Comments (9)
BeryJu
commented on May 16, 2024
1
Hey, I've just looked into this and noticed that I've had monitoring.enabled set to true by default, which requires the Prometheus CRDs. I'll change the default to false. (Edit: I've just pushed an update to the helm chart to change this to false)
I'm not quite sure what the other errors are coming from, authentik does create some PVCs for uploads but it shouldn't cause any issues.
from authentik.
BeryJu
commented on May 16, 2024
1
I've made this configurable in helm using pvc.mode: ReadWriteOnce, it'll be included in the next minor update.
from authentik.
gianlazz
commented on May 16, 2024
1
I've gone ahead and tried to make use of these changes with the following values.yaml:
postgresql:
postgresqlPassword: "generated-key"
redis:
password: "generated-key"
config:
secretKey: "generated-key"
pvc.mode: ReadWriteOnce
ingress:
annotations:
kubernetes.io/ingress.class: "traefik"
hosts:
- authentik.internal.lazz.tech
tls:
- secretName: internal-acme-crt-secret
hosts:
- '*.internal.lazz.tech'However I'm encountering the following errors with bot the static and web pods:
error while running "VolumeBinding" prebind plugin for pod "authentik-1618767851-web-b9cb96dc9-swnh6": Operation cannot be fulfilled on persistentvolumeclaims "authentik-1618767851-uploads": the object has been modified; please apply your changes to the latest version and try again
error while running "VolumeBinding" prebind plugin for pod "authentik-1618767851-static-6cfd6884dd-6wzf5": Failed to bind volumes: timed out waiting for the condition
I suspect this may be due to my repeated attempts to install this via helm?
from authentik.
BeryJu
commented on May 16, 2024
1
pvc.mode: ReadWriteOnce
I think within a values file you have to format it as
pvc:
mode: ReadWriteOnceI'm not sure where the error could come from, seems to be related with the PVC Provisioner, but not 100% sure. Can you try a clean install in another namespace, and see if that works?
from authentik.
gianlazz
commented on May 16, 2024
Hmm looks like the error while running "VolumeBinding" prebind plugin for pod "authentik-1618536529-static-7bbb74bcd7-fs754": Failed to bind volumes: timed out waiting for the condition was due to k3s not coming with a default storage class.
I tried installing "local path provisioner" based on this link:
However I'm now getting error while running "VolumeBinding" prebind plugin for pod "authentik-1618545250-static-6fbf47664f-hjrr6": Failed to bind volumes: timed out waiting for the condition on the web and static pods.
edit:
Looks like k3s actually does come with "local path provisioner" these days.
from authentik.
BeryJu
commented on May 16, 2024
Is your k3s cluster running on multiple nodes? I think you might be running into storage issues as the PVCs are declared as RWX which your cluster might not have.
from authentik.
gianlazz
commented on May 16, 2024
Is your k3s cluster running on multiple nodes? I think you might be running into storage issues as the PVCs are declared as RWX which your cluster might not have.
That could be it. I have one physical machine running k3OS configured as a master node for my Homelab.
from authentik.
gianlazz
commented on May 16, 2024
pvc.mode: ReadWriteOnceI think within a values file you have to format it as
pvc: mode: ReadWriteOnceI'm not sure where the error could come from, seems to be related with the PVC Provisioner, but not 100% sure. Can you try a clean install in another namespace, and see if that works?
Yup I'll try with the adjusted values format and a new namespace.
from authentik.
gianlazz
commented on May 16, 2024
The following config from your suggestions has deployed successfully to my k3OS homelab, without having to change namespaces. Thank you very much for your help and thank you again for making an awesome selfhosted oriented sso solution!
postgresql:
postgresqlPassword: "generated-key"
redis:
password: "generated-key"
config:
secretKey: "generated-key"
pvc:
mode: ReadWriteOnce
ingress:
annotations:
kubernetes.io/ingress.class: "traefik"
hosts:
- authentik.internal.lazz.tech
tls:
- secretName: internal-acme-crt-secret
hosts:
- '*.internal.lazz.tech'from authentik.
Related Issues (20)
- Failed to start metrics server HOT 1
- LDAP Outpost will refuse to start until an Application is created that uses it HOT 1
- Passwordless not working on 2024.4.1 HOT 7
- LDAP source: internal password is written after password change (without "update internal password on login")
- Provider not showing Proxy Setup
- LDAP Outpost: Custom `gidNumber` attribute is ignored in virtual-group-object if it is not a string, but the user-object accepts also a integer
- Event Matcher Policy Action Type = "Custom Prefix" not working as expected HOT 1
- Authentik Api key access
- website: AUTHENTIK_SECRET_KEY has a newline character HOT 2
- Nextcloud OpenID Connect exception: Object of type UUID is not JSON serializable HOT 4
- OpenShift Support
- prowlarr with authentik my other *arr can't contact the indexers
- Now it generates the code, but still not working.
- ak_user_has_authenticator result does not change while logged in
- Outpost Controller task (and thus respective pods) not starting when Authentik is started with helm chart HOT 1
- Static token OTP Gui overflow
- Authorization flow / Failed to fetch objects: undefined / proxy HOT 3
- smtp transport self signed certificate error: NotificationTransportError: [SSL: CERTIFICATE_VERIFY_FAILED]
- Initial setup link not working HOT 5
- Support systemd notify
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.