authentik
    name: app
    password: XXXXXXXXXX
    port: 5432
    user: postgres
  redis:
    host: redis-244d-master.authentik
    password: XXXXXXXXX
    username: default
  secret_key: XXXXXXXXX
fullnameOverride: authentik
global:
  env:
  - name: AUTHENTIK_COOKIE_DOMAIN
    value: authentik.panfactum.com
  - name: AUTHENTIK_DISABLE_UPDATE_CHECK
    value: "true"
  - name: AUTHENTIK_LOG_LEVEL
    value: error
  - name: AUTHENTIK_REDIS__TLS
    value: "false"
  - name: AUTHENTIK_POSTGRESQL__USE_PGBOUNCER
    value: "true"
  - name: AUTHENTIK_POSTGRESQL__SSLROOTCERT
    value: /etc/certs/pg/ca.crt
  - name: AUTHENTIK_POSTGRESQL__SSLMODE
    value: verify-full
  - name: AUTHENTIK_BOOTSTRAP_EMAIL
    value: [email protected]
  - name: AUTHENTIK_BOOTSTRAP_TOKEN
    valueFrom:
      secretKeyRef:
        key: token
        name: bootstrap-creds
  - name: AUTHENTIK_BOOTSTRAP_PASSWORD
    valueFrom:
      secretKeyRef:
        key: password
        name: bootstrap-creds

Here are the values in the generated authentik Secret:

AUTHENTIK_EMAIL__FROM: [email protected]
AUTHENTIK_EMAIL__HOST: email-smtp.us-east-2.amazonaws.com
AUTHENTIK_EMAIL__PASSWORD: XXXXXXXXXX
AUTHENTIK_EMAIL__PORT: "587"
AUTHENTIK_EMAIL__TIMEOUT: "30"
AUTHENTIK_EMAIL__USE_SSL: "false"
AUTHENTIK_EMAIL__USE_TLS: "true"
AUTHENTIK_EMAIL__USERNAME: XXXXXXXX
AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: k8s
AUTHENTIK_ERROR_REPORTING__SEND_PII: "false"
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__ASN: /geoip/GeoLite2-ASN.mmdb
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__GEOIP: /geoip/GeoLite2-City.mmdb
AUTHENTIK_LOG_LEVEL: error
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE: ghcr.io/goauthentik/%(type)s:%(version)s
AUTHENTIK_POSTGRESQL__HOST: pg-2c0d-pooler-rw.authentik
AUTHENTIK_POSTGRESQL__NAME: app
AUTHENTIK_POSTGRESQL__PASSWORD: XXXXXXXXX
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_POSTGRESQL__USER: postgres
AUTHENTIK_REDIS__HOST: redis-244d-master.authentik
AUTHENTIK_REDIS__PASSWORD: XXXXXXXX
AUTHENTIK_REDIS__USERNAME: default
AUTHENTIK_SECRET_KEY: XXXXXX

Here are the results of running printenv | grep AUTHENTIK_ in the container:

AUTHENTIK_SERVER_METRICS_PORT_9300_TCP_PROTO=tcp
AUTHENTIK_SERVER_METRICS_PORT_9300_TCP=tcp://172.20.124.123:9300
AUTHENTIK_POSTGRESQL__HOST=pg-2c0d-pooler-rw.authentik
AUTHENTIK_SERVER_METRICS_PORT_9300_TCP_PORT=9300
AUTHENTIK_SERVER_PORT_443_TCP_ADDR=172.20.210.113
AUTHENTIK_SERVER_SERVICE_PORT_HTTP=80
AUTHENTIK_SERVER_PORT_80_TCP_PORT=80
AUTHENTIK_SERVER_SERVICE_PORT=80
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__GEOIP=/geoip/GeoLite2-City.mmdb
AUTHENTIK_POSTGRESQL__PASSWORD=XXXXXXXXXXXXXXX
AUTHENTIK_EVENTS__CONTEXT_PROCESSORS__ASN=/geoip/GeoLite2-ASN.mmdb
AUTHENTIK_EMAIL__TIMEOUT=30
AUTHENTIK_SERVER_METRICS_SERVICE_PORT_METRICS=9300
AUTHENTIK_SERVER_METRICS_PORT_9300_TCP_ADDR=172.20.124.123
AUTHENTIK_SERVER_METRICS_PORT=tcp://172.20.124.123:9300
AUTHENTIK_REDIS__HOST=redis-244d-master.authentik
AUTHENTIK_SECRET_KEY=XXXXXXXXXXXXXXXXXXX
[email protected]
AUTHENTIK_SERVER_METRICS_SERVICE_PORT=9300
AUTHENTIK_BOOTSTRAP_TOKEN=XXXXXXXXXXX
AUTHENTIK_SERVER_PORT=tcp://172.20.210.113:80
AUTHENTIK_SERVER_PORT_80_TCP_PROTO=tcp
AUTHENTIK_SERVER_SERVICE_HOST=172.20.210.113
AUTHENTIK_LOG_LEVEL=error
AUTHENTIK_SERVER_METRICS_SERVICE_HOST=172.20.124.123
[email protected]
AUTHENTIK_REDIS__USERNAME=default
AUTHENTIK_POSTGRESQL__SSLMODE=verify-full
AUTHENTIK_POSTGRESQL__NAME=app
AUTHENTIK_EMAIL__HOST=email-smtp.us-east-2.amazonaws.com
AUTHENTIK_SERVER_PORT_80_TCP_ADDR=172.20.210.113
AUTHENTIK_LISTEN__HTTP=0.0.0.0:9000
AUTHENTIK_EMAIL__USE_TLS=true
AUTHENTIK_BOOTSTRAP_PASSWORD=XXXXXXXXXX
AUTHENTIK_SERVER_PORT_80_TCP=tcp://172.20.210.113:80
AUTHENTIK_POSTGRESQL__PORT=5432
AUTHENTIK_REDIS__TLS=false
AUTHENTIK_DISABLE_UPDATE_CHECK=true
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_LISTEN__METRICS=0.0.0.0:9300
AUTHENTIK_COOKIE_DOMAIN=authentik.panfactum.com
AUTHENTIK_SERVER_PORT_443_TCP=tcp://172.20.210.113:443
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_SERVER_PORT_443_TCP_PORT=443
AUTHENTIK_EMAIL__PASSWORD=XXXXXXXX
AUTHENTIK_SERVER_SERVICE_PORT_HTTPS=443
AUTHENTIK_POSTGRESQL__USE_PGBOUNCER=true
AUTHENTIK_EMAIL__USERNAME=XXXXXXXXXXXXXXXXX
AUTHENTIK_LISTEN__HTTPS=0.0.0.0:9443
AUTHENTIK_ERROR_REPORTING__SEND_PII=false
AUTHENTIK_POSTGRESQL__USER=postgres
AUTHENTIK_EMAIL__PORT=587
AUTHENTIK_ERROR_REPORTING__ENVIRONMENT=k8s
AUTHENTIK_REDIS__PASSWORD=XXXXXX
AUTHENTIK_POSTGRESQL__SSLROOTCERT=/etc/certs/pg/ca.crt
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/%(type)s:%(version)s
AUTHENTIK_SERVER_PORT_443_TCP_PROTO=tcp

from authentik.

BeryJu avatar BeryJu commented on August 27, 2024

could you run ak dump_config in the container?

from authentik.

fullykubed avatar fullykubed commented on August 27, 2024

Absolutely!

Here you go:

{"event": "Loaded config", "level": "debug", "logger": "__main__", "timestamp": 1717707653.5867982, "file": "/authentik/lib/default.yml"}
{"event": "Loaded environment variables", "level": "debug", "logger": "__main__", "timestamp": 1717707653.587663, "count": 57}
{
    "postgresql": {
        "host": "pg-2c0d-pooler-rw.authentik",
        "name": "app",
        "user": "postgres",
        "port": 5432,
        "password": "XXXXXXXXXXXXXXXXXXXX",
        "use_pgbouncer": true,
        "use_pgpool": false,
        "test": {
            "name": "test_authentik"
        },
        "sslmode": "verify-full",
        "sslrootcert": "/etc/certs/pg/ca.crt"
    },
    "listen": {
        "listen_http": "0.0.0.0:9000",
        "listen_https": "0.0.0.0:9443",
        "listen_ldap": "0.0.0.0:3389",
        "listen_ldaps": "0.0.0.0:6636",
        "listen_radius": "0.0.0.0:1812",
        "listen_metrics": "0.0.0.0:9300",
        "listen_debug": "0.0.0.0:9900",
        "trusted_proxy_cidrs": [
            "127.0.0.0/8",
            "10.0.0.0/8",
            "172.16.0.0/12",
            "192.168.0.0/16",
            "fe80::/10",
            "::1/128"
        ],
        "http": "0.0.0.0:9000",
        "metrics": "0.0.0.0:9300",
        "https": "0.0.0.0:9443"
    },
    "redis": {
        "host": "redis-244d-master.authentik",
        "port": 6379,
        "db": 0,
        "username": "default",
        "password": "XXXXXXXXXXXXXXXXX",
        "tls": false,
        "tls_reqs": "none",
        "tls_ca_cert": null
    },
    "cache": {
        "timeout": 300,
        "timeout_flows": 300,
        "timeout_policies": 300,
        "timeout_reputation": 300
    },
    "debug": false,
    "remote_debug": false,
    "log_level": "error",
    "session_storage": "cache",
    "error_reporting": {
        "enabled": true,
        "sentry_dsn": "https://151ba72610234c4c97c5bcff4e1cffd8@authentik.error-reporting.a7k.io/4504163677503489",
        "environment": "k8s",
        "send_pii": false,
        "sample_rate": 0.1
    },
    "email": {
        "host": "email-smtp.us-east-2.amazonaws.com",
        "port": 587,
        "username": "XXXXXXXXXX",
        "password": "XXXXXX",
        "use_tls": true,
        "use_ssl": false,
        "timeout": 30,
        "from": "[email protected]",
        "template_dir": "/templates"
    },
    "throttle": {
        "providers": {
            "oauth2": {
                "device": "20/hour"
            }
        },
        "default": "1000/second"
    },
    "outposts": {
        "container_image_base": "ghcr.io/goauthentik/%(type)s:%(version)s",
        "discover": true,
        "disable_embedded_outpost": false
    },
    "ldap": {
        "task_timeout_hours": 2,
        "page_size": 50,
        "tls": {
            "ciphers": null
        }
    },
    "reputation": {
        "expiry": 86400
    },
    "cookie_domain": "authentik.panfactum.com",
    "disable_update_check": true,
    "disable_startup_analytics": false,
    "events": {
        "context_processors": {
            "geoip": "/geoip/GeoLite2-City.mmdb",
            "asn": "/geoip/GeoLite2-ASN.mmdb"
        }
    },
    "cert_discovery_dir": "/certs",
    "tenants": {
        "enabled": false,
        "api_key": ""
    },
    "blueprints_dir": "/blueprints",
    "web": {
        "threads": 4
    },
    "worker": {
        "concurrency": 2
    },
    "storage": {
        "media": {
            "backend": "file",
            "file": {
                "path": "./media"
            },
            "s3": {
                "secure_urls": true
            }
        }
    },
    "server_metrics_port_9300_tcp_proto": "tcp",
    "server_metrics_port_9300_tcp": "tcp://172.20.124.123:9300",
    "server_metrics_port_9300_tcp_port": 9300,
    "server_port_443_tcp_addr": "172.20.210.113",
    "server_service_port_http": 80,
    "server_port_80_tcp_port": 80,
    "server_service_port": 80,
    "server_metrics_service_port_metrics": 9300,
    "server_metrics_port_9300_tcp_addr": "172.20.124.123",
    "server_metrics_port": "tcp://172.20.124.123:9300",
    "secret_key": "XXXXX",
    "server_metrics_service_port": 9300,
    "bootstrap_token": "XXXXX",
    "server_port": "tcp://172.20.210.113:80",
    "server_port_80_tcp_proto": "tcp",
    "server_service_host": "172.20.210.113",
    "server_metrics_service_host": "172.20.124.123",
    "bootstrap_email": "[email protected]",
    "server_port_80_tcp_addr": "172.20.210.113",
    "bootstrap_password": "XXXXXXX",
    "server_port_80_tcp": "tcp://172.20.210.113:80",
    "server_port_443_tcp": "tcp://172.20.210.113:443",
    "server_port_443_tcp_port": 443,
    "server_service_port_https": 443,
    "server_port_443_tcp_proto": "tcp"
}

from authentik.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.