try to deploy

k8s/authelia/templates/configmap.yaml

@@ -12,11 +12,11 @@ data:
     
     identity_validation:
       reset_password:
-        jwt_secret: "$JWT_SECRET" # Injected via env/file
+        jwt_secret: ""
     
     session:
       name: authelia_session
-      secret: "$SESSION_SECRET" # Injected via env/file
+      secret: ""
       expiration: 3600
       inactivity: 900
       cookies:
@@ -24,7 +24,7 @@ data:
           authelia_url: {{ .Values.authelia_url | quote }}
     
     storage:
-      encryption_key: "$STORAGE_ENCRYPTION_KEY" # Injected via env/file
+      encryption_key: ""
       local:
         path: /var/lib/authelia/db.sqlite3
     
@@ -43,7 +43,7 @@ data:
         address: "submission://{{ .Values.config.notifier.smtp.host }}:{{ .Values.config.notifier.smtp.port }}"
         sender: {{ .Values.config.notifier.smtp.sender | quote }}
         username: {{ .Values.config.notifier.smtp.username | quote }}
-        password: "$SMTP_PASSWORD" # Injected via env/file
+        password: ""
     
     webauthn:
       display_name: {{ .Values.config.webauthn.display_name | quote }}

k8s/authelia/templates/deployment.yaml

@@ -4,6 +4,8 @@ metadata:
   name: authelia
 spec:
   replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: authelia
@@ -12,6 +14,7 @@ spec:
       labels:
         app: authelia
     spec:
+      enableServiceLinks: false
       containers:
         - name: authelia
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -20,28 +23,22 @@ spec:
             - name: http
               containerPort: 9091
           env:
-            - name: AUTHELIA_SERVER_ADDRESS
-              value: "tcp://0.0.0.0:9091"
-            - name: PUID
-              value: "1000"
-            - name: PGID
-              value: "1000"
-            - name: JWT_SECRET
+            - name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
               valueFrom:
                 secretKeyRef:
                   name: authelia-secrets
                   key: jwt_secret
-            - name: SESSION_SECRET
+            - name: AUTHELIA_SESSION_SECRET
               valueFrom:
                 secretKeyRef:
                   name: authelia-secrets
                   key: session_secret
-            - name: STORAGE_ENCRYPTION_KEY
+            - name: AUTHELIA_STORAGE_ENCRYPTION_KEY
               valueFrom:
                 secretKeyRef:
                   name: authelia-secrets
                   key: storage_encryption_key
-            - name: SMTP_PASSWORD
+            - name: AUTHELIA_NOTIFIER_SMTP_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: authelia-secrets

k8s/authelia/values-staging.yaml

@@ -1,9 +1,10 @@
 ingress:
+  enabled: true
   hosts:
     - host: idp.staging.jamkazam.com
       paths:
         - path: /
-          pathType: ImplementationSpecific
+          pathType: Prefix
 
 authelia_url: https://idp.staging.jamkazam.com
 domain: staging.jamkazam.com

scripts/fast-deploy-console

@@ -1,34 +1,64 @@
 #!/bin/bash
 set -e
 
-# scripts/fast-deploy-infra.sh
+# scripts/fast-deploy-console
 # Quickly updates Console, Authelia, and Ingress-Nginx bypassing CI/CD.
 
 ENV=${1:-staging}
-CONTEXT="lke-video-$ENV" # Adjust this if your context names differ
+
+# Use the directory where the script is located to find the project root
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
 
 echo "🚀 Fast-deploying infra components to $ENV..."
+echo "📍 Project Root: $PROJECT_ROOT"
+
+# Function to adopt existing resources into Helm
+adopt_resource() {
+  local kind=$1
+  local name=$2
+  local ns=$3
+  local release=$4
+
+  if kubectl get "$kind" "$name" -n "$ns" &>/dev/null; then
+    echo "🏗️  Adopting $kind/$name into Helm release $release..."
+    kubectl label "$kind" "$name" -n "$ns" "app.kubernetes.io/managed-by=Helm" --overwrite
+    kubectl annotate "$kind" "$name" -n "$ns" "meta.helm.sh/release-name=$release" --overwrite
+    kubectl annotate "$kind" "$name" -n "$ns" "meta.helm.sh/release-namespace=$ns" --overwrite
+  fi
+}
 
 # 1. Update Authelia
 echo "📦 Updating Authelia..."
-helm upgrade --install authelia k8s/authelia 
-  --namespace authelia 
-  --create-namespace 
-  -f k8s/authelia/values.yaml 
-  -f k8s/authelia/values-$ENV.yaml
+# Adopt all resources including PVCs
+adopt_resource secret authelia-secrets authelia authelia
+adopt_resource configmap authelia-config authelia authelia
+adopt_resource service authelia authelia authelia
+adopt_resource deployment authelia authelia authelia
+adopt_resource ingress authelia authelia authelia
+adopt_resource pvc authelia-data authelia authelia
+
+helm upgrade --install authelia "$PROJECT_ROOT/k8s/authelia" \
+  --namespace authelia \
+  --create-namespace \
+  -f "$PROJECT_ROOT/k8s/authelia/values.yaml" \
+  -f "$PROJECT_ROOT/k8s/authelia/values-$ENV.yaml"
 
 # 2. Update Console (The Wiki)
 echo "📦 Updating Console..."
-helm upgrade --install console k8s/console 
-  --namespace console 
-  --create-namespace 
-  -f k8s/console/values-$ENV.yaml
+adopt_resource secret console-html console console
+adopt_resource service console console console
+adopt_resource deployment console console console
+adopt_resource ingress console console console
 
-# 3. Optional: Update Ingress-Nginx (usually static, but good to have)
+helm upgrade --install console "$PROJECT_ROOT/k8s/console" \
+  --namespace console \
+  --create-namespace \
+  -f "$PROJECT_ROOT/k8s/console/values-$ENV.yaml"
+
+# 3. Optional: Update Ingress-Nginx
 if [[ "$2" == "--with-ingress" ]]; then
   echo "📦 Updating Ingress-Nginx..."
-  # Note: This uses the official repo but local values pattern if we had one
-  # For now, we'll just trigger a restart to pick up any config changes if needed
   kubectl rollout restart deployment/ingress-nginx-controller -n ingress-nginx
 fi