Skip to content

chore(deps): update helm release authentik to v2025.12.1 #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
youhide wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update helm release authentik to v2025.12.1 #92

youhide wants to merge 1 commit into from

Conversation

@youhide
Copy link
Owner

@youhide youhide commented Dec 17, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
authentik (source) helm_release minor 2025.10.22025.12.1

Release Notes

goauthentik/helm (authentik)

v2025.12.1

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

Full Changelog: goauthentik/helm@authentik-2025.12.0...authentik-2025.12.1

v2025.12.0

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

New Contributors

Full Changelog: goauthentik/helm@authentik-2025.10.3...authentik-2025.12.0

v2025.10.3

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

Full Changelog: goauthentik/helm@authentik-2025.10.2...authentik-2025.10.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@youhide-atlantis
Copy link

youhide-atlantis bot commented Dec 17, 2025

Ran Plan for 2 projects:

  1. dir: terragrunt/kubernetes/authentik-config workspace: terragrunt_kubernetes_authentik-config
  2. dir: terragrunt/kubernetes/authentik workspace: terragrunt_kubernetes_authentik

1. dir: terragrunt/kubernetes/authentik-config workspace: terragrunt_kubernetes_authentik-config

Plan Error

Show Output 
running 'sh -c' 'terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE' in '/home/atlantis/.atlantis/repos/youhide/hideForming/92/terragrunt_kubernetes_authentik-config/terragrunt/kubernetes/authentik-config': exit status 1: running "terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\\\') -no-color -out $PLANFILE" in "/home/atlantis/.atlantis/repos/youhide/hideForming/92/terragrunt_kubernetes_authentik-config/terragrunt/kubernetes/authentik-config": 
01:00:22.355 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
01:00:22.386 INFO   tofu: Initializing the backend...
01:00:22.412 INFO   tofu: Successfully configured the backend "s3"! OpenTofu will automatically
01:00:22.412 INFO   tofu: use this backend unless the backend configuration changes.
01:00:22.429 INFO   tofu: Initializing provider plugins...
01:00:22.429 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:00:22.917 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:00:23.047 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:00:23.323 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:00:23.453 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:00:23.554 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:00:23.706 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:00:23.802 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:00:25.027 INFO   tofu: - Installing hashicorp/kubernetes v2.36.0...
01:00:26.761 INFO   tofu: - Installed hashicorp/kubernetes v2.36.0 (signed, key ID 0C0AF313E5FD9F80)
01:00:27.900 INFO   tofu: - Installing hashicorp/helm v3.0.0-pre2...
01:00:30.235 INFO   tofu: - Installed hashicorp/helm v3.0.0-pre2 (signed, key ID 0C0AF313E5FD9F80)
01:00:31.376 INFO   tofu: - Installing goauthentik/authentik v2025.8.1...
01:00:32.624 INFO   tofu: - Installed goauthentik/authentik v2025.8.1. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:33.376 INFO   tofu: - Installing gavinbunney/kubectl v1.19.0...
01:00:35.236 INFO   tofu: - Installed gavinbunney/kubectl v1.19.0 (signed, key ID 1E1CE42504F5FBB2)
01:00:35.511 INFO   tofu: - Installing aminueza/minio v3.5.0...
01:00:36.402 INFO   tofu: - Installed aminueza/minio v3.5.0. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:36.782 INFO   tofu: - Installing cloudflare/cloudflare v5.4.0...
01:00:38.970 INFO   tofu: - Installed cloudflare/cloudflare v5.4.0 (signed, key ID C76001609EE3B136)
01:00:39.238 INFO   tofu: - Installing hashicorp/vault v4.8.0...
01:00:40.500 INFO   tofu: - Installed hashicorp/vault v4.8.0 (signed, key ID 0C0AF313E5FD9F80)
01:00:40.793 INFO   tofu: - Installing telmate/proxmox v3.0.1-rc8...
01:00:41.551 INFO   tofu: - Installed telmate/proxmox v3.0.1-rc8. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:41.551 INFO   tofu: Providers are signed by their developers.
01:00:41.551 INFO   tofu: If you'd like to know more about provider signing, you can read about it here:
01:00:41.551 INFO   tofu: https://opentofu.org/docs/cli/plugins/signing/
01:00:41.551 INFO   tofu: OpenTofu has made some changes to the provider dependency selections recorded
01:00:41.551 INFO   tofu: in the .terraform.lock.hcl file. Review those changes and commit them to your
01:00:41.551 INFO   tofu: version control system if they represent changes you intended to make.
01:00:41.551 INFO   tofu: OpenTofu has been successfully initialized!
01:00:43.080 STDOUT tofu: data.authentik_property_mapping_provider_scope.oauth2: Reading...
01:00:43.080 STDOUT tofu: data.authentik_flow.authorization_flow: Reading...
01:00:43.080 STDOUT tofu: data.authentik_flow.invalidation_flow: Reading...
01:00:43.083 STDOUT tofu: data.authentik_certificate_key_pair.rs256_keypair: Reading...
01:00:43.130 STDOUT tofu: Planning failed. OpenTofu encountered an error while generating this plan.
01:00:43.130 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-authentication-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.130 STDERR tofu:   with data.authentik_flow.authorization_flow,
01:00:43.130 STDERR tofu:   on main.tf line 7, in data "authentik_flow" "authorization_flow":
01:00:43.130 STDERR tofu:    7: data "authentik_flow" "authorization_flow" {
01:00:43.130 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-invalidation-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.130 STDERR tofu:   with data.authentik_flow.invalidation_flow,
01:00:43.130 STDERR tofu:   on main.tf line 11, in data "authentik_flow" "invalidation_flow":
01:00:43.130 STDERR tofu:   11: data "authentik_flow" "invalidation_flow" {
01:00:43.135 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/propertymappings/provider/scope/?managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-email&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-openid&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-profile": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.135 STDERR tofu:   with data.authentik_property_mapping_provider_scope.oauth2,
01:00:43.135 STDERR tofu:   on main.tf line 15, in data "authentik_property_mapping_provider_scope" "oauth2":
01:00:43.135 STDERR tofu:   15: data "authentik_property_mapping_provider_scope" "oauth2" {
01:00:43.140 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/crypto/certificatekeypairs/?include_details=true&name=authentik+Self-signed+Certificate": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.140 STDERR tofu:   with data.authentik_certificate_key_pair.rs256_keypair,
01:00:43.140 STDERR tofu:   on main.tf line 24, in data "authentik_certificate_key_pair" "rs256_keypair":
01:00:43.140 STDERR tofu:   24: data "authentik_certificate_key_pair" "rs256_keypair" {
01:00:43.152 ERROR  tofu invocation failed in ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
01:00:43.152 ERROR  error occurred:

* Failed to execute "tofu plan -input=false -out ./terragrunt_kubernetes_authentik-config.tfplan -no-color" in ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-authentication-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_flow.authorization_flow,
    on main.tf line 7, in data "authentik_flow" "authorization_flow":
     7: data "authentik_flow" "authorization_flow" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-invalidation-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_flow.invalidation_flow,
    on main.tf line 11, in data "authentik_flow" "invalidation_flow":
    11: data "authentik_flow" "invalidation_flow" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/propertymappings/provider/scope/?managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-email&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-openid&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-profile": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_property_mapping_provider_scope.oauth2,
    on main.tf line 15, in data "authentik_property_mapping_provider_scope" "oauth2":
    15: data "authentik_property_mapping_provider_scope" "oauth2" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/crypto/certificatekeypairs/?include_details=true&name=authentik+Self-signed+Certificate": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_certificate_key_pair.rs256_keypair,
    on main.tf line 24, in data "authentik_certificate_key_pair" "rs256_keypair":
    24: data "authentik_certificate_key_pair" "rs256_keypair" {
  
  
  exit status 1


Authenticated

2. dir: terragrunt/kubernetes/authentik workspace: terragrunt_kubernetes_authentik

Show Output 
Authenticated

01:00:45.506 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/bTyTbrSmrTW1u0RWFe8LEciekVs/KXlWF0qjw63x4EDBwwSxsvjy7ds
01:00:45.557 INFO   tofu: Initializing the backend...
01:00:45.931 INFO   tofu: Initializing provider plugins...
01:00:45.931 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:00:46.139 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:00:46.262 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:00:46.344 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:00:46.495 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:00:46.636 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:00:46.776 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:00:46.893 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:00:47.070 INFO   tofu: - Using previously-installed aminueza/minio v3.5.0
01:00:47.189 INFO   tofu: - Using previously-installed cloudflare/cloudflare v5.4.0
01:00:47.218 INFO   tofu: - Using previously-installed hashicorp/vault v4.8.0
01:00:47.234 INFO   tofu: - Using previously-installed telmate/proxmox v3.0.1-rc8
01:00:47.283 INFO   tofu: - Using previously-installed hashicorp/kubernetes v2.36.0
01:00:47.335 INFO   tofu: - Using previously-installed hashicorp/helm v3.0.0-pre2
01:00:47.365 INFO   tofu: - Using previously-installed goauthentik/authentik v2025.8.1
01:00:47.417 INFO   tofu: - Using previously-installed gavinbunney/kubectl v1.19.0
01:00:47.417 INFO   tofu: OpenTofu has been successfully initialized!
01:00:48.495 STDOUT tofu: OpenTofu used the selected providers to generate the following execution
01:00:48.495 STDOUT tofu: plan. Resource actions are indicated with the following symbols:
01:00:48.495 STDOUT tofu:   ~ update in-place
01:00:48.495 STDOUT tofu: OpenTofu will perform the following actions:
01:00:48.496 STDOUT tofu:   # helm_release.authentik will be updated in-place
01:00:48.496 STDOUT tofu:   ~ resource "helm_release" "authentik" {
01:00:48.496 STDOUT tofu:       ~ id                         = "authentik" -> (known after apply)
01:00:48.496 STDOUT tofu:       ~ metadata                   = {
01:00:48.496 STDOUT tofu:           ~ app_version    = "2025.10.2" -> (known after apply)
01:00:48.496 STDOUT tofu:           ~ chart          = "authentik" -> (known after apply)
01:00:48.496 STDOUT tofu:           ~ first_deployed = 1765211853 -> (known after apply)
01:00:48.496 STDOUT tofu:           ~ last_deployed  = 1765211853 -> (known after apply)
01:00:48.497 STDOUT tofu:           ~ name           = "authentik" -> (known after apply)
01:00:48.497 STDOUT tofu:           ~ namespace      = "authentik" -> (known after apply)
01:00:48.497 STDOUT tofu:           ~ revision       = 1 -> (known after apply)
01:00:48.497 STDOUT tofu:           ~ values         = jsonencode(
01:00:48.497 STDOUT tofu:                 {
01:00:48.497 STDOUT tofu:                   - authentik  = {
01:00:48.497 STDOUT tofu:                       - bootstrap_email = "youri@youhide.com.br"
01:00:48.497 STDOUT tofu:                       - email           = {
01:00:48.497 STDOUT tofu:                           - from     = "Authentik <postmaster@mg.tkasolutions.com.br>"
01:00:48.497 STDOUT tofu:                           - host     = "smtp.mailgun.org"
01:00:48.497 STDOUT tofu:                           - port     = 587
01:00:48.497 STDOUT tofu:                           - use_tls  = true
01:00:48.497 STDOUT tofu:                           - username = "postmaster@mg.tkasolutions.com.br"
01:00:48.497 STDOUT tofu:                         }
01:00:48.497 STDOUT tofu:                     }
01:00:48.497 STDOUT tofu:                   - global     = {
01:00:48.497 STDOUT tofu:                       - env = [
01:00:48.497 STDOUT tofu:                           - {
01:00:48.497 STDOUT tofu:                               - name      = "AUTHENTIK_SECRET_KEY"
01:00:48.497 STDOUT tofu:                               - valueFrom = {
01:00:48.497 STDOUT tofu:                                   - secretKeyRef = {
01:00:48.497 STDOUT tofu:                                       - key  = "authentik-secret-key"
01:00:48.497 STDOUT tofu:                                       - name = "authentik-secrets"
01:00:48.497 STDOUT tofu:                                     }
01:00:48.497 STDOUT tofu:                                 }
01:00:48.497 STDOUT tofu:                             },
01:00:48.497 STDOUT tofu:                           - {
01:00:48.497 STDOUT tofu:                               - name      = "AUTHENTIK_EMAIL__PASSWORD"
01:00:48.497 STDOUT tofu:                               - valueFrom = {
01:00:48.497 STDOUT tofu:                                   - secretKeyRef = {
01:00:48.497 STDOUT tofu:                                       - key  = "smtp-password"
01:00:48.497 STDOUT tofu:                                       - name = "authentik-secrets"
01:00:48.498 STDOUT tofu:                                     }
01:00:48.498 STDOUT tofu:                                 }
01:00:48.498 STDOUT tofu:                             },
01:00:48.498 STDOUT tofu:                           - {
01:00:48.498 STDOUT tofu:                               - name      = "AUTHENTIK_BOOTSTRAP_PASSWORD"
01:00:48.498 STDOUT tofu:                               - valueFrom = {
01:00:48.498 STDOUT tofu:                                   - secretKeyRef = {
01:00:48.498 STDOUT tofu:                                       - key  = "token"
01:00:48.498 STDOUT tofu:                                       - name = "authentik-secrets"
01:00:48.498 STDOUT tofu:                                     }
01:00:48.498 STDOUT tofu:                                 }
01:00:48.498 STDOUT tofu:                             },
01:00:48.498 STDOUT tofu:                           - {
01:00:48.498 STDOUT tofu:                               - name      = "AUTHENTIK_BOOTSTRAP_TOKEN"
01:00:48.498 STDOUT tofu:                               - valueFrom = {
01:00:48.498 STDOUT tofu:                                   - secretKeyRef = {
01:00:48.498 STDOUT tofu:                                       - key  = "token"
01:00:48.498 STDOUT tofu:                                       - name = "authentik-secrets"
01:00:48.498 STDOUT tofu:                                     }
01:00:48.498 STDOUT tofu:                                 }
01:00:48.498 STDOUT tofu:                             },
01:00:48.498 STDOUT tofu:                           - {
01:00:48.498 STDOUT tofu:                               - name      = "POSTGRES_PASSWORD"
01:00:48.498 STDOUT tofu:                               - valueFrom = {
01:00:48.498 STDOUT tofu:                                   - secretKeyRef = {
01:00:48.498 STDOUT tofu:                                       - key  = "postgresql-password"
01:00:48.498 STDOUT tofu:                                       - name = "authentik-secrets"
01:00:48.498 STDOUT tofu:                                     }
01:00:48.498 STDOUT tofu:                                 }
01:00:48.498 STDOUT tofu:                             },
01:00:48.498 STDOUT tofu:                         ]
01:00:48.498 STDOUT tofu:                     }
01:00:48.498 STDOUT tofu:                   - postgresql = {
01:00:48.498 STDOUT tofu:                       - auth    = {
01:00:48.498 STDOUT tofu:                           - existingSecret = "authentik-secrets"
01:00:48.498 STDOUT tofu:                           - secretKeys     = {
01:00:48.498 STDOUT tofu:                               - userPasswordKey = "postgresql-password"
01:00:48.498 STDOUT tofu:                             }
01:00:48.498 STDOUT tofu:                         }
01:00:48.498 STDOUT tofu:                       - enabled = true
01:00:48.499 STDOUT tofu:                       - primary = {
01:00:48.499 STDOUT tofu:                           - persistence = {
01:00:48.499 STDOUT tofu:                               - accessModes  = [
01:00:48.499 STDOUT tofu:                                   - "ReadWriteOnce",
01:00:48.499 STDOUT tofu:                                 ]
01:00:48.499 STDOUT tofu:                               - size         = "4Gi"
01:00:48.499 STDOUT tofu:                               - storageClass = "longhorn"
01:00:48.499 STDOUT tofu:                             }
01:00:48.499 STDOUT tofu:                         }
01:00:48.499 STDOUT tofu:                     }
01:00:48.499 STDOUT tofu:                   - redis      = {
01:00:48.499 STDOUT tofu:                       - enabled = true
01:00:48.499 STDOUT tofu:                       - master  = {
01:00:48.499 STDOUT tofu:                           - persistence = {
01:00:48.499 STDOUT tofu:                               - accessModes  = [
01:00:48.499 STDOUT tofu:                                   - "ReadWriteOnce",
01:00:48.499 STDOUT tofu:                                 ]
01:00:48.499 STDOUT tofu:                               - size         = "2Gi"
01:00:48.499 STDOUT tofu:                               - storageClass = "local-path"
01:00:48.499 STDOUT tofu:                             }
01:00:48.499 STDOUT tofu:                         }
01:00:48.499 STDOUT tofu:                     }
01:00:48.499 STDOUT tofu:                   - server     = {
01:00:48.499 STDOUT tofu:                       - ingress = {
01:00:48.499 STDOUT tofu:                           - enabled          = true
01:00:48.499 STDOUT tofu:                           - hosts            = [
01:00:48.499 STDOUT tofu:                               - "authentik.tkasolutions.com.br",
01:00:48.499 STDOUT tofu:                             ]
01:00:48.499 STDOUT tofu:                           - ingressClassName = "traefik"
01:00:48.499 STDOUT tofu:                         }
01:00:48.499 STDOUT tofu:                     }
01:00:48.499 STDOUT tofu:                 }
01:00:48.499 STDOUT tofu:             ) -> (known after apply)
01:00:48.499 STDOUT tofu:           ~ version        = "2025.10.2" -> (known after apply)
01:00:48.499 STDOUT tofu:         } -> (known after apply)
01:00:48.499 STDOUT tofu:         name                       = "authentik"
01:00:48.499 STDOUT tofu:       ~ values                     = [
01:00:48.499 STDOUT tofu:           - <<-EOT
01:00:48.499 STDOUT tofu:                 "authentik":
01:00:48.499 STDOUT tofu:                   "bootstrap_email": "youri@youhide.com.br"
01:00:48.499 STDOUT tofu:                   "email":
01:00:48.499 STDOUT tofu:                     "from": "Authentik <postmaster@mg.tkasolutions.com.br>"
01:00:48.499 STDOUT tofu:                     "host": "smtp.mailgun.org"
01:00:48.500 STDOUT tofu:                     "port": 587
01:00:48.500 STDOUT tofu:                     "use_tls": true
01:00:48.500 STDOUT tofu:                     "username": "postmaster@mg.tkasolutions.com.br"
01:00:48.500 STDOUT tofu:                 "global":
01:00:48.500 STDOUT tofu:                   "env":
01:00:48.500 STDOUT tofu:                   - "name": "AUTHENTIK_SECRET_KEY"
01:00:48.500 STDOUT tofu:                     "valueFrom":
01:00:48.500 STDOUT tofu:                       "secretKeyRef":
01:00:48.500 STDOUT tofu:                         "key": "authentik-secret-key"
01:00:48.500 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.500 STDOUT tofu:                   - "name": "AUTHENTIK_EMAIL__PASSWORD"
01:00:48.500 STDOUT tofu:                     "valueFrom":
01:00:48.500 STDOUT tofu:                       "secretKeyRef":
01:00:48.500 STDOUT tofu:                         "key": "smtp-password"
01:00:48.500 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.500 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_PASSWORD"
01:00:48.500 STDOUT tofu:                     "valueFrom":
01:00:48.500 STDOUT tofu:                       "secretKeyRef":
01:00:48.500 STDOUT tofu:                         "key": "token"
01:00:48.500 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.500 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_TOKEN"
01:00:48.500 STDOUT tofu:                     "valueFrom":
01:00:48.500 STDOUT tofu:                       "secretKeyRef":
01:00:48.500 STDOUT tofu:                         "key": "token"
01:00:48.500 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.500 STDOUT tofu:                   - "name": "POSTGRES_PASSWORD"
01:00:48.500 STDOUT tofu:                     "valueFrom":
01:00:48.500 STDOUT tofu:                       "secretKeyRef":
01:00:48.500 STDOUT tofu:                         "key": "postgresql-password"
01:00:48.500 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.500 STDOUT tofu:                 "postgresql":
01:00:48.500 STDOUT tofu:                   "auth":
01:00:48.500 STDOUT tofu:                     "existingSecret": "authentik-secrets"
01:00:48.500 STDOUT tofu:                     "secretKeys":
01:00:48.500 STDOUT tofu:                       "userPasswordKey": "postgresql-password"
01:00:48.500 STDOUT tofu:                   "enabled": true
01:00:48.500 STDOUT tofu:                   "primary":
01:00:48.500 STDOUT tofu:                     "persistence":
01:00:48.500 STDOUT tofu:                       "accessModes":
01:00:48.500 STDOUT tofu:                       - "ReadWriteOnce"
01:00:48.500 STDOUT tofu:                       "size": "4Gi"
01:00:48.500 STDOUT tofu:                       "storageClass": "longhorn"
01:00:48.500 STDOUT tofu:                 "redis":
01:00:48.500 STDOUT tofu:                   "enabled": true
01:00:48.500 STDOUT tofu:                   "master":
01:00:48.500 STDOUT tofu:                     "persistence":
01:00:48.500 STDOUT tofu:                       "accessModes":
01:00:48.500 STDOUT tofu:                       - "ReadWriteOnce"
01:00:48.500 STDOUT tofu:                       "size": "2Gi"
01:00:48.500 STDOUT tofu:                       "storageClass": "local-path"
01:00:48.500 STDOUT tofu:                 "server":
01:00:48.500 STDOUT tofu:                   "ingress":
01:00:48.500 STDOUT tofu:                     "enabled": true
01:00:48.500 STDOUT tofu:                     "hosts":
01:00:48.500 STDOUT tofu:                     - "authentik.tkasolutions.com.br"
01:00:48.500 STDOUT tofu:                     "ingressClassName": "traefik"
01:00:48.500 STDOUT tofu:             EOT,
01:00:48.500 STDOUT tofu:           + <<-EOT
01:00:48.500 STDOUT tofu:                 "authentik":
01:00:48.500 STDOUT tofu:                   "bootstrap_email": "youri@youhide.com.br"
01:00:48.500 STDOUT tofu:                   "email":
01:00:48.500 STDOUT tofu:                     "from": "Authentik <postmaster@mg.tkasolutions.com.br>"
01:00:48.501 STDOUT tofu:                     "host": "smtp.mailgun.org"
01:00:48.501 STDOUT tofu:                     "port": 587
01:00:48.501 STDOUT tofu:                     "use_tls": true
01:00:48.501 STDOUT tofu:                     "username": "postmaster@mg.tkasolutions.com.br"
01:00:48.501 STDOUT tofu:                 "global":
01:00:48.501 STDOUT tofu:                   "env":
01:00:48.501 STDOUT tofu:                   - "name": "AUTHENTIK_SECRET_KEY"
01:00:48.501 STDOUT tofu:                     "valueFrom":
01:00:48.501 STDOUT tofu:                       "secretKeyRef":
01:00:48.501 STDOUT tofu:                         "key": "authentik-secret-key"
01:00:48.501 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.501 STDOUT tofu:                   - "name": "AUTHENTIK_EMAIL__PASSWORD"
01:00:48.501 STDOUT tofu:                     "valueFrom":
01:00:48.501 STDOUT tofu:                       "secretKeyRef":
01:00:48.501 STDOUT tofu:                         "key": "smtp-password"
01:00:48.501 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.501 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_PASSWORD"
01:00:48.501 STDOUT tofu:                     "valueFrom":
01:00:48.501 STDOUT tofu:                       "secretKeyRef":
01:00:48.501 STDOUT tofu:                         "key": "token"
01:00:48.501 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.501 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_TOKEN"
01:00:48.501 STDOUT tofu:                     "valueFrom":
01:00:48.501 STDOUT tofu:                       "secretKeyRef":
01:00:48.501 STDOUT tofu:                         "key": "token"
01:00:48.501 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.501 STDOUT tofu:                   - "name": "POSTGRES_PASSWORD"
01:00:48.501 STDOUT tofu:                     "valueFrom":
01:00:48.501 STDOUT tofu:                       "secretKeyRef":
01:00:48.501 STDOUT tofu:                         "key": "postgresql-password"
01:00:48.501 STDOUT tofu:                         "name": "authentik-secrets"
01:00:48.501 STDOUT tofu:                 "postgresql":
01:00:48.501 STDOUT tofu:                   "auth":
01:00:48.501 STDOUT tofu:                     "existingSecret": "authentik-secrets"
01:00:48.501 STDOUT tofu:                     "secretKeys":
01:00:48.501 STDOUT tofu:                       "userPasswordKey": "postgresql-password"
01:00:48.501 STDOUT tofu:                   "enabled": true
01:00:48.501 STDOUT tofu:                   "primary":
01:00:48.501 STDOUT tofu:                     "persistence":
01:00:48.501 STDOUT tofu:                       "accessModes":
01:00:48.501 STDOUT tofu:                       - "ReadWriteOnce"
01:00:48.501 STDOUT tofu:                       "size": "4Gi"
01:00:48.501 STDOUT tofu:                       "storageClass": "longhorn"
01:00:48.501 STDOUT tofu:                       "volumeName": "authentik-postgres"
01:00:48.501 STDOUT tofu:                 "redis":
01:00:48.501 STDOUT tofu:                   "enabled": true
01:00:48.501 STDOUT tofu:                   "master":
01:00:48.501 STDOUT tofu:                     "persistence":
01:00:48.501 STDOUT tofu:                       "accessModes":
01:00:48.501 STDOUT tofu:                       - "ReadWriteOnce"
01:00:48.501 STDOUT tofu:                       "size": "2Gi"
01:00:48.501 STDOUT tofu:                       "storageClass": "local-path"
01:00:48.501 STDOUT tofu:                       "volumeName": "authentik-redis"
01:00:48.502 STDOUT tofu:                 "server":
01:00:48.502 STDOUT tofu:                   "ingress":
01:00:48.502 STDOUT tofu:                     "enabled": true
01:00:48.502 STDOUT tofu:                     "hosts":
01:00:48.502 STDOUT tofu:                     - "auth.tkasolutions.com.br"
01:00:48.502 STDOUT tofu:                     "ingressClassName": "traefik"
01:00:48.502 STDOUT tofu:             EOT,
01:00:48.502 STDOUT tofu:         ]
01:00:48.502 STDOUT tofu:       ~ version                    = "2025.10.2" -> "2025.10.3"
01:00:48.502 STDOUT tofu:         # (25 unchanged attributes hidden)
01:00:48.502 STDOUT tofu:     }
01:00:48.502 STDOUT tofu: Plan: 0 to add, 1 to change, 0 to destroy.
01:00:48.502 STDOUT tofu:
  • ▶️ To apply this plan, comment: 
    atlantis apply -d terragrunt/kubernetes/authentik -w terragrunt_kubernetes_authentik
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d terragrunt/kubernetes/authentik -w terragrunt_kubernetes_authentik

Plan: 0 to add, 1 to change, 0 to destroy.

Plan Summary

2 projects, 1 with changes, 0 with no changes, 1 failed

  • ⏩ To apply all unapplied plans from this Pull Request, comment: 
    atlantis apply
  • 🚮 To delete all plans and locks from this Pull Request, comment: 
    atlantis unlock

@youhide youhide force-pushed the renovate/authentik-2025.x branch from 7c3ec1a to f94f46e Compare January 16, 2026 01:00
@youhide youhide changed the title chore(deps): update helm release authentik to v2025.10.3 chore(deps): update helm release authentik to v2025.12.0 Jan 16, 2026
@youhide-atlantis
Copy link

youhide-atlantis bot commented Jan 16, 2026

Ran Plan for 2 projects:

  1. dir: terragrunt/kubernetes/authentik-config workspace: terragrunt_kubernetes_authentik-config
  2. dir: terragrunt/kubernetes/authentik workspace: terragrunt_kubernetes_authentik

1. dir: terragrunt/kubernetes/authentik-config workspace: terragrunt_kubernetes_authentik-config

Plan Error

Show Output 
running 'sh -c' 'terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE' in '/home/atlantis/.atlantis/repos/youhide/hideForming/92/terragrunt_kubernetes_authentik-config/terragrunt/kubernetes/authentik-config': exit status 1: running "terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\\\') -no-color -out $PLANFILE" in "/home/atlantis/.atlantis/repos/youhide/hideForming/92/terragrunt_kubernetes_authentik-config/terragrunt/kubernetes/authentik-config": 
01:00:24.975 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
01:00:25.000 INFO   tofu: Initializing the backend...
01:00:25.066 INFO   tofu: Successfully configured the backend "s3"! OpenTofu will automatically
01:00:25.066 INFO   tofu: use this backend unless the backend configuration changes.
01:00:25.081 INFO   tofu: Initializing provider plugins...
01:00:25.081 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:00:25.534 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:00:25.832 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:00:26.111 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:00:26.388 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:00:26.651 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:00:26.751 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:00:26.865 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:00:28.072 INFO   tofu: - Installing cloudflare/cloudflare v5.4.0...
01:00:30.887 INFO   tofu: - Installed cloudflare/cloudflare v5.4.0 (signed, key ID C76001609EE3B136)
01:00:31.910 INFO   tofu: - Installing hashicorp/vault v4.8.0...
01:00:33.128 INFO   tofu: - Installed hashicorp/vault v4.8.0 (signed, key ID 0C0AF313E5FD9F80)
01:00:34.235 INFO   tofu: - Installing telmate/proxmox v3.0.1-rc8...
01:00:35.214 INFO   tofu: - Installed telmate/proxmox v3.0.1-rc8. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:35.472 INFO   tofu: - Installing hashicorp/kubernetes v2.36.0...
01:00:36.711 INFO   tofu: - Installed hashicorp/kubernetes v2.36.0 (signed, key ID 0C0AF313E5FD9F80)
01:00:36.954 INFO   tofu: - Installing hashicorp/helm v3.0.0-pre2...
01:00:38.198 INFO   tofu: - Installed hashicorp/helm v3.0.0-pre2 (signed, key ID 0C0AF313E5FD9F80)
01:00:38.455 INFO   tofu: - Installing goauthentik/authentik v2025.8.1...
01:00:39.422 INFO   tofu: - Installed goauthentik/authentik v2025.8.1. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:39.674 INFO   tofu: - Installing gavinbunney/kubectl v1.19.0...
01:00:41.376 INFO   tofu: - Installed gavinbunney/kubectl v1.19.0 (signed, key ID 1E1CE42504F5FBB2)
01:00:41.615 INFO   tofu: - Installing aminueza/minio v3.5.0...
01:00:42.396 INFO   tofu: - Installed aminueza/minio v3.5.0. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:00:42.396 INFO   tofu: Providers are signed by their developers.
01:00:42.396 INFO   tofu: If you'd like to know more about provider signing, you can read about it here:
01:00:42.396 INFO   tofu: https://opentofu.org/docs/cli/plugins/signing/
01:00:42.396 INFO   tofu: OpenTofu has made some changes to the provider dependency selections recorded
01:00:42.396 INFO   tofu: in the .terraform.lock.hcl file. Review those changes and commit them to your
01:00:42.396 INFO   tofu: version control system if they represent changes you intended to make.
01:00:42.396 INFO   tofu: OpenTofu has been successfully initialized!
01:00:43.387 STDOUT tofu: data.authentik_flow.authorization_flow: Reading...
01:00:43.387 STDOUT tofu: data.authentik_certificate_key_pair.rs256_keypair: Reading...
01:00:43.388 STDOUT tofu: data.authentik_property_mapping_provider_scope.oauth2: Reading...
01:00:43.390 STDOUT tofu: data.authentik_flow.invalidation_flow: Reading...
01:00:43.402 STDOUT tofu: Planning failed. OpenTofu encountered an error while generating this plan.
01:00:43.403 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-authentication-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.403 STDERR tofu:   with data.authentik_flow.authorization_flow,
01:00:43.403 STDERR tofu:   on main.tf line 7, in data "authentik_flow" "authorization_flow":
01:00:43.403 STDERR tofu:    7: data "authentik_flow" "authorization_flow" {
01:00:43.404 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-invalidation-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.404 STDERR tofu:   with data.authentik_flow.invalidation_flow,
01:00:43.404 STDERR tofu:   on main.tf line 11, in data "authentik_flow" "invalidation_flow":
01:00:43.404 STDERR tofu:   11: data "authentik_flow" "invalidation_flow" {
01:00:43.404 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/propertymappings/provider/scope/?managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-email&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-openid&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-profile": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.405 STDERR tofu:   with data.authentik_property_mapping_provider_scope.oauth2,
01:00:43.405 STDERR tofu:   on main.tf line 15, in data "authentik_property_mapping_provider_scope" "oauth2":
01:00:43.405 STDERR tofu:   15: data "authentik_property_mapping_provider_scope" "oauth2" {
01:00:43.405 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/crypto/certificatekeypairs/?include_details=true&name=authentik+Self-signed+Certificate": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:00:43.405 STDERR tofu:   with data.authentik_certificate_key_pair.rs256_keypair,
01:00:43.405 STDERR tofu:   on main.tf line 24, in data "authentik_certificate_key_pair" "rs256_keypair":
01:00:43.405 STDERR tofu:   24: data "authentik_certificate_key_pair" "rs256_keypair" {
01:00:43.410 ERROR  tofu invocation failed in ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
01:00:43.411 ERROR  error occurred:

* Failed to execute "tofu plan -input=false -out ./terragrunt_kubernetes_authentik-config.tfplan -no-color" in ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-authentication-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_flow.authorization_flow,
    on main.tf line 7, in data "authentik_flow" "authorization_flow":
     7: data "authentik_flow" "authorization_flow" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-invalidation-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_flow.invalidation_flow,
    on main.tf line 11, in data "authentik_flow" "invalidation_flow":
    11: data "authentik_flow" "invalidation_flow" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/propertymappings/provider/scope/?managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-email&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-openid&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-profile": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_property_mapping_provider_scope.oauth2,
    on main.tf line 15, in data "authentik_property_mapping_provider_scope" "oauth2":
    15: data "authentik_property_mapping_provider_scope" "oauth2" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/crypto/certificatekeypairs/?include_details=true&name=authentik+Self-signed+Certificate": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_certificate_key_pair.rs256_keypair,
    on main.tf line 24, in data "authentik_certificate_key_pair" "rs256_keypair":
    24: data "authentik_certificate_key_pair" "rs256_keypair" {
  
  
  exit status 1


Authenticated

2. dir: terragrunt/kubernetes/authentik workspace: terragrunt_kubernetes_authentik

Show Output 
Authenticated

01:00:48.799 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/bTyTbrSmrTW1u0RWFe8LEciekVs/KXlWF0qjw63x4EDBwwSxsvjy7ds
01:00:48.823 INFO   tofu: Initializing the backend...
01:00:49.103 INFO   tofu: Initializing provider plugins...
01:00:49.103 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:00:49.306 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:00:49.435 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:00:49.566 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:00:49.653 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:00:49.781 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:00:49.872 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:00:49.993 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:00:50.107 INFO   tofu: - Using previously-installed hashicorp/vault v4.8.0
01:00:50.118 INFO   tofu: - Using previously-installed telmate/proxmox v3.0.1-rc8
01:00:50.150 INFO   tofu: - Using previously-installed hashicorp/kubernetes v2.36.0
01:00:50.185 INFO   tofu: - Using previously-installed hashicorp/helm v3.0.0-pre2
01:00:50.207 INFO   tofu: - Using previously-installed goauthentik/authentik v2025.8.1
01:00:50.243 INFO   tofu: - Using previously-installed gavinbunney/kubectl v1.19.0
01:00:50.261 INFO   tofu: - Using previously-installed aminueza/minio v3.5.0
01:00:50.337 INFO   tofu: - Using previously-installed cloudflare/cloudflare v5.4.0
01:00:50.337 INFO   tofu: OpenTofu has been successfully initialized!
01:00:51.002 STDOUT tofu: OpenTofu used the selected providers to generate the following execution
01:00:51.003 STDOUT tofu: plan. Resource actions are indicated with the following symbols:
01:00:51.003 STDOUT tofu:   + create
01:00:51.003 STDOUT tofu: OpenTofu will perform the following actions:
01:00:51.004 STDOUT tofu:   # helm_release.authentik will be created
01:00:51.004 STDOUT tofu:   + resource "helm_release" "authentik" {
01:00:51.004 STDOUT tofu:       + atomic                     = false
01:00:51.004 STDOUT tofu:       + chart                      = "authentik"
01:00:51.004 STDOUT tofu:       + cleanup_on_fail            = false
01:00:51.004 STDOUT tofu:       + create_namespace           = false
01:00:51.004 STDOUT tofu:       + dependency_update          = false
01:00:51.004 STDOUT tofu:       + disable_crd_hooks          = false
01:00:51.004 STDOUT tofu:       + disable_openapi_validation = false
01:00:51.004 STDOUT tofu:       + disable_webhooks           = false
01:00:51.004 STDOUT tofu:       + force_update               = false
01:00:51.004 STDOUT tofu:       + id                         = (known after apply)
01:00:51.004 STDOUT tofu:       + lint                       = false
01:00:51.004 STDOUT tofu:       + max_history                = 0
01:00:51.004 STDOUT tofu:       + metadata                   = (known after apply)
01:00:51.004 STDOUT tofu:       + name                       = "authentik"
01:00:51.004 STDOUT tofu:       + namespace                  = "authentik"
01:00:51.004 STDOUT tofu:       + pass_credentials           = false
01:00:51.004 STDOUT tofu:       + recreate_pods              = false
01:00:51.004 STDOUT tofu:       + render_subchart_notes      = true
01:00:51.004 STDOUT tofu:       + replace                    = false
01:00:51.004 STDOUT tofu:       + repository                 = "https://charts.goauthentik.io"
01:00:51.004 STDOUT tofu:       + reset_values               = false
01:00:51.004 STDOUT tofu:       + reuse_values               = false
01:00:51.004 STDOUT tofu:       + skip_crds                  = false
01:00:51.004 STDOUT tofu:       + status                     = "deployed"
01:00:51.004 STDOUT tofu:       + timeout                    = 600
01:00:51.004 STDOUT tofu:       + values                     = [
01:00:51.004 STDOUT tofu:           + <<-EOT
01:00:51.004 STDOUT tofu:                 "authentik":
01:00:51.004 STDOUT tofu:                   "bootstrap_email": "youri@youhide.com.br"
01:00:51.004 STDOUT tofu:                   "email":
01:00:51.004 STDOUT tofu:                     "from": "Authentik <postmaster@mg.tkasolutions.com.br>"
01:00:51.004 STDOUT tofu:                     "host": "smtp.mailgun.org"
01:00:51.004 STDOUT tofu:                     "port": 587
01:00:51.005 STDOUT tofu:                     "use_tls": true
01:00:51.005 STDOUT tofu:                     "username": "postmaster@mg.tkasolutions.com.br"
01:00:51.005 STDOUT tofu:                 "global":
01:00:51.005 STDOUT tofu:                   "env":
01:00:51.005 STDOUT tofu:                   - "name": "AUTHENTIK_SECRET_KEY"
01:00:51.005 STDOUT tofu:                     "valueFrom":
01:00:51.005 STDOUT tofu:                       "secretKeyRef":
01:00:51.005 STDOUT tofu:                         "key": "authentik-secret-key"
01:00:51.005 STDOUT tofu:                         "name": "authentik-secrets"
01:00:51.005 STDOUT tofu:                   - "name": "AUTHENTIK_EMAIL__PASSWORD"
01:00:51.005 STDOUT tofu:                     "valueFrom":
01:00:51.005 STDOUT tofu:                       "secretKeyRef":
01:00:51.005 STDOUT tofu:                         "key": "smtp-password"
01:00:51.005 STDOUT tofu:                         "name": "authentik-secrets"
01:00:51.005 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_PASSWORD"
01:00:51.005 STDOUT tofu:                     "valueFrom":
01:00:51.005 STDOUT tofu:                       "secretKeyRef":
01:00:51.005 STDOUT tofu:                         "key": "token"
01:00:51.005 STDOUT tofu:                         "name": "authentik-secrets"
01:00:51.005 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_TOKEN"
01:00:51.005 STDOUT tofu:                     "valueFrom":
01:00:51.005 STDOUT tofu:                       "secretKeyRef":
01:00:51.005 STDOUT tofu:                         "key": "token"
01:00:51.005 STDOUT tofu:                         "name": "authentik-secrets"
01:00:51.005 STDOUT tofu:                   - "name": "POSTGRES_PASSWORD"
01:00:51.005 STDOUT tofu:                     "valueFrom":
01:00:51.005 STDOUT tofu:                       "secretKeyRef":
01:00:51.005 STDOUT tofu:                         "key": "postgresql-password"
01:00:51.005 STDOUT tofu:                         "name": "authentik-secrets"
01:00:51.005 STDOUT tofu:                 "postgresql":
01:00:51.005 STDOUT tofu:                   "auth":
01:00:51.005 STDOUT tofu:                     "existingSecret": "authentik-secrets"
01:00:51.005 STDOUT tofu:                     "secretKeys":
01:00:51.005 STDOUT tofu:                       "userPasswordKey": "postgresql-password"
01:00:51.005 STDOUT tofu:                   "enabled": true
01:00:51.005 STDOUT tofu:                   "primary":
01:00:51.005 STDOUT tofu:                     "persistence":
01:00:51.005 STDOUT tofu:                       "accessModes":
01:00:51.005 STDOUT tofu:                       - "ReadWriteOnce"
01:00:51.005 STDOUT tofu:                       "size": "4Gi"
01:00:51.005 STDOUT tofu:                       "storageClass": "longhorn"
01:00:51.005 STDOUT tofu:                 "redis":
01:00:51.005 STDOUT tofu:                   "enabled": true
01:00:51.005 STDOUT tofu:                   "master":
01:00:51.005 STDOUT tofu:                     "persistence":
01:00:51.005 STDOUT tofu:                       "accessModes":
01:00:51.005 STDOUT tofu:                       - "ReadWriteOnce"
01:00:51.005 STDOUT tofu:                       "size": "2Gi"
01:00:51.005 STDOUT tofu:                       "storageClass": "local-path"
01:00:51.005 STDOUT tofu:                 "server":
01:00:51.005 STDOUT tofu:                   "ingress":
01:00:51.005 STDOUT tofu:                     "enabled": true
01:00:51.005 STDOUT tofu:                     "hosts":
01:00:51.005 STDOUT tofu:                     - "authentik.tkasolutions.com.br"
01:00:51.005 STDOUT tofu:                     "ingressClassName": "traefik"
01:00:51.005 STDOUT tofu:             EOT,
01:00:51.005 STDOUT tofu:         ]
01:00:51.005 STDOUT tofu:       + verify                     = false
01:00:51.005 STDOUT tofu:       + version                    = "2025.12.0"
01:00:51.005 STDOUT tofu:       + wait                       = true
01:00:51.005 STDOUT tofu:       + wait_for_jobs              = false
01:00:51.005 STDOUT tofu:     }
01:00:51.005 STDOUT tofu:   # kubernetes_manifest.authentik_external_secret will be created
01:00:51.005 STDOUT tofu:   + resource "kubernetes_manifest" "authentik_external_secret" {
01:00:51.005 STDOUT tofu:       + manifest = {
01:00:51.005 STDOUT tofu:           + apiVersion = "external-secrets.io/v1"
01:00:51.005 STDOUT tofu:           + kind       = "ExternalSecret"
01:00:51.005 STDOUT tofu:           + metadata   = {
01:00:51.005 STDOUT tofu:               + name      = "authentik-vault-secrets"
01:00:51.006 STDOUT tofu:               + namespace = "authentik"
01:00:51.006 STDOUT tofu:             }
01:00:51.006 STDOUT tofu:           + spec       = {
01:00:51.006 STDOUT tofu:               + data            = [
01:00:51.006 STDOUT tofu:                   + {
01:00:51.006 STDOUT tofu:                       + remoteRef = {
01:00:51.006 STDOUT tofu:                           + key      = "TKA-Authentik-postgresql-password"
01:00:51.006 STDOUT tofu:                           + property = "password"
01:00:51.006 STDOUT tofu:                         }
01:00:51.006 STDOUT tofu:                       + secretKey = "postgresql-password"
01:00:51.006 STDOUT tofu:                     },
01:00:51.006 STDOUT tofu:                   + {
01:00:51.006 STDOUT tofu:                       + remoteRef = {
01:00:51.006 STDOUT tofu:                           + key      = "TKA-Authentik-secret-key"
01:00:51.006 STDOUT tofu:                           + property = "password"
01:00:51.006 STDOUT tofu:                         }
01:00:51.006 STDOUT tofu:                       + secretKey = "authentik-secret-key"
01:00:51.006 STDOUT tofu:                     },
01:00:51.006 STDOUT tofu:                   + {
01:00:51.006 STDOUT tofu:                       + remoteRef = {
01:00:51.006 STDOUT tofu:                           + key      = "TKA-Authentik-smtp-password"
01:00:51.006 STDOUT tofu:                           + property = "password"
01:00:51.006 STDOUT tofu:                         }
01:00:51.006 STDOUT tofu:                       + secretKey = "smtp-password"
01:00:51.006 STDOUT tofu:                     },
01:00:51.006 STDOUT tofu:                   + {
01:00:51.006 STDOUT tofu:                       + remoteRef = {
01:00:51.006 STDOUT tofu:                           + key      = "TKA-Authentik-token"
01:00:51.006 STDOUT tofu:                           + property = "password"
01:00:51.006 STDOUT tofu:                         }
01:00:51.006 STDOUT tofu:                       + secretKey = "token"
01:00:51.006 STDOUT tofu:                     },
01:00:51.006 STDOUT tofu:                 ]
01:00:51.006 STDOUT tofu:               + refreshInterval = "1h"
01:00:51.007 STDOUT tofu:               + secretStoreRef  = {
01:00:51.007 STDOUT tofu:                   + kind = "ClusterSecretStore"
01:00:51.007 STDOUT tofu:                   + name = "vault-backend"
01:00:51.007 STDOUT tofu:                 }
01:00:51.007 STDOUT tofu:               + target          = {
01:00:51.007 STDOUT tofu:                   + creationPolicy = "Owner"
01:00:51.007 STDOUT tofu:                   + name           = "authentik-secrets"
01:00:51.007 STDOUT tofu:                 }
01:00:51.007 STDOUT tofu:             }
01:00:51.007 STDOUT tofu:         }
01:00:51.007 STDOUT tofu:       + object   = {
01:00:51.007 STDOUT tofu:           + apiVersion = "external-secrets.io/v1"
01:00:51.007 STDOUT tofu:           + kind       = "ExternalSecret"
01:00:51.007 STDOUT tofu:           + metadata   = {
01:00:51.007 STDOUT tofu:               + annotations                = (known after apply)
01:00:51.007 STDOUT tofu:               + creationTimestamp          = (known after apply)
01:00:51.007 STDOUT tofu:               + deletionGracePeriodSeconds = (known after apply)
01:00:51.007 STDOUT tofu:               + deletionTimestamp          = (known after apply)
01:00:51.007 STDOUT tofu:               + finalizers                 = (known after apply)
01:00:51.007 STDOUT tofu:               + generateName               = (known after apply)
01:00:51.007 STDOUT tofu:               + generation                 = (known after apply)
01:00:51.007 STDOUT tofu:               + labels                     = (known after apply)
01:00:51.007 STDOUT tofu:               + managedFields              = (known after apply)
01:00:51.007 STDOUT tofu:               + name                       = "authentik-vault-secrets"
01:00:51.007 STDOUT tofu:               + namespace                  = "authentik"
01:00:51.007 STDOUT tofu:               + ownerReferences            = (known after apply)
01:00:51.007 STDOUT tofu:               + resourceVersion            = (known after apply)
01:00:51.007 STDOUT tofu:               + selfLink                   = (known after apply)
01:00:51.007 STDOUT tofu:               + uid                        = (known after apply)
01:00:51.008 STDOUT tofu:             }
01:00:51.008 STDOUT tofu:           + spec       = {
01:00:51.008 STDOUT tofu:               + data            = [
01:00:51.008 STDOUT tofu:                   + {
01:00:51.008 STDOUT tofu:                       + remoteRef = {
01:00:51.008 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:00:51.008 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:00:51.008 STDOUT tofu:                           + key                = "TKA-Authentik-postgresql-password"
01:00:51.008 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:00:51.008 STDOUT tofu:                           + property           = "password"
01:00:51.008 STDOUT tofu:                           + version            = (known after apply)
01:00:51.008 STDOUT tofu:                         }
01:00:51.008 STDOUT tofu:                       + secretKey = "postgresql-password"
01:00:51.008 STDOUT tofu:                       + sourceRef = {
01:00:51.008 STDOUT tofu:                           + generatorRef = {
01:00:51.008 STDOUT tofu:                               + apiVersion = (known after apply)
01:00:51.008 STDOUT tofu:                               + kind       = (known after apply)
01:00:51.008 STDOUT tofu:                               + name       = (known after apply)
01:00:51.008 STDOUT tofu:                             }
01:00:51.008 STDOUT tofu:                           + storeRef     = {
01:00:51.008 STDOUT tofu:                               + kind = (known after apply)
01:00:51.008 STDOUT tofu:                               + name = (known after apply)
01:00:51.008 STDOUT tofu:                             }
01:00:51.008 STDOUT tofu:                         }
01:00:51.008 STDOUT tofu:                     },
01:00:51.008 STDOUT tofu:                   + {
01:00:51.008 STDOUT tofu:                       + remoteRef = {
01:00:51.008 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:00:51.008 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:00:51.008 STDOUT tofu:                           + key                = "TKA-Authentik-secret-key"
01:00:51.008 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:00:51.008 STDOUT tofu:                           + property           = "password"
01:00:51.009 STDOUT tofu:                           + version            = (known after apply)
01:00:51.009 STDOUT tofu:                         }
01:00:51.009 STDOUT tofu:                       + secretKey = "authentik-secret-key"
01:00:51.009 STDOUT tofu:                       + sourceRef = {
01:00:51.009 STDOUT tofu:                           + generatorRef = {
01:00:51.009 STDOUT tofu:                               + apiVersion = (known after apply)
01:00:51.009 STDOUT tofu:                               + kind       = (known after apply)
01:00:51.009 STDOUT tofu:                               + name       = (known after apply)
01:00:51.009 STDOUT tofu:                             }
01:00:51.009 STDOUT tofu:                           + storeRef     = {
01:00:51.009 STDOUT tofu:                               + kind = (known after apply)
01:00:51.009 STDOUT tofu:                               + name = (known after apply)
01:00:51.009 STDOUT tofu:                             }
01:00:51.009 STDOUT tofu:                         }
01:00:51.009 STDOUT tofu:                     },
01:00:51.009 STDOUT tofu:                   + {
01:00:51.009 STDOUT tofu:                       + remoteRef = {
01:00:51.009 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:00:51.009 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:00:51.009 STDOUT tofu:                           + key                = "TKA-Authentik-smtp-password"
01:00:51.009 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:00:51.009 STDOUT tofu:                           + property           = "password"
01:00:51.009 STDOUT tofu:                           + version            = (known after apply)
01:00:51.009 STDOUT tofu:                         }
01:00:51.009 STDOUT tofu:                       + secretKey = "smtp-password"
01:00:51.009 STDOUT tofu:                       + sourceRef = {
01:00:51.009 STDOUT tofu:                           + generatorRef = {
01:00:51.009 STDOUT tofu:                               + apiVersion = (known after apply)
01:00:51.009 STDOUT tofu:                               + kind       = (known after apply)
01:00:51.009 STDOUT tofu:                               + name       = (known after apply)
01:00:51.009 STDOUT tofu:                             }
01:00:51.009 STDOUT tofu:                           + storeRef     = {
01:00:51.009 STDOUT tofu:                               + kind = (known after apply)
01:00:51.009 STDOUT tofu:                               + name = (known after apply)
01:00:51.009 STDOUT tofu:                             }
01:00:51.009 STDOUT tofu:                         }
01:00:51.009 STDOUT tofu:                     },
01:00:51.009 STDOUT tofu:                   + {
01:00:51.009 STDOUT tofu:                       + remoteRef = {
01:00:51.009 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:00:51.009 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:00:51.009 STDOUT tofu:                           + key                = "TKA-Authentik-token"
01:00:51.010 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:00:51.010 STDOUT tofu:                           + property           = "password"
01:00:51.010 STDOUT tofu:                           + version            = (known after apply)
01:00:51.010 STDOUT tofu:                         }
01:00:51.010 STDOUT tofu:                       + secretKey = "token"
01:00:51.010 STDOUT tofu:                       + sourceRef = {
01:00:51.010 STDOUT tofu:                           + generatorRef = {
01:00:51.010 STDOUT tofu:                               + apiVersion = (known after apply)
01:00:51.010 STDOUT tofu:                               + kind       = (known after apply)
01:00:51.010 STDOUT tofu:                               + name       = (known after apply)
01:00:51.010 STDOUT tofu:                             }
01:00:51.010 STDOUT tofu:                           + storeRef     = {
01:00:51.010 STDOUT tofu:                               + kind = (known after apply)
01:00:51.010 STDOUT tofu:                               + name = (known after apply)
01:00:51.010 STDOUT tofu:                             }
01:00:51.010 STDOUT tofu:                         }
01:00:51.010 STDOUT tofu:                     },
01:00:51.010 STDOUT tofu:                 ]
01:00:51.010 STDOUT tofu:               + dataFrom        = (known after apply)
01:00:51.010 STDOUT tofu:               + refreshInterval = "1h"
01:00:51.010 STDOUT tofu:               + refreshPolicy   = (known after apply)
01:00:51.010 STDOUT tofu:               + secretStoreRef  = {
01:00:51.010 STDOUT tofu:                   + kind = "ClusterSecretStore"
01:00:51.010 STDOUT tofu:                   + name = "vault-backend"
01:00:51.010 STDOUT tofu:                 }
01:00:51.010 STDOUT tofu:               + target          = {
01:00:51.010 STDOUT tofu:                   + creationPolicy = "Owner"
01:00:51.010 STDOUT tofu:                   + deletionPolicy = (known after apply)
01:00:51.010 STDOUT tofu:                   + immutable      = (known after apply)
01:00:51.010 STDOUT tofu:                   + manifest       = {
01:00:51.010 STDOUT tofu:                       + apiVersion = (known after apply)
01:00:51.010 STDOUT tofu:                       + kind       = (known after apply)
01:00:51.010 STDOUT tofu:                     }
01:00:51.010 STDOUT tofu:                   + name           = "authentik-secrets"
01:00:51.010 STDOUT tofu:                   + template       = {
01:00:51.010 STDOUT tofu:                       + data          = (known after apply)
01:00:51.010 STDOUT tofu:                       + engineVersion = (known after apply)
01:00:51.010 STDOUT tofu:                       + mergePolicy   = (known after apply)
01:00:51.010 STDOUT tofu:                       + metadata      = {
01:00:51.010 STDOUT tofu:                           + annotations = (known after apply)
01:00:51.010 STDOUT tofu:                           + finalizers  = (known after apply)
01:00:51.010 STDOUT tofu:                           + labels      = (known after apply)
01:00:51.010 STDOUT tofu:                         }
01:00:51.010 STDOUT tofu:                       + templateFrom  = (known after apply)
01:00:51.010 STDOUT tofu:                       + type          = (known after apply)
01:00:51.010 STDOUT tofu:                     }
01:00:51.011 STDOUT tofu:                 }
01:00:51.011 STDOUT tofu:             }
01:00:51.011 STDOUT tofu:         }
01:00:51.011 STDOUT tofu:       + field_manager {
01:00:51.011 STDOUT tofu:           + force_conflicts = true
01:00:51.011 STDOUT tofu:         }
01:00:51.011 STDOUT tofu:     }
01:00:51.011 STDOUT tofu:   # kubernetes_namespace.authentik will be created
01:00:51.011 STDOUT tofu:   + resource "kubernetes_namespace" "authentik" {
01:00:51.011 STDOUT tofu:       + id                               = (known after apply)
01:00:51.011 STDOUT tofu:       + wait_for_default_service_account = false
01:00:51.011 STDOUT tofu:       + metadata {
01:00:51.011 STDOUT tofu:           + generation       = (known after apply)
01:00:51.011 STDOUT tofu:           + name             = "authentik"
01:00:51.011 STDOUT tofu:           + resource_version = (known after apply)
01:00:51.011 STDOUT tofu:           + uid              = (known after apply)
01:00:51.011 STDOUT tofu:         }
01:00:51.011 STDOUT tofu:     }
01:00:51.011 STDOUT tofu: Plan: 3 to add, 0 to change, 0 to destroy.
01:00:51.011 STDOUT tofu:
  • ▶️ To apply this plan, comment: 
    atlantis apply -d terragrunt/kubernetes/authentik -w terragrunt_kubernetes_authentik
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d terragrunt/kubernetes/authentik -w terragrunt_kubernetes_authentik

Plan: 3 to add, 0 to change, 0 to destroy.

Plan Summary

2 projects, 1 with changes, 0 with no changes, 1 failed

  • ⏩ To apply all unapplied plans from this Pull Request, comment: 
    atlantis apply
  • 🚮 To delete all plans and locks from this Pull Request, comment: 
    atlantis unlock

@youhide youhide force-pushed the renovate/authentik-2025.x branch from f94f46e to b03b407 Compare January 17, 2026 01:00
@youhide youhide changed the title chore(deps): update helm release authentik to v2025.12.0 chore(deps): update helm release authentik to v2025.12.1 Jan 17, 2026
@youhide-atlantis
Copy link

youhide-atlantis bot commented Jan 17, 2026

Ran Plan for 2 projects:

  1. dir: terragrunt/kubernetes/authentik workspace: terragrunt_kubernetes_authentik
  2. dir: terragrunt/kubernetes/authentik-config workspace: terragrunt_kubernetes_authentik-config

1. dir: terragrunt/kubernetes/authentik workspace: terragrunt_kubernetes_authentik

Show Output 
Authenticated

01:01:23.884 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/bTyTbrSmrTW1u0RWFe8LEciekVs/KXlWF0qjw63x4EDBwwSxsvjy7ds
01:01:23.908 INFO   tofu: Initializing the backend...
01:01:24.188 INFO   tofu: Initializing provider plugins...
01:01:24.188 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:01:24.378 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:01:24.479 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:01:24.566 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:01:24.662 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:01:24.783 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:01:24.883 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:01:24.982 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:01:25.141 INFO   tofu: - Using previously-installed gavinbunney/kubectl v1.19.0
01:01:25.156 INFO   tofu: - Using previously-installed aminueza/minio v3.5.0
01:01:25.234 INFO   tofu: - Using previously-installed cloudflare/cloudflare v5.4.0
01:01:25.256 INFO   tofu: - Using previously-installed hashicorp/vault v4.8.0
01:01:25.270 INFO   tofu: - Using previously-installed telmate/proxmox v3.0.1-rc8
01:01:25.302 INFO   tofu: - Using previously-installed hashicorp/kubernetes v2.36.0
01:01:25.339 INFO   tofu: - Using previously-installed hashicorp/helm v3.0.0-pre2
01:01:25.360 INFO   tofu: - Using previously-installed goauthentik/authentik v2025.8.1
01:01:25.361 INFO   tofu: OpenTofu has been successfully initialized!
01:01:26.002 STDOUT tofu: OpenTofu used the selected providers to generate the following execution
01:01:26.002 STDOUT tofu: plan. Resource actions are indicated with the following symbols:
01:01:26.002 STDOUT tofu:   + create
01:01:26.002 STDOUT tofu: OpenTofu will perform the following actions:
01:01:26.002 STDOUT tofu:   # helm_release.authentik will be created
01:01:26.002 STDOUT tofu:   + resource "helm_release" "authentik" {
01:01:26.002 STDOUT tofu:       + atomic                     = false
01:01:26.002 STDOUT tofu:       + chart                      = "authentik"
01:01:26.002 STDOUT tofu:       + cleanup_on_fail            = false
01:01:26.003 STDOUT tofu:       + create_namespace           = false
01:01:26.003 STDOUT tofu:       + dependency_update          = false
01:01:26.003 STDOUT tofu:       + disable_crd_hooks          = false
01:01:26.003 STDOUT tofu:       + disable_openapi_validation = false
01:01:26.003 STDOUT tofu:       + disable_webhooks           = false
01:01:26.003 STDOUT tofu:       + force_update               = false
01:01:26.003 STDOUT tofu:       + id                         = (known after apply)
01:01:26.003 STDOUT tofu:       + lint                       = false
01:01:26.003 STDOUT tofu:       + max_history                = 0
01:01:26.003 STDOUT tofu:       + metadata                   = (known after apply)
01:01:26.003 STDOUT tofu:       + name                       = "authentik"
01:01:26.003 STDOUT tofu:       + namespace                  = "authentik"
01:01:26.003 STDOUT tofu:       + pass_credentials           = false
01:01:26.003 STDOUT tofu:       + recreate_pods              = false
01:01:26.003 STDOUT tofu:       + render_subchart_notes      = true
01:01:26.003 STDOUT tofu:       + replace                    = false
01:01:26.003 STDOUT tofu:       + repository                 = "https://charts.goauthentik.io"
01:01:26.003 STDOUT tofu:       + reset_values               = false
01:01:26.003 STDOUT tofu:       + reuse_values               = false
01:01:26.004 STDOUT tofu:       + skip_crds                  = false
01:01:26.004 STDOUT tofu:       + status                     = "deployed"
01:01:26.004 STDOUT tofu:       + timeout                    = 600
01:01:26.004 STDOUT tofu:       + values                     = [
01:01:26.004 STDOUT tofu:           + <<-EOT
01:01:26.004 STDOUT tofu:                 "authentik":
01:01:26.004 STDOUT tofu:                   "bootstrap_email": "youri@youhide.com.br"
01:01:26.004 STDOUT tofu:                   "email":
01:01:26.004 STDOUT tofu:                     "from": "Authentik <postmaster@mg.tkasolutions.com.br>"
01:01:26.004 STDOUT tofu:                     "host": "smtp.mailgun.org"
01:01:26.004 STDOUT tofu:                     "port": 587
01:01:26.004 STDOUT tofu:                     "use_tls": true
01:01:26.004 STDOUT tofu:                     "username": "postmaster@mg.tkasolutions.com.br"
01:01:26.004 STDOUT tofu:                 "global":
01:01:26.004 STDOUT tofu:                   "env":
01:01:26.004 STDOUT tofu:                   - "name": "AUTHENTIK_SECRET_KEY"
01:01:26.004 STDOUT tofu:                     "valueFrom":
01:01:26.004 STDOUT tofu:                       "secretKeyRef":
01:01:26.004 STDOUT tofu:                         "key": "authentik-secret-key"
01:01:26.004 STDOUT tofu:                         "name": "authentik-secrets"
01:01:26.004 STDOUT tofu:                   - "name": "AUTHENTIK_EMAIL__PASSWORD"
01:01:26.004 STDOUT tofu:                     "valueFrom":
01:01:26.004 STDOUT tofu:                       "secretKeyRef":
01:01:26.004 STDOUT tofu:                         "key": "smtp-password"
01:01:26.004 STDOUT tofu:                         "name": "authentik-secrets"
01:01:26.004 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_PASSWORD"
01:01:26.004 STDOUT tofu:                     "valueFrom":
01:01:26.004 STDOUT tofu:                       "secretKeyRef":
01:01:26.004 STDOUT tofu:                         "key": "token"
01:01:26.004 STDOUT tofu:                         "name": "authentik-secrets"
01:01:26.004 STDOUT tofu:                   - "name": "AUTHENTIK_BOOTSTRAP_TOKEN"
01:01:26.004 STDOUT tofu:                     "valueFrom":
01:01:26.004 STDOUT tofu:                       "secretKeyRef":
01:01:26.004 STDOUT tofu:                         "key": "token"
01:01:26.004 STDOUT tofu:                         "name": "authentik-secrets"
01:01:26.004 STDOUT tofu:                   - "name": "POSTGRES_PASSWORD"
01:01:26.004 STDOUT tofu:                     "valueFrom":
01:01:26.004 STDOUT tofu:                       "secretKeyRef":
01:01:26.004 STDOUT tofu:                         "key": "postgresql-password"
01:01:26.004 STDOUT tofu:                         "name": "authentik-secrets"
01:01:26.004 STDOUT tofu:                 "postgresql":
01:01:26.004 STDOUT tofu:                   "auth":
01:01:26.004 STDOUT tofu:                     "existingSecret": "authentik-secrets"
01:01:26.004 STDOUT tofu:                     "secretKeys":
01:01:26.004 STDOUT tofu:                       "userPasswordKey": "postgresql-password"
01:01:26.004 STDOUT tofu:                   "enabled": true
01:01:26.004 STDOUT tofu:                   "primary":
01:01:26.004 STDOUT tofu:                     "persistence":
01:01:26.004 STDOUT tofu:                       "accessModes":
01:01:26.004 STDOUT tofu:                       - "ReadWriteOnce"
01:01:26.004 STDOUT tofu:                       "size": "4Gi"
01:01:26.004 STDOUT tofu:                       "storageClass": "longhorn"
01:01:26.004 STDOUT tofu:                 "redis":
01:01:26.004 STDOUT tofu:                   "enabled": true
01:01:26.004 STDOUT tofu:                   "master":
01:01:26.004 STDOUT tofu:                     "persistence":
01:01:26.004 STDOUT tofu:                       "accessModes":
01:01:26.004 STDOUT tofu:                       - "ReadWriteOnce"
01:01:26.004 STDOUT tofu:                       "size": "2Gi"
01:01:26.004 STDOUT tofu:                       "storageClass": "local-path"
01:01:26.004 STDOUT tofu:                 "server":
01:01:26.005 STDOUT tofu:                   "ingress":
01:01:26.005 STDOUT tofu:                     "enabled": true
01:01:26.005 STDOUT tofu:                     "hosts":
01:01:26.005 STDOUT tofu:                     - "authentik.tkasolutions.com.br"
01:01:26.005 STDOUT tofu:                     "ingressClassName": "traefik"
01:01:26.005 STDOUT tofu:             EOT,
01:01:26.005 STDOUT tofu:         ]
01:01:26.005 STDOUT tofu:       + verify                     = false
01:01:26.005 STDOUT tofu:       + version                    = "2025.12.1"
01:01:26.005 STDOUT tofu:       + wait                       = true
01:01:26.005 STDOUT tofu:       + wait_for_jobs              = false
01:01:26.005 STDOUT tofu:     }
01:01:26.005 STDOUT tofu:   # kubernetes_manifest.authentik_external_secret will be created
01:01:26.005 STDOUT tofu:   + resource "kubernetes_manifest" "authentik_external_secret" {
01:01:26.005 STDOUT tofu:       + manifest = {
01:01:26.005 STDOUT tofu:           + apiVersion = "external-secrets.io/v1"
01:01:26.005 STDOUT tofu:           + kind       = "ExternalSecret"
01:01:26.005 STDOUT tofu:           + metadata   = {
01:01:26.005 STDOUT tofu:               + name      = "authentik-vault-secrets"
01:01:26.005 STDOUT tofu:               + namespace = "authentik"
01:01:26.005 STDOUT tofu:             }
01:01:26.005 STDOUT tofu:           + spec       = {
01:01:26.005 STDOUT tofu:               + data            = [
01:01:26.005 STDOUT tofu:                   + {
01:01:26.005 STDOUT tofu:                       + remoteRef = {
01:01:26.005 STDOUT tofu:                           + key      = "TKA-Authentik-postgresql-password"
01:01:26.005 STDOUT tofu:                           + property = "password"
01:01:26.005 STDOUT tofu:                         }
01:01:26.005 STDOUT tofu:                       + secretKey = "postgresql-password"
01:01:26.005 STDOUT tofu:                     },
01:01:26.005 STDOUT tofu:                   + {
01:01:26.005 STDOUT tofu:                       + remoteRef = {
01:01:26.005 STDOUT tofu:                           + key      = "TKA-Authentik-secret-key"
01:01:26.005 STDOUT tofu:                           + property = "password"
01:01:26.005 STDOUT tofu:                         }
01:01:26.005 STDOUT tofu:                       + secretKey = "authentik-secret-key"
01:01:26.005 STDOUT tofu:                     },
01:01:26.005 STDOUT tofu:                   + {
01:01:26.005 STDOUT tofu:                       + remoteRef = {
01:01:26.005 STDOUT tofu:                           + key      = "TKA-Authentik-smtp-password"
01:01:26.005 STDOUT tofu:                           + property = "password"
01:01:26.005 STDOUT tofu:                         }
01:01:26.005 STDOUT tofu:                       + secretKey = "smtp-password"
01:01:26.005 STDOUT tofu:                     },
01:01:26.005 STDOUT tofu:                   + {
01:01:26.005 STDOUT tofu:                       + remoteRef = {
01:01:26.005 STDOUT tofu:                           + key      = "TKA-Authentik-token"
01:01:26.005 STDOUT tofu:                           + property = "password"
01:01:26.005 STDOUT tofu:                         }
01:01:26.005 STDOUT tofu:                       + secretKey = "token"
01:01:26.006 STDOUT tofu:                     },
01:01:26.006 STDOUT tofu:                 ]
01:01:26.006 STDOUT tofu:               + refreshInterval = "1h"
01:01:26.006 STDOUT tofu:               + secretStoreRef  = {
01:01:26.006 STDOUT tofu:                   + kind = "ClusterSecretStore"
01:01:26.006 STDOUT tofu:                   + name = "vault-backend"
01:01:26.006 STDOUT tofu:                 }
01:01:26.006 STDOUT tofu:               + target          = {
01:01:26.006 STDOUT tofu:                   + creationPolicy = "Owner"
01:01:26.006 STDOUT tofu:                   + name           = "authentik-secrets"
01:01:26.006 STDOUT tofu:                 }
01:01:26.006 STDOUT tofu:             }
01:01:26.006 STDOUT tofu:         }
01:01:26.006 STDOUT tofu:       + object   = {
01:01:26.006 STDOUT tofu:           + apiVersion = "external-secrets.io/v1"
01:01:26.006 STDOUT tofu:           + kind       = "ExternalSecret"
01:01:26.006 STDOUT tofu:           + metadata   = {
01:01:26.006 STDOUT tofu:               + annotations                = (known after apply)
01:01:26.006 STDOUT tofu:               + creationTimestamp          = (known after apply)
01:01:26.006 STDOUT tofu:               + deletionGracePeriodSeconds = (known after apply)
01:01:26.006 STDOUT tofu:               + deletionTimestamp          = (known after apply)
01:01:26.006 STDOUT tofu:               + finalizers                 = (known after apply)
01:01:26.006 STDOUT tofu:               + generateName               = (known after apply)
01:01:26.006 STDOUT tofu:               + generation                 = (known after apply)
01:01:26.006 STDOUT tofu:               + labels                     = (known after apply)
01:01:26.006 STDOUT tofu:               + managedFields              = (known after apply)
01:01:26.006 STDOUT tofu:               + name                       = "authentik-vault-secrets"
01:01:26.006 STDOUT tofu:               + namespace                  = "authentik"
01:01:26.006 STDOUT tofu:               + ownerReferences            = (known after apply)
01:01:26.006 STDOUT tofu:               + resourceVersion            = (known after apply)
01:01:26.006 STDOUT tofu:               + selfLink                   = (known after apply)
01:01:26.006 STDOUT tofu:               + uid                        = (known after apply)
01:01:26.006 STDOUT tofu:             }
01:01:26.006 STDOUT tofu:           + spec       = {
01:01:26.006 STDOUT tofu:               + data            = [
01:01:26.006 STDOUT tofu:                   + {
01:01:26.006 STDOUT tofu:                       + remoteRef = {
01:01:26.006 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:01:26.006 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:01:26.006 STDOUT tofu:                           + key                = "TKA-Authentik-postgresql-password"
01:01:26.007 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:01:26.007 STDOUT tofu:                           + property           = "password"
01:01:26.007 STDOUT tofu:                           + version            = (known after apply)
01:01:26.007 STDOUT tofu:                         }
01:01:26.007 STDOUT tofu:                       + secretKey = "postgresql-password"
01:01:26.007 STDOUT tofu:                       + sourceRef = {
01:01:26.007 STDOUT tofu:                           + generatorRef = {
01:01:26.007 STDOUT tofu:                               + apiVersion = (known after apply)
01:01:26.007 STDOUT tofu:                               + kind       = (known after apply)
01:01:26.007 STDOUT tofu:                               + name       = (known after apply)
01:01:26.007 STDOUT tofu:                             }
01:01:26.007 STDOUT tofu:                           + storeRef     = {
01:01:26.007 STDOUT tofu:                               + kind = (known after apply)
01:01:26.007 STDOUT tofu:                               + name = (known after apply)
01:01:26.007 STDOUT tofu:                             }
01:01:26.007 STDOUT tofu:                         }
01:01:26.007 STDOUT tofu:                     },
01:01:26.007 STDOUT tofu:                   + {
01:01:26.007 STDOUT tofu:                       + remoteRef = {
01:01:26.007 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:01:26.007 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:01:26.007 STDOUT tofu:                           + key                = "TKA-Authentik-secret-key"
01:01:26.007 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:01:26.007 STDOUT tofu:                           + property           = "password"
01:01:26.007 STDOUT tofu:                           + version            = (known after apply)
01:01:26.007 STDOUT tofu:                         }
01:01:26.007 STDOUT tofu:                       + secretKey = "authentik-secret-key"
01:01:26.007 STDOUT tofu:                       + sourceRef = {
01:01:26.007 STDOUT tofu:                           + generatorRef = {
01:01:26.007 STDOUT tofu:                               + apiVersion = (known after apply)
01:01:26.007 STDOUT tofu:                               + kind       = (known after apply)
01:01:26.007 STDOUT tofu:                               + name       = (known after apply)
01:01:26.007 STDOUT tofu:                             }
01:01:26.007 STDOUT tofu:                           + storeRef     = {
01:01:26.007 STDOUT tofu:                               + kind = (known after apply)
01:01:26.007 STDOUT tofu:                               + name = (known after apply)
01:01:26.007 STDOUT tofu:                             }
01:01:26.007 STDOUT tofu:                         }
01:01:26.007 STDOUT tofu:                     },
01:01:26.007 STDOUT tofu:                   + {
01:01:26.007 STDOUT tofu:                       + remoteRef = {
01:01:26.008 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:01:26.008 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:01:26.008 STDOUT tofu:                           + key                = "TKA-Authentik-smtp-password"
01:01:26.008 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:01:26.008 STDOUT tofu:                           + property           = "password"
01:01:26.008 STDOUT tofu:                           + version            = (known after apply)
01:01:26.008 STDOUT tofu:                         }
01:01:26.008 STDOUT tofu:                       + secretKey = "smtp-password"
01:01:26.008 STDOUT tofu:                       + sourceRef = {
01:01:26.008 STDOUT tofu:                           + generatorRef = {
01:01:26.008 STDOUT tofu:                               + apiVersion = (known after apply)
01:01:26.008 STDOUT tofu:                               + kind       = (known after apply)
01:01:26.008 STDOUT tofu:                               + name       = (known after apply)
01:01:26.008 STDOUT tofu:                             }
01:01:26.008 STDOUT tofu:                           + storeRef     = {
01:01:26.008 STDOUT tofu:                               + kind = (known after apply)
01:01:26.008 STDOUT tofu:                               + name = (known after apply)
01:01:26.008 STDOUT tofu:                             }
01:01:26.008 STDOUT tofu:                         }
01:01:26.008 STDOUT tofu:                     },
01:01:26.008 STDOUT tofu:                   + {
01:01:26.008 STDOUT tofu:                       + remoteRef = {
01:01:26.008 STDOUT tofu:                           + conversionStrategy = (known after apply)
01:01:26.008 STDOUT tofu:                           + decodingStrategy   = (known after apply)
01:01:26.008 STDOUT tofu:                           + key                = "TKA-Authentik-token"
01:01:26.008 STDOUT tofu:                           + metadataPolicy     = (known after apply)
01:01:26.008 STDOUT tofu:                           + property           = "password"
01:01:26.008 STDOUT tofu:                           + version            = (known after apply)
01:01:26.008 STDOUT tofu:                         }
01:01:26.008 STDOUT tofu:                       + secretKey = "token"
01:01:26.008 STDOUT tofu:                       + sourceRef = {
01:01:26.008 STDOUT tofu:                           + generatorRef = {
01:01:26.008 STDOUT tofu:                               + apiVersion = (known after apply)
01:01:26.008 STDOUT tofu:                               + kind       = (known after apply)
01:01:26.008 STDOUT tofu:                               + name       = (known after apply)
01:01:26.008 STDOUT tofu:                             }
01:01:26.008 STDOUT tofu:                           + storeRef     = {
01:01:26.008 STDOUT tofu:                               + kind = (known after apply)
01:01:26.008 STDOUT tofu:                               + name = (known after apply)
01:01:26.008 STDOUT tofu:                             }
01:01:26.008 STDOUT tofu:                         }
01:01:26.008 STDOUT tofu:                     },
01:01:26.008 STDOUT tofu:                 ]
01:01:26.008 STDOUT tofu:               + dataFrom        = (known after apply)
01:01:26.008 STDOUT tofu:               + refreshInterval = "1h"
01:01:26.009 STDOUT tofu:               + refreshPolicy   = (known after apply)
01:01:26.009 STDOUT tofu:               + secretStoreRef  = {
01:01:26.009 STDOUT tofu:                   + kind = "ClusterSecretStore"
01:01:26.009 STDOUT tofu:                   + name = "vault-backend"
01:01:26.009 STDOUT tofu:                 }
01:01:26.009 STDOUT tofu:               + target          = {
01:01:26.009 STDOUT tofu:                   + creationPolicy = "Owner"
01:01:26.009 STDOUT tofu:                   + deletionPolicy = (known after apply)
01:01:26.009 STDOUT tofu:                   + immutable      = (known after apply)
01:01:26.009 STDOUT tofu:                   + manifest       = {
01:01:26.009 STDOUT tofu:                       + apiVersion = (known after apply)
01:01:26.009 STDOUT tofu:                       + kind       = (known after apply)
01:01:26.009 STDOUT tofu:                     }
01:01:26.009 STDOUT tofu:                   + name           = "authentik-secrets"
01:01:26.009 STDOUT tofu:                   + template       = {
01:01:26.009 STDOUT tofu:                       + data          = (known after apply)
01:01:26.009 STDOUT tofu:                       + engineVersion = (known after apply)
01:01:26.009 STDOUT tofu:                       + mergePolicy   = (known after apply)
01:01:26.009 STDOUT tofu:                       + metadata      = {
01:01:26.009 STDOUT tofu:                           + annotations = (known after apply)
01:01:26.009 STDOUT tofu:                           + finalizers  = (known after apply)
01:01:26.009 STDOUT tofu:                           + labels      = (known after apply)
01:01:26.009 STDOUT tofu:                         }
01:01:26.009 STDOUT tofu:                       + templateFrom  = (known after apply)
01:01:26.009 STDOUT tofu:                       + type          = (known after apply)
01:01:26.009 STDOUT tofu:                     }
01:01:26.009 STDOUT tofu:                 }
01:01:26.009 STDOUT tofu:             }
01:01:26.009 STDOUT tofu:         }
01:01:26.009 STDOUT tofu:       + field_manager {
01:01:26.009 STDOUT tofu:           + force_conflicts = true
01:01:26.009 STDOUT tofu:         }
01:01:26.009 STDOUT tofu:     }
01:01:26.009 STDOUT tofu:   # kubernetes_namespace.authentik will be created
01:01:26.009 STDOUT tofu:   + resource "kubernetes_namespace" "authentik" {
01:01:26.009 STDOUT tofu:       + id                               = (known after apply)
01:01:26.009 STDOUT tofu:       + wait_for_default_service_account = false
01:01:26.009 STDOUT tofu:       + metadata {
01:01:26.009 STDOUT tofu:           + generation       = (known after apply)
01:01:26.009 STDOUT tofu:           + name             = "authentik"
01:01:26.009 STDOUT tofu:           + resource_version = (known after apply)
01:01:26.009 STDOUT tofu:           + uid              = (known after apply)
01:01:26.009 STDOUT tofu:         }
01:01:26.009 STDOUT tofu:     }
01:01:26.009 STDOUT tofu: Plan: 3 to add, 0 to change, 0 to destroy.
01:01:26.009 STDOUT tofu:
  • ▶️ To apply this plan, comment: 
    atlantis apply -d terragrunt/kubernetes/authentik -w terragrunt_kubernetes_authentik
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d terragrunt/kubernetes/authentik -w terragrunt_kubernetes_authentik

Plan: 3 to add, 0 to change, 0 to destroy.

2. dir: terragrunt/kubernetes/authentik-config workspace: terragrunt_kubernetes_authentik-config

Plan Error

Show Output 
running 'sh -c' 'terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE' in '/home/atlantis/.atlantis/repos/youhide/hideForming/92/terragrunt_kubernetes_authentik-config/terragrunt/kubernetes/authentik-config': exit status 1: running "terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\\\') -no-color -out $PLANFILE" in "/home/atlantis/.atlantis/repos/youhide/hideForming/92/terragrunt_kubernetes_authentik-config/terragrunt/kubernetes/authentik-config": 
01:01:03.432 INFO   Downloading Terraform configurations from . into ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
01:01:03.456 INFO   tofu: Initializing the backend...
01:01:03.468 INFO   tofu: Successfully configured the backend "s3"! OpenTofu will automatically
01:01:03.468 INFO   tofu: use this backend unless the backend configuration changes.
01:01:03.486 INFO   tofu: Initializing provider plugins...
01:01:03.486 INFO   tofu: - Reusing previous version of telmate/proxmox from the dependency lock file
01:01:03.879 INFO   tofu: - Reusing previous version of hashicorp/kubernetes from the dependency lock file
01:01:03.975 INFO   tofu: - Reusing previous version of hashicorp/helm from the dependency lock file
01:01:04.167 INFO   tofu: - Reusing previous version of goauthentik/authentik from the dependency lock file
01:01:04.446 INFO   tofu: - Reusing previous version of gavinbunney/kubectl from the dependency lock file
01:01:04.688 INFO   tofu: - Reusing previous version of aminueza/minio from the dependency lock file
01:01:04.965 INFO   tofu: - Reusing previous version of cloudflare/cloudflare from the dependency lock file
01:01:05.246 INFO   tofu: - Reusing previous version of hashicorp/vault from the dependency lock file
01:01:06.598 INFO   tofu: - Installing gavinbunney/kubectl v1.19.0...
01:01:08.579 INFO   tofu: - Installed gavinbunney/kubectl v1.19.0 (signed, key ID 1E1CE42504F5FBB2)
01:01:09.620 INFO   tofu: - Installing aminueza/minio v3.5.0...
01:01:10.821 INFO   tofu: - Installed aminueza/minio v3.5.0. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:01:11.891 INFO   tofu: - Installing cloudflare/cloudflare v5.4.0...
01:01:14.419 INFO   tofu: - Installed cloudflare/cloudflare v5.4.0 (signed, key ID C76001609EE3B136)
01:01:15.466 INFO   tofu: - Installing hashicorp/vault v4.8.0...
01:01:16.935 INFO   tofu: - Installed hashicorp/vault v4.8.0 (signed, key ID 0C0AF313E5FD9F80)
01:01:18.115 INFO   tofu: - Installing telmate/proxmox v3.0.1-rc8...
01:01:19.561 INFO   tofu: - Installed telmate/proxmox v3.0.1-rc8. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:01:19.801 INFO   tofu: - Installing hashicorp/kubernetes v2.36.0...
01:01:25.005 INFO   tofu: - Installed hashicorp/kubernetes v2.36.0 (signed, key ID 0C0AF313E5FD9F80)
01:01:25.266 INFO   tofu: - Installing hashicorp/helm v3.0.0-pre2...
01:01:26.911 INFO   tofu: - Installed hashicorp/helm v3.0.0-pre2 (signed, key ID 0C0AF313E5FD9F80)
01:01:27.150 INFO   tofu: - Installing goauthentik/authentik v2025.8.1...
01:01:27.883 INFO   tofu: - Installed goauthentik/authentik v2025.8.1. Signature validation was skipped due to the registry not containing GPG keys for this provider
01:01:27.883 INFO   tofu: Providers are signed by their developers.
01:01:27.883 INFO   tofu: If you'd like to know more about provider signing, you can read about it here:
01:01:27.883 INFO   tofu: https://opentofu.org/docs/cli/plugins/signing/
01:01:27.883 INFO   tofu: OpenTofu has made some changes to the provider dependency selections recorded
01:01:27.883 INFO   tofu: in the .terraform.lock.hcl file. Review those changes and commit them to your
01:01:27.883 INFO   tofu: version control system if they represent changes you intended to make.
01:01:27.884 INFO   tofu: OpenTofu has been successfully initialized!
01:01:28.675 STDOUT tofu: data.authentik_property_mapping_provider_scope.oauth2: Reading...
01:01:28.675 STDOUT tofu: data.authentik_flow.authorization_flow: Reading...
01:01:28.675 STDOUT tofu: data.authentik_certificate_key_pair.rs256_keypair: Reading...
01:01:28.675 STDOUT tofu: data.authentik_flow.invalidation_flow: Reading...
01:01:28.687 STDOUT tofu: Planning failed. OpenTofu encountered an error while generating this plan.
01:01:28.687 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-authentication-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:01:28.687 STDERR tofu:   with data.authentik_flow.authorization_flow,
01:01:28.687 STDERR tofu:   on main.tf line 7, in data "authentik_flow" "authorization_flow":
01:01:28.687 STDERR tofu:    7: data "authentik_flow" "authorization_flow" {
01:01:28.688 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-invalidation-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:01:28.688 STDERR tofu:   with data.authentik_flow.invalidation_flow,
01:01:28.688 STDERR tofu:   on main.tf line 11, in data "authentik_flow" "invalidation_flow":
01:01:28.688 STDERR tofu:   11: data "authentik_flow" "invalidation_flow" {
01:01:28.689 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/propertymappings/provider/scope/?managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-email&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-openid&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-profile": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:01:28.689 STDERR tofu:   with data.authentik_property_mapping_provider_scope.oauth2,
01:01:28.689 STDERR tofu:   on main.tf line 15, in data "authentik_property_mapping_provider_scope" "oauth2":
01:01:28.689 STDERR tofu:   15: data "authentik_property_mapping_provider_scope" "oauth2" {
01:01:28.691 STDERR tofu: Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/crypto/certificatekeypairs/?include_details=true&name=authentik+Self-signed+Certificate": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
01:01:28.691 STDERR tofu:   with data.authentik_certificate_key_pair.rs256_keypair,
01:01:28.691 STDERR tofu:   on main.tf line 24, in data "authentik_certificate_key_pair" "rs256_keypair":
01:01:28.691 STDERR tofu:   24: data "authentik_certificate_key_pair" "rs256_keypair" {
01:01:28.700 ERROR  tofu invocation failed in ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
01:01:28.700 ERROR  error occurred:

* Failed to execute "tofu plan -input=false -out ./terragrunt_kubernetes_authentik-config.tfplan -no-color" in ./.terragrunt-cache/_XKef7m8iZK8UF-FgiRBKfsxDyM/axStNTxFBt1dPOTVYW1jgWVOyHA
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-authentication-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_flow.authorization_flow,
    on main.tf line 7, in data "authentik_flow" "authorization_flow":
     7: data "authentik_flow" "authorization_flow" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/flows/instances/?slug=default-invalidation-flow": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_flow.invalidation_flow,
    on main.tf line 11, in data "authentik_flow" "invalidation_flow":
    11: data "authentik_flow" "invalidation_flow" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/propertymappings/provider/scope/?managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-email&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-openid&managed=goauthentik.io%2Fproviders%2Foauth2%2Fscope-profile": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_property_mapping_provider_scope.oauth2,
    on main.tf line 15, in data "authentik_property_mapping_provider_scope" "oauth2":
    15: data "authentik_property_mapping_provider_scope" "oauth2" {
  
  
  Error: HTTP Error 'Get "https://auth.tkasolutions.com.br/api/v3/crypto/certificatekeypairs/?include_details=true&name=authentik+Self-signed+Certificate": dial tcp: lookup auth.tkasolutions.com.br on 192.168.11.1:53: no such host' without http response
  
    with data.authentik_certificate_key_pair.rs256_keypair,
    on main.tf line 24, in data "authentik_certificate_key_pair" "rs256_keypair":
    24: data "authentik_certificate_key_pair" "rs256_keypair" {
  
  
  exit status 1


Authenticated

Plan Summary

2 projects, 1 with changes, 0 with no changes, 1 failed

  • ⏩ To apply all unapplied plans from this Pull Request, comment: 
    atlantis apply
  • 🚮 To delete all plans and locks from this Pull Request, comment: 
    atlantis unlock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@youhide