fix

2024-01-25 17:43:46 +01:00
parent e066715b9b
commit 0727fca591
124 changed files with 1848 additions and 1796 deletions
--- a/apps/code-server/datas.tf
+++ b/apps/code-server/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/code-server/index.yaml
+++ b/apps/code-server/index.yaml
@@ -6,11 +6,21 @@ metadata:
  name: code-server
  description: null
 options:
+  app-group:
+    default: dev
+    examples:
+    - dev
+    type: string
  sub-domain:
    default: code
    examples:
    - code
    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  storage:
    default:
      accessMode: ReadWriteOnce
@@ -38,30 +48,10 @@ options:
        - Block
        type: string
    type: object
-  issuer:
-    default: letsencrypt-prod
+  domain-name:
+    default: your_company.com
    examples:
-    - letsencrypt-prod
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  app-group:
-    default: dev
-    examples:
-    - dev
-    type: string
-  no-editor:
-    default: false
-    examples:
-    - false
-    type: boolean
-  domain:
-    default: your-company
-    examples:
-    - your-company
+    - your_company.com
    type: string
  images:
    default:
@@ -102,15 +92,20 @@ options:
            type: number
        type: object
    type: object
-  timezone:
-    default: Europe/Paris
+  domain:
+    default: your-company
    examples:
-    - Europe/Paris
+    - your-company
    type: string
-  domain-name:
-    default: your_company.com
+  no-editor:
+    default: false
    examples:
-    - your_company.com
+    - false
+    type: boolean
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
    type: string
  admin:
    default:
@@ -127,6 +122,11 @@ options:
        default: false
        type: boolean
    type: object
+  timezone:
+    default: Europe/Paris
+    examples:
+    - Europe/Paris
+    type: string
 dependencies:
 - dist: null
  category: share
--- a/apps/dbgate/datas.tf
+++ b/apps/dbgate/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/dbgate/index.yaml
+++ b/apps/dbgate/index.yaml
@@ -6,7 +6,7 @@ metadata:
  name: dbgate
  description: null
 options:
-  maria:
+  mongo:
    default: []
    examples:
    - []
@@ -35,21 +35,48 @@ options:
          type: string
      type: object
    type: array
+  storage:
+    default:
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      type: Filesystem
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 1Gi
+      type: Filesystem
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 1Gi
+        type: string
+      type:
+        default: Filesystem
+        enum:
+        - Filesystem
+        - Block
+        type: string
+    type: object
  domain:
    default: your-company
    examples:
    - your-company
    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
  sub-domain:
    default: dbgate
    examples:
    - dbgate
    type: string
-  app-group:
-    default: dev
-    examples:
-    - dev
-    type: string
  pg:
    default: []
    examples:
@@ -79,35 +106,16 @@ options:
          type: string
      type: object
    type: array
-  mongo:
-    default: []
+  domain-name:
+    default: your_company.com
    examples:
-    - []
-    items:
-      properties:
-        dbname:
-          default: ''
-          type: string
-        name:
-          default: ''
-          type: string
-        namespace:
-          default: ''
-          type: string
-        secret:
-          properties:
-            key:
-              default: ''
-              type: string
-            name:
-              default: ''
-              type: string
-          type: object
-        username:
-          default: ''
-          type: string
-      type: object
-    type: array
+    - your_company.com
+    type: string
+  app-group:
+    default: dev
+    examples:
+    - dev
+    type: string
  images:
    default:
      dbgate:
@@ -147,11 +155,6 @@ options:
            type: string
        type: object
    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  redis:
    default: []
    examples:
@@ -166,47 +169,41 @@ options:
          type: string
      type: object
    type: array
-  domain-name:
-    default: your_company.com
+  ingress-class:
+    default: traefik
    examples:
-    - your_company.com
+    - traefik
    type: string
-  storage:
-    default:
-      accessMode: ReadWriteOnce
-      size: 1Gi
-      type: Filesystem
+  maria:
+    default: []
    examples:
-    - accessMode: ReadWriteOnce
-      size: 1Gi
-      type: Filesystem
-    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
-      size:
-        default: 1Gi
-        type: string
-      type:
-        default: Filesystem
-        enum:
-        - Filesystem
-        - Block
-        type: string
-    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
+    - []
+    items:
+      properties:
+        dbname:
+          default: ''
+          type: string
+        name:
+          default: ''
+          type: string
+        namespace:
+          default: ''
+          type: string
+        secret:
+          properties:
+            key:
+              default: ''
+              type: string
+            name:
+              default: ''
+              type: string
+          type: object
+        username:
+          default: ''
+          type: string
+      type: object
+    type: array
 dependencies:
- dist: null
-  category: share
-  component: authentik-forward
 - dist: null
  category: core
  component: secret-generator
--- a/apps/dolibarr/index.yaml
+++ b/apps/dolibarr/index.yaml
@@ -6,84 +6,6 @@ metadata:
  name: dolibarr
  description: null
 options:
-  redis:
-    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 2Gi
-    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 2Gi
-    properties:
-      exporter:
-        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
-        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
-            type: string
-        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.12
-        type: string
-      storage:
-        default: 2Gi
-        type: string
-    type: object
-  sub-domain:
-    default: erp
-    examples:
-    - erp
-    type: string
-  hpa:
-    default:
-      avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
-    examples:
-    - avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
-    properties:
-      avg-cpu:
-        default: 50
-        type: integer
-      max-replicas:
-        default: 5
-        type: integer
-      min-replicas:
-        default: 1
-        type: integer
-    type: object
-  user-groups:
-    default:
-    - admin: true
-      name: dolibarr-admin
-    examples:
-    - - admin: true
-        name: dolibarr-admin
-    items:
-      properties:
-        admin:
-          type: boolean
-        name:
-          type: string
-      type: object
-    type: array
-  log-level:
-    default: 5
-    examples:
-    - 5
-    type: integer
  parameters:
    default:
      MAIN_LANG_DEFAULT: auto
@@ -94,6 +16,14 @@ options:
        default: auto
        type: string
    type: object
+  modules:
+    default:
+    - societe
+    examples:
+    - - societe
+    items:
+      type: string
+    type: array
  images:
    default:
      dolibarr:
@@ -159,6 +89,120 @@ options:
            type: string
        type: object
    type: object
+  sub-domain:
+    default: erp
+    examples:
+    - erp
+    type: string
+  resources:
+    default:
+      limits:
+        cpu: 200m
+        memory: 256Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
+    examples:
+    - limits:
+        cpu: 200m
+        memory: 256Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
+    properties:
+      limits:
+        default:
+          cpu: 200m
+          memory: 256Mi
+        properties:
+          cpu:
+            default: 200m
+            type: string
+          memory:
+            default: 256Mi
+            type: string
+        type: object
+      requests:
+        default:
+          cpu: 50m
+          memory: 100Mi
+        properties:
+          cpu:
+            default: 50m
+            type: string
+          memory:
+            default: 100Mi
+            type: string
+        type: object
+    type: object
+  postgres:
+    default:
+      replicas: 1
+      storage: 5Gi
+      version: '14'
+    examples:
+    - replicas: 1
+      storage: 5Gi
+      version: '14'
+    properties:
+      replicas:
+        default: 1
+        type: integer
+      storage:
+        default: 5Gi
+        type: string
+      version:
+        default: '14'
+        type: string
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    properties:
+      exporter:
+        default:
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
+        properties:
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
+            type: string
+        type: object
+      image:
+        default: quay.io/opstree/redis:v7.0.12
+        type: string
+      storage:
+        default: 2Gi
+        type: string
+    type: object
+  app-group:
+    default: ''
+    examples:
+    - ''
+    type: string
  backups:
    default:
      enable: false
@@ -265,31 +309,11 @@ options:
        default: false
        type: boolean
    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  app-group:
-    default: ''
-    examples:
-    - ''
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  storage:
    default:
      accessMode: ReadWriteOnce
@@ -317,75 +341,51 @@ options:
        - block
        type: string
    type: object
-  resources:
-    default:
-      limits:
-        cpu: 200m
-        memory: 256Mi
-      requests:
-        cpu: 50m
-        memory: 100Mi
+  ingress-class:
+    default: traefik
    examples:
-    - limits:
-        cpu: 200m
-        memory: 256Mi
-      requests:
-        cpu: 50m
-        memory: 100Mi
-    properties:
-      limits:
-        default:
-          cpu: 200m
-          memory: 256Mi
-        properties:
-          cpu:
-            default: 200m
-            type: string
-          memory:
-            default: 256Mi
-            type: string
-        type: object
-      requests:
-        default:
-          cpu: 50m
-          memory: 100Mi
-        properties:
-          cpu:
-            default: 50m
-            type: string
-          memory:
-            default: 100Mi
-            type: string
-        type: object
-    type: object
-  postgres:
-    default:
-      replicas: 1
-      storage: 5Gi
-      version: '14'
+    - traefik
+    type: string
+  log-level:
+    default: 5
    examples:
-    - replicas: 1
-      storage: 5Gi
-      version: '14'
+    - 5
+    type: integer
+  user-groups:
+    default:
+    - admin: true
+      name: dolibarr-admin
+    examples:
+    - - admin: true
+        name: dolibarr-admin
+    items:
+      properties:
+        admin:
+          type: boolean
+        name:
+          type: string
+      type: object
+    type: array
+  hpa:
+    default:
+      avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
+    examples:
+    - avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
    properties:
-      replicas:
+      avg-cpu:
+        default: 50
+        type: integer
+      max-replicas:
+        default: 5
+        type: integer
+      min-replicas:
        default: 1
        type: integer
-      storage:
-        default: 5Gi
-        type: string
-      version:
-        default: '14'
-        type: string
    type: object
-  modules:
-    default:
-    - societe
-    examples:
-    - - societe
-    items:
-      type: string
-    type: array
 dependencies:
 - dist: null
  category: share
--- a/apps/dolibarr/ldap.tf
+++ b/apps/dolibarr/ldap.tf
@@ -8,10 +8,11 @@ locals {
  base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain-name))))
  base-group-dn = format("ou=groups,%s", local.base-dn)
  base-user-dn = format("ou=users,%s", local.base-dn)
-  authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  request_headers = {
    "Content-Type"  = "application/json"
-    Authorization   = "Bearer ${local.authentik-token}"
+    Authorization   = "Bearer ${local.authentik_token}"
  }
  ldap-outpost-providers = jsondecode(data.http.get_ldap_outpost.response_body).results[0].providers
  ldap-outpost-pk = jsondecode(data.http.get_ldap_outpost.response_body).results[0].pk
--- a/apps/gitea/datas.tf
+++ b/apps/gitea/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/gitea/index.rhai
+++ b/apps/gitea/index.rhai
@@ -4,7 +4,7 @@ const SRC=src;
 const DEST=dest;
 fn pre_pack() {
    shell("helm repo add gitea-charts https://dl.gitea.io/charts/");
-    shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`);
+    shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci -a "monitoring.coreos.com/v1/ServiceMonitor" -a "monitoring.coreos.com/v1/PrometheusRule" --values values.yml >${global::SRC}/chart.yaml`);
 }
 fn post_pack() {
    shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`);
--- a/apps/gitea/index.yaml
+++ b/apps/gitea/index.yaml
@@ -9,183 +9,16 @@ metadata:
    A painless self-hosted Git service.
    Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
 options:
-  default-branch:
-    default: main
+  theme:
+    default: gitea-modern
    examples:
-    - main
-    type: string
-  replicas:
-    default: 1
-    examples:
-    - 1
-    type: integer
-  redis:
-    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 2Gi
-    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 2Gi
-    properties:
-      exporter:
-        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
-        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
-            type: string
-        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.12
-        type: string
-      storage:
-        default: 2Gi
-        type: string
-    type: object
-  webhook:
-    default:
-      allowed-hosts: private
-      skip-tls-verify: false
-    examples:
-    - allowed-hosts: private
-      skip-tls-verify: false
-    properties:
-      allowed-hosts:
-        default: private
-        type: string
-      skip-tls-verify:
-        default: false
-        type: boolean
-    type: object
-  release:
-    default: 8.3.0
-    examples:
-    - 8.3.0
-    type: string
-  volume:
-    default:
-      accessMode: ReadWriteOnce
-      size: 10Gi
-    examples:
-    - accessMode: ReadWriteOnce
-      size: 10Gi
-    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
-      size:
-        default: 10Gi
-        type: string
-    type: object
-  sub-domain:
-    default: git
-    examples:
-    - git
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
+    - gitea-modern
    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  admin:
-    default:
-      email: git-admin@git.your_company.com
-      name: gitea_admin
-    examples:
-    - email: git-admin@git.your_company.com
-      name: gitea_admin
-    properties:
-      email:
-        default: git-admin@git.your_company.com
-        type: string
-      name:
-        default: gitea_admin
-        type: string
-    type: object
-  postgres:
-    default:
-      replicas: 1
-      storage: 10Gi
-      version: '14'
-    examples:
-    - replicas: 1
-      storage: 10Gi
-      version: '14'
-    properties:
-      replicas:
-        default: 1
-        type: integer
-      storage:
-        default: 10Gi
-        type: string
-      version:
-        default: '14'
-        type: string
-    type: object
-  disable-registration:
-    default: true
-    examples:
-    - true
-    type: boolean
-  ssh-port:
-    default: 2222
-    examples:
-    - 2222
-    type: integer
-  load-balancer:
-    default:
-      ip: ''
-    examples:
-    - ip: ''
-    properties:
-      ip:
-        default: ''
-        type: string
-    type: object
-  push-create:
-    default:
-      org: 'true'
-      private: 'false'
-      user: 'true'
-    examples:
-    - org: 'true'
-      private: 'false'
-      user: 'true'
-    properties:
-      org:
-        default: 'true'
-        type: string
-      private:
-        default: 'false'
-        type: string
-      user:
-        default: 'true'
-        type: string
-    type: object
  images:
    default:
      gitea:
@@ -225,25 +58,142 @@ options:
            type: string
        type: object
    type: object
-  app-group:
-    default: dev
+  load-balancer:
+    default:
+      ip: ''
    examples:
-    - dev
-    type: string
-  theme:
-    default: gitea-modern
+    - ip: ''
+    properties:
+      ip:
+        default: ''
+        type: string
+    type: object
+  timezone:
+    default: Europe/Paris
    examples:
-    - gitea-modern
+    - Europe/Paris
    type: string
+  admin:
+    default:
+      email: git-admin@git.your_company.com
+      name: gitea_admin
+    examples:
+    - email: git-admin@git.your_company.com
+      name: gitea_admin
+    properties:
+      email:
+        default: git-admin@git.your_company.com
+        type: string
+      name:
+        default: gitea_admin
+        type: string
+    type: object
+  postgres:
+    default:
+      replicas: 1
+      storage: 10Gi
+      version: '14'
+    examples:
+    - replicas: 1
+      storage: 10Gi
+      version: '14'
+    properties:
+      replicas:
+        default: 1
+        type: integer
+      storage:
+        default: 10Gi
+        type: string
+      version:
+        default: '14'
+        type: string
+    type: object
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  release:
+    default: 8.3.0
+    examples:
+    - 8.3.0
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    properties:
+      exporter:
+        default:
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
+        properties:
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
+            type: string
+        type: object
+      image:
+        default: quay.io/opstree/redis:v7.0.12
+        type: string
+      storage:
+        default: 2Gi
+        type: string
+    type: object
  ssh-sub-domain:
    default: git
    examples:
    - git
    type: string
-  domain-name:
-    default: your_company.com
+  ssh-port:
+    default: 2222
    examples:
-    - your_company.com
+    - 2222
+    type: integer
+  volume:
+    default:
+      accessMode: ReadWriteOnce
+      size: 10Gi
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 10Gi
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 10Gi
+        type: string
+    type: object
+  app-group:
+    default: dev
+    examples:
+    - dev
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
    type: string
  backups:
    default:
@@ -351,10 +301,60 @@ options:
        default: false
        type: boolean
    type: object
-  timezone:
-    default: Europe/Paris
+  sub-domain:
+    default: git
    examples:
-    - Europe/Paris
+    - git
+    type: string
+  default-branch:
+    default: main
+    examples:
+    - main
+    type: string
+  push-create:
+    default:
+      org: 'true'
+      private: 'false'
+      user: 'true'
+    examples:
+    - org: 'true'
+      private: 'false'
+      user: 'true'
+    properties:
+      org:
+        default: 'true'
+        type: string
+      private:
+        default: 'false'
+        type: string
+      user:
+        default: 'true'
+        type: string
+    type: object
+  disable-registration:
+    default: true
+    examples:
+    - true
+    type: boolean
+  webhook:
+    default:
+      allowed-hosts: private
+      skip-tls-verify: false
+    examples:
+    - allowed-hosts: private
+      skip-tls-verify: false
+    properties:
+      allowed-hosts:
+        default: private
+        type: string
+      skip-tls-verify:
+        default: false
+        type: boolean
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
    type: string
 dependencies:
 - dist: null
--- a/apps/gramo/datas.tf
+++ b/apps/gramo/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/gramo/index.yaml
+++ b/apps/gramo/index.yaml
@@ -6,22 +6,22 @@ metadata:
  name: gramo
  description: null
 options:
-  app-group:
-    default: infra
-    examples:
-    - infra
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
-  managed:
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  sub-domain:
+    default: gramo
+    examples:
+    - gramo
+    type: string
+  cluster-admin:
    default: false
    examples:
    - false
@@ -65,31 +65,31 @@ options:
            type: string
        type: object
    type: object
-  cluster-admin:
+  managed:
    default: false
    examples:
    - false
    type: boolean
-  issuer:
-    default: letsencrypt-prod
+  domain-name:
+    default: your_company.com
    examples:
-    - letsencrypt-prod
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  sub-domain:
-    default: gramo
-    examples:
-    - gramo
+    - your_company.com
    type: string
  namespaces:
    default: []
    items:
      type: string
    type: array
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  app-group:
+    default: infra
+    examples:
+    - infra
+    type: string
 dependencies:
 - dist: null
  category: share
--- a/apps/k8s-api/datas.tf
+++ b/apps/k8s-api/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/k8s-api/index.yaml
+++ b/apps/k8s-api/index.yaml
@@ -6,30 +6,30 @@ metadata:
  name: k8s-api
  description: Access to the kubernetes api
 options:
-  domain-name:
-    default: your_company.com
+  ingress-class:
+    default: traefik
    examples:
-    - your_company.com
+    - traefik
    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
-  sub-domain:
-    default: api
-    examples:
-    - api
-    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  ingress-class:
-    default: traefik
+  domain-name:
+    default: your_company.com
    examples:
-    - traefik
+    - your_company.com
+    type: string
+  sub-domain:
+    default: api
+    examples:
+    - api
    type: string
 dependencies:
 - dist: null
--- a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
+++ b/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud-metrics
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
@@ -27,7 +27,7 @@ spec:
    spec:
      containers:
      - name: metrics-exporter
-        image: "xperimental/nextcloud-exporter:0.6.1"
+        image: "xperimental/nextcloud-exporter:0.6.2"
        imagePullPolicy: IfNotPresent
        env:
        - name: NEXTCLOUD_USERNAME
@@ -41,8 +41,8 @@ spec:
              name: nextcloud
              key: nextcloud-password
        # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint
-        - name: NEXTCLOUD_SERVER
-          value: http://nextcloud:80
+        - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local
+          value: "http://nextcloud.vynil-cloud.svc.cluster.local:80"
        - name: NEXTCLOUD_TIMEOUT
          value: 5s
        - name: NEXTCLOUD_TLS_SKIP_VERIFY
--- a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
+++ b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: app
@@ -30,154 +30,154 @@ spec:
        nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b
    spec:
      containers:
-      - name: nextcloud
-        image: nextcloud:27.1.3-apache
-        imagePullPolicy: IfNotPresent
-        env:        
-        - name: POSTGRES_HOST
-          value: 
-        - name: POSTGRES_DB
-          value: "nextcloud"
-        - name: POSTGRES_USER
-          valueFrom:
-            secretKeyRef:
-              name: nextcloud-db
-              key: username
-        - name: POSTGRES_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: nextcloud-db
-              key: password
-        - name: NEXTCLOUD_ADMIN_USER
-          valueFrom:
-            secretKeyRef:
-              name: nextcloud
-              key: nextcloud-username
-        - name: NEXTCLOUD_ADMIN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: nextcloud
-              key: nextcloud-password
-        - name: NEXTCLOUD_TRUSTED_DOMAINS
-          value: nextcloud.kube.home
-        - name: NEXTCLOUD_UPDATE
-          value: "1"
-        - name: NEXTCLOUD_DATA_DIR
-          value: "/var/www/html/data"
-        resources:
-          {}
-        volumeMounts:
-        - name: nextcloud-main
-          mountPath: /var/www/
-          subPath: root
-        - name: nextcloud-main
-          mountPath: /var/www/html
-          subPath: html
-        - name: nextcloud-main
-          mountPath: /var/www/html/data
-          subPath: data
-        - name: nextcloud-main
-          mountPath: /var/www/html/config
-          subPath: config
-        - name: nextcloud-main
-          mountPath: /var/www/html/custom_apps
-          subPath: custom_apps
-        - name: nextcloud-main
-          mountPath: /var/www/tmp
-          subPath: tmp
-        - name: nextcloud-main
-          mountPath: /var/www/html/themes
-          subPath: themes
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/locale.config.php
-          subPath: locale.config.php
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/redis.config.php
-          subPath: redis.config.php
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/.htaccess
-          subPath: .htaccess
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/apcu.config.php
-          subPath: apcu.config.php
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/apps.config.php
-          subPath: apps.config.php
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/autoconfig.php
-          subPath: autoconfig.php
-        - name: nextcloud-config
-          mountPath: /var/www/html/config/smtp.config.php
-          subPath: smtp.config.php
-      - name: nextcloud-nginx
-        image: "nginx:alpine"
-        imagePullPolicy: IfNotPresent
-        ports:
-        - name: http
-          containerPort: 80
-          protocol: TCP
-        livenessProbe:
-          httpGet:
-            path: /status.php
-            port: http
-            httpHeaders:
-            - name: Host
-              value: "nextcloud.kube.home"
-          initialDelaySeconds: 10
-          periodSeconds: 10
-          timeoutSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
-        readinessProbe:
-          httpGet:
-            path: /status.php
-            port: 80
-            httpHeaders:
-            - name: Host
-              value: "nextcloud.kube.home"
-          initialDelaySeconds: 10
-          periodSeconds: 10
-          timeoutSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
+        - name: nextcloud
+          image: nextcloud:28.0.1-apache
+          imagePullPolicy: IfNotPresent
+          env:
+            
+            - name: POSTGRES_HOST
+              value: 
+            - name: POSTGRES_DB
+              value: "nextcloud"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-db
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-db
+                  key: password
+            - name: NEXTCLOUD_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud
+                  key: nextcloud-username
+            - name: NEXTCLOUD_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud
+                  key: nextcloud-password
+            - name: NEXTCLOUD_TRUSTED_DOMAINS
+              value: nextcloud.kube.home
+            - name: NEXTCLOUD_UPDATE
+              value: "1"
+            - name: NEXTCLOUD_DATA_DIR
+              value: "/var/www/html/data"
+          resources:
+            {}
+          volumeMounts:
+            - name: nextcloud-main
+              mountPath: /var/www/
+              subPath: root
+            - name: nextcloud-main
+              mountPath: /var/www/html
+              subPath: html
+            - name: nextcloud-main
+              mountPath: /var/www/html/data
+              subPath: data
+            - name: nextcloud-main
+              mountPath: /var/www/html/config
+              subPath: config
+            - name: nextcloud-main
+              mountPath: /var/www/html/custom_apps
+              subPath: custom_apps
+            - name: nextcloud-main
+              mountPath: /var/www/tmp
+              subPath: tmp
+            - name: nextcloud-main
+              mountPath: /var/www/html/themes
+              subPath: themes
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/locale.config.php
+              subPath: locale.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/redis.config.php
+              subPath: redis.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/.htaccess
+              subPath: .htaccess
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/apcu.config.php
+              subPath: apcu.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/apps.config.php
+              subPath: apps.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/autoconfig.php
+              subPath: autoconfig.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/smtp.config.php
+              subPath: smtp.config.php
+        - name: nextcloud-nginx
+          image: "nginx:alpine"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              protocol: TCP
+              containerPort: 80
+          livenessProbe:
+            httpGet:
+              path: /status.php
+              port:  80
+              httpHeaders:
+              - name: Host
+                value: "nextcloud.kube.home"
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /status.php
+              port:  80
+              httpHeaders:
+              - name: Host
+                value: "nextcloud.kube.home"
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3

-        resources:
-          {}
-        volumeMounts:
-        - name: nextcloud-main
-          mountPath: /var/www/
-          subPath: root
-        - name: nextcloud-main
-          mountPath: /var/www/html
-          subPath: html
-        - name: nextcloud-main
-          mountPath: /var/www/html/data
-          subPath: data
-        - name: nextcloud-main
-          mountPath: /var/www/html/config
-          subPath: config
-        - name: nextcloud-main
-          mountPath: /var/www/html/custom_apps
-          subPath: custom_apps
-        - name: nextcloud-main
-          mountPath: /var/www/tmp
-          subPath: tmp
-        - name: nextcloud-main
-          mountPath: /var/www/html/themes
-          subPath: themes
-        - name: nextcloud-nginx-config
-          mountPath: /etc/nginx/nginx.conf
-          subPath: nginx.conf
+          resources:
+            {}
+          volumeMounts:
+            - name: nextcloud-main
+              mountPath: /var/www/
+              subPath: root
+            - name: nextcloud-main
+              mountPath: /var/www/html
+              subPath: html
+            - name: nextcloud-main
+              mountPath: /var/www/html/data
+              subPath: data
+            - name: nextcloud-main
+              mountPath: /var/www/html/config
+              subPath: config
+            - name: nextcloud-main
+              mountPath: /var/www/html/custom_apps
+              subPath: custom_apps
+            - name: nextcloud-main
+              mountPath: /var/www/tmp
+              subPath: tmp
+            - name: nextcloud-main
+              mountPath: /var/www/html/themes
+              subPath: themes
+            - name: nextcloud-nginx-config
+              mountPath: /etc/nginx/conf.d/
      volumes:
-      - name: nextcloud-main
-        persistentVolumeClaim:
-          claimName: nextcloud-nextcloud
-      - name: nextcloud-config
-        configMap:
-          name: nextcloud-config
-      - name: nextcloud-nginx-config
-        configMap:
-          name: nextcloud-nginxconfig
+        - name: nextcloud-main
+          persistentVolumeClaim:
+            claimName: nextcloud-nextcloud
+        - name: nextcloud-config
+          configMap:
+            name: nextcloud-config
+        - name: nextcloud-nginx-config
+          configMap:
+            name: nextcloud-nginxconfig
      securityContext:
        # Will mount configuration files as www-data (id: 82) for nextcloud
        fsGroup: 82
--- a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
+++ b/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: app
--- a/apps/nextcloud/datas.tf
+++ b/apps/nextcloud/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/nextcloud/index.yaml
+++ b/apps/nextcloud/index.yaml
@@ -6,26 +6,6 @@ metadata:
  name: nextcloud
  description: null
 options:
-  postgres:
-    default:
-      replicas: 1
-      storage: 5Gi
-      version: '14'
-    examples:
-    - replicas: 1
-      storage: 5Gi
-      version: '14'
-    properties:
-      replicas:
-        default: 1
-        type: integer
-      storage:
-        default: 5Gi
-        type: string
-      version:
-        default: '14'
-        type: string
-    type: object
  admin:
    default:
      name: nextcloud_admin
@@ -36,126 +16,68 @@ options:
        default: nextcloud_admin
        type: string
    type: object
-  domain-name:
-    default: your_company.com
+  domain:
+    default: your-company
    examples:
-    - your_company.com
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
+    - your-company
    type: string
  app-group:
    default: ''
    examples:
    - ''
    type: string
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      restic-key: bck-password
-      retention:
-        db: 30d
-        keepDaily: 14
-        keepMonthly: 12
-        keepWeekly: 6
-        keepYearly: 12
-      schedule:
-        backup: 30 3 * * *
-        check: 30 5 * * 1
-        db: 30 3 * * *
-        prune: 30 1 * * 0
-      secret-key: s3-secret
-      secret-name: backup-settings
-      use-barman: false
+  openid-name:
+    default: vynil
    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      restic-key: bck-password
-      retention:
-        db: 30d
-        keepDaily: 14
-        keepMonthly: 12
-        keepWeekly: 6
-        keepYearly: 12
-      schedule:
-        backup: 30 3 * * *
-        check: 30 5 * * 1
-        db: 30 3 * * *
-        prune: 30 1 * * 0
-      secret-key: s3-secret
-      secret-name: backup-settings
-      use-barman: false
+    - vynil
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      restic-key:
-        default: bck-password
-        type: string
-      retention:
+      exporter:
        default:
-          db: 30d
-          keepDaily: 14
-          keepMonthly: 12
-          keepWeekly: 6
-          keepYearly: 12
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
        properties:
-          db:
-            default: 30d
-            type: string
-          keepDaily:
-            default: 14
-            type: integer
-          keepMonthly:
-            default: 12
-            type: integer
-          keepWeekly:
-            default: 6
-            type: integer
-          keepYearly:
-            default: 12
-            type: integer
-        type: object
-      schedule:
-        default:
-          backup: 30 3 * * *
-          check: 30 5 * * 1
-          db: 30 3 * * *
-          prune: 30 1 * * 0
-        properties:
-          backup:
-            default: 30 3 * * *
-            type: string
-          check:
-            default: 30 5 * * 1
-            type: string
-          db:
-            default: 30 3 * * *
-            type: string
-          prune:
-            default: 30 1 * * 0
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
            type: string
        type: object
-      secret-key:
-        default: s3-secret
+      image:
+        default: quay.io/opstree/redis:v7.0.12
        type: string
-      secret-name:
-        default: backup-settings
+      storage:
+        default: 2Gi
        type: string
-      use-barman:
-        default: false
-        type: boolean
    type: object
  storage:
    default:
@@ -176,41 +98,6 @@ options:
        default: 10Gi
        type: string
    type: object
-  sub-domain:
-    default: files
-    examples:
-    - files
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  hpa:
-    default:
-      avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
-    examples:
-    - avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
-    properties:
-      avg-cpu:
-        default: 50
-        type: integer
-      max-replicas:
-        default: 5
-        type: integer
-      min-replicas:
-        default: 1
-        type: integer
-    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
  images:
    default:
      collabora:
@@ -374,43 +261,131 @@ options:
            type: string
        type: object
    type: object
-  openid-name:
-    default: vynil
-    examples:
-    - vynil
-    type: string
-  redis:
+  hpa:
    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 2Gi
+      avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.12
-      storage: 2Gi
+    - avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
    properties:
-      exporter:
+      avg-cpu:
+        default: 50
+        type: integer
+      max-replicas:
+        default: 5
+        type: integer
+      min-replicas:
+        default: 1
+        type: integer
+    type: object
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      restic-key: bck-password
+      retention:
+        db: 30d
+        keepDaily: 14
+        keepMonthly: 12
+        keepWeekly: 6
+        keepYearly: 12
+      schedule:
+        backup: 30 3 * * *
+        check: 30 5 * * 1
+        db: 30 3 * * *
+        prune: 30 1 * * 0
+      secret-key: s3-secret
+      secret-name: backup-settings
+      use-barman: false
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      restic-key: bck-password
+      retention:
+        db: 30d
+        keepDaily: 14
+        keepMonthly: 12
+        keepWeekly: 6
+        keepYearly: 12
+      schedule:
+        backup: 30 3 * * *
+        check: 30 5 * * 1
+        db: 30 3 * * *
+        prune: 30 1 * * 0
+      secret-key: s3-secret
+      secret-name: backup-settings
+      use-barman: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      restic-key:
+        default: bck-password
+        type: string
+      retention:
        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
+          db: 30d
+          keepDaily: 14
+          keepMonthly: 12
+          keepWeekly: 6
+          keepYearly: 12
        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
+          db:
+            default: 30d
+            type: string
+          keepDaily:
+            default: 14
+            type: integer
+          keepMonthly:
+            default: 12
+            type: integer
+          keepWeekly:
+            default: 6
+            type: integer
+          keepYearly:
+            default: 12
+            type: integer
+        type: object
+      schedule:
+        default:
+          backup: 30 3 * * *
+          check: 30 5 * * 1
+          db: 30 3 * * *
+          prune: 30 1 * * 0
+        properties:
+          backup:
+            default: 30 3 * * *
+            type: string
+          check:
+            default: 30 5 * * 1
+            type: string
+          db:
+            default: 30 3 * * *
+            type: string
+          prune:
+            default: 30 1 * * 0
            type: string
        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.12
+      secret-key:
+        default: s3-secret
        type: string
-      storage:
-        default: 2Gi
+      secret-name:
+        default: backup-settings
        type: string
+      use-barman:
+        default: false
+        type: boolean
    type: object
  apps:
    default:
@@ -502,6 +477,31 @@ options:
        default: true
        type: boolean
    type: object
+  postgres:
+    default:
+      replicas: 1
+      storage: 5Gi
+      version: '14'
+    examples:
+    - replicas: 1
+      storage: 5Gi
+      version: '14'
+    properties:
+      replicas:
+        default: 1
+        type: integer
+      storage:
+        default: 5Gi
+        type: string
+      version:
+        default: '14'
+        type: string
+    type: object
+  sub-domain:
+    default: files
+    examples:
+    - files
+    type: string
 dependencies:
 - dist: null
  category: share
--- a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
+++ b/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
@@ -6,7 +6,7 @@ metadata:
  namespace: "vynil-cloud"
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
--- a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
+++ b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud-config
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
 data:
--- a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
+++ b/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
@@ -5,169 +5,140 @@ metadata:
  name: nextcloud-nginxconfig
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
 data:
-  nginx.conf: |-
-    worker_processes auto;
-
-    error_log  /var/log/nginx/error.log warn;
-    pid        /tmp/nginx.pid;
-
-
-    events {
-        worker_connections  1024;
+  default.conf: |-
+    upstream php-handler {
+        server 127.0.0.1:9000;
    }

+    server {
+        listen 80;

-    http {
-        include       /etc/nginx/mime.types;
-        default_type  application/octet-stream;
+        # HSTS settings
+        # WARNING: Only add the preload option once you read about
+        # the consequences in https://hstspreload.org/. This option
+        # will add the domain to a hardcoded list that is shipped
+        # in all major browsers and getting removed from this list
+        # could take several months.
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

-        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                          '$status $body_bytes_sent "$http_referer" '
-                          '"$http_user_agent" "$http_x_forwarded_for"';
+        # set max upload size
+        client_max_body_size 10G;
+        fastcgi_buffers 64 4K;

-        access_log  /var/log/nginx/access.log  main;
+        # Enable gzip but do not remove ETag headers
+        gzip on;
+        gzip_vary on;
+        gzip_comp_level 4;
+        gzip_min_length 256;
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

-        sendfile        on;
-        #tcp_nopush     on;
+        # Pagespeed is not supported by Nextcloud, so if your server is built
+        # with the `ngx_pagespeed` module, uncomment this line to disable it.
+        #pagespeed off;

-        keepalive_timeout  65;
+        # HTTP response headers borrowed from Nextcloud `.htaccess`
+        add_header Referrer-Policy                      "no-referrer"       always;
+        add_header X-Content-Type-Options               "nosniff"           always;
+        add_header X-Download-Options                   "noopen"            always;
+        add_header X-Frame-Options                      "SAMEORIGIN"        always;
+        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
+        add_header X-Robots-Tag                         "noindex, nofollow" always;
+        add_header X-XSS-Protection                     "1; mode=block"     always;

-        #gzip  on;
+        # Remove X-Powered-By, which is an information leak
+        fastcgi_hide_header X-Powered-By;

-        upstream php-handler {
-            server 127.0.0.1:9000;
+        # Path to the root of your installation
+        root /var/www/html;
+
+        # Specify how to handle directories -- specifying `/index.php$request_uri`
+        # here as the fallback means that Nginx always exhibits the desired behaviour
+        # when a client requests a path that corresponds to a directory that exists
+        # on the server. In particular, if that directory contains an index.php file,
+        # that file is correctly served; if it doesn't, then the request is passed to
+        # the front-end controller. This consistent behaviour means that we don't need
+        # to specify custom rules for certain paths (e.g. images and other assets,
+        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
+        # `try_files $uri $uri/ /index.php$request_uri`
+        # always provides the desired behaviour.
+        index index.php index.html /index.php$request_uri;
+
+        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+        location = / {
+            if ( $http_user_agent ~ ^DavClnt ) {
+                return 302 /remote.php/webdav/$is_args$args;
+            }
        }

-        server {
-            listen 80;
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }

-            # HSTS settings
-            # WARNING: Only add the preload option once you read about
-            # the consequences in https://hstspreload.org/. This option
-            # will add the domain to a hardcoded list that is shipped
-            # in all major browsers and getting removed from this list
-            # could take several months.
-            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        # Make a regex exception for `/.well-known` so that clients can still
+        # access it despite the existence of the regex rule
+        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        # for `/.well-known`.
+        location ^~ /.well-known {
+            # The following 6 rules are borrowed from `.htaccess`

-            # set max upload size
-            client_max_body_size 10G;
-            fastcgi_buffers 64 4K;
+            location = /.well-known/carddav     { return 301 /remote.php/dav/; }
+            location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+            # Anything else is dynamically handled by Nextcloud
+            location ^~ /.well-known            { return 301 /index.php$uri; }

-            # Enable gzip but do not remove ETag headers
-            gzip on;
-            gzip_vary on;
-            gzip_comp_level 4;
-            gzip_min_length 256;
-            gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-            gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+            try_files $uri $uri/ =404;
+        }

-            # Pagespeed is not supported by Nextcloud, so if your server is built
-            # with the `ngx_pagespeed` module, uncomment this line to disable it.
-            #pagespeed off;
+        # Rules borrowed from `.htaccess` to hide certain paths from clients
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }

-            # HTTP response headers borrowed from Nextcloud `.htaccess`
-            add_header Referrer-Policy                      "no-referrer"       always;
-            add_header X-Content-Type-Options               "nosniff"           always;
-            add_header X-Download-Options                   "noopen"            always;
-            add_header X-Frame-Options                      "SAMEORIGIN"        always;
-            add_header X-Permitted-Cross-Domain-Policies    "none"              always;
-            add_header X-Robots-Tag                         "noindex, nofollow" always;
-            add_header X-XSS-Protection                     "1; mode=block"     always;
+        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+        # which handle static assets (as seen below). If this block is not declared first,
+        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+        # to the URI, resulting in a HTTP 500 error response.
+        location ~ \.php(?:$|/) {
+            # Required for legacy support
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

-            # Remove X-Powered-By, which is an information leak
-            fastcgi_hide_header X-Powered-By;
+            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+            set $path_info $fastcgi_path_info;

-            # Path to the root of your installation
-            root /var/www/html;
+            try_files $fastcgi_script_name =404;

-            # Specify how to handle directories -- specifying `/index.php$request_uri`
-            # here as the fallback means that Nginx always exhibits the desired behaviour
-            # when a client requests a path that corresponds to a directory that exists
-            # on the server. In particular, if that directory contains an index.php file,
-            # that file is correctly served; if it doesn't, then the request is passed to
-            # the front-end controller. This consistent behaviour means that we don't need
-            # to specify custom rules for certain paths (e.g. images and other assets,
-            # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
-            # `try_files $uri $uri/ /index.php$request_uri`
-            # always provides the desired behaviour.
-            index index.php index.html /index.php$request_uri;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $path_info;
+            #fastcgi_param HTTPS on;

-            # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
-            location = / {
-                if ( $http_user_agent ~ ^DavClnt ) {
-                    return 302 /remote.php/webdav/$is_args$args;
-                }
-            }
+            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
+            fastcgi_param front_controller_active true;     # Enable pretty urls
+            fastcgi_pass php-handler;

-            location = /robots.txt {
-                allow all;
-                log_not_found off;
-                access_log off;
-            }
+            fastcgi_intercept_errors on;
+            fastcgi_request_buffering off;
+        }

-            # Make a regex exception for `/.well-known` so that clients can still
-            # access it despite the existence of the regex rule
-            # `location ~ /(\.|autotest|...)` which would otherwise handle requests
-            # for `/.well-known`.
-            location ^~ /.well-known {
-                # The following 6 rules are borrowed from `.htaccess`
+        location ~ \.(?:css|js|svg|gif)$ {
+            try_files $uri /index.php$request_uri;
+            expires 6M;         # Cache-Control policy borrowed from `.htaccess`
+            access_log off;     # Optional: Don't log access to assets
+        }

-                location = /.well-known/carddav     { return 301 /remote.php/dav/; }
-                location = /.well-known/caldav      { return 301 /remote.php/dav/; }
-                # Anything else is dynamically handled by Nextcloud
-                location ^~ /.well-known            { return 301 /index.php$uri; }
+        location ~ \.woff2?$ {
+            try_files $uri /index.php$request_uri;
+            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
+            access_log off;     # Optional: Don't log access to assets
+        }

-                try_files $uri $uri/ =404;
-            }
-
-            # Rules borrowed from `.htaccess` to hide certain paths from clients
-            location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
-            location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
-
-            # Ensure this block, which passes PHP files to the PHP process, is above the blocks
-            # which handle static assets (as seen below). If this block is not declared first,
-            # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
-            # to the URI, resulting in a HTTP 500 error response.
-            location ~ \.php(?:$|/) {
-                # Required for legacy support
-                rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
-
-                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-                set $path_info $fastcgi_path_info;
-
-                try_files $fastcgi_script_name =404;
-
-                include fastcgi_params;
-                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-                fastcgi_param PATH_INFO $path_info;
-                #fastcgi_param HTTPS on;
-
-                fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
-                fastcgi_param front_controller_active true;     # Enable pretty urls
-                fastcgi_pass php-handler;
-
-                fastcgi_intercept_errors on;
-                fastcgi_request_buffering off;
-            }
-
-            location ~ \.(?:css|js|svg|gif)$ {
-                try_files $uri /index.php$request_uri;
-                expires 6M;         # Cache-Control policy borrowed from `.htaccess`
-                access_log off;     # Optional: Don't log access to assets
-            }
-
-            location ~ \.woff2?$ {
-                try_files $uri /index.php$request_uri;
-                expires 7d;         # Cache-Control policy borrowed from `.htaccess`
-                access_log off;     # Optional: Don't log access to assets
-            }
-
-            location / {
-                try_files $uri $uri/ /index.php$request_uri;
-            }
+        location / {
+            try_files $uri $uri/ /index.php$request_uri;
        }
    }
--- a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
+++ b/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud-nextcloud
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: app
--- a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml
+++ b/apps/nextcloud/v1_Service_nextcloud-metrics.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud-metrics
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: metrics
--- a/apps/nextcloud/v1_Service_nextcloud.yaml
+++ b/apps/nextcloud/v1_Service_nextcloud.yaml
@@ -5,7 +5,7 @@ metadata:
  name: nextcloud
  labels:
    app.kubernetes.io/name: nextcloud
-    helm.sh/chart: nextcloud-4.3.6
+    helm.sh/chart: nextcloud-4.5.11
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: app
--- a/apps/okd/datas.tf
+++ b/apps/okd/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/okd/index.yaml
+++ b/apps/okd/index.yaml
@@ -6,36 +6,21 @@ metadata:
  name: okd
  description: null
 options:
-  app-group:
-    default: infra
+  domain-name:
+    default: your_company.com
    examples:
-    - infra
+    - your_company.com
    type: string
-  issuer:
-    default: letsencrypt-prod
+  sub-domain:
+    default: okd
    examples:
-    - letsencrypt-prod
+    - okd
    type: string
-  ingress-class:
-    default: traefik
+  domain:
+    default: your-company
    examples:
-    - traefik
+    - your-company
    type: string
-  cluster-admin:
-    default: false
-    examples:
-    - false
-    type: boolean
-  managed:
-    default: false
-    examples:
-    - false
-    type: boolean
-  namespaces:
-    default: []
-    items:
-      type: string
-    type: array
  images:
    default:
      okd:
@@ -75,21 +60,36 @@ options:
            type: string
        type: object
    type: object
-  domain-name:
-    default: your_company.com
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - your_company.com
+    - letsencrypt-prod
    type: string
-  domain:
-    default: your-company
+  app-group:
+    default: infra
    examples:
-    - your-company
+    - infra
    type: string
-  sub-domain:
-    default: okd
+  managed:
+    default: false
    examples:
-    - okd
+    - false
+    type: boolean
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
    type: string
+  cluster-admin:
+    default: false
+    examples:
+    - false
+    type: boolean
+  namespaces:
+    default: []
+    items:
+      type: string
+    type: array
 dependencies:
 - dist: null
  category: share
--- a/apps/traefik-ui/datas.tf
+++ b/apps/traefik-ui/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/traefik-ui/index.yaml
+++ b/apps/traefik-ui/index.yaml
@@ -6,16 +6,21 @@ metadata:
  name: traefik-ui
  description: Access to the Traefik UI
 options:
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
+  app-group:
+    default: infra
+    examples:
+    - infra
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
  ingress-class:
    default: traefik
    examples:
@@ -31,11 +36,6 @@ options:
    examples:
    - your_company.com
    type: string
-  app-group:
-    default: infra
-    examples:
-    - infra
-    type: string
 dependencies:
 - dist: null
  category: share
--- a/apps/woodpecker/datas.tf
+++ b/apps/woodpecker/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/apps/woodpecker/gitea_token.tf
+++ b/apps/woodpecker/gitea_token.tf
@@ -1,3 +1,9 @@
+locals {
+  gitea_host = "http://gitea-http.${var.domain}-ci.svc:3000/"
+  gitea_username = data.kubernetes_secret_v1.gitea.data["username"]
+  gitea_password = data.kubernetes_secret_v1.gitea.data["password"]
+}
+
 data "kubernetes_secret_v1" "gitea" {
  metadata {
    name = "gitea-admin-user"
--- a/apps/woodpecker/index.yaml
+++ b/apps/woodpecker/index.yaml
@@ -6,35 +6,46 @@ metadata:
  name: woodpecker
  description: null
 options:
-  sub-domain:
-    default: ci
-    examples:
-    - ci
-    type: string
-  storage-server:
+  storage-agent:
    default:
-      accessMode: ReadWriteOnce
      size: 10Gi
+      storageClass: ''
+      writeMany: 'false'
    examples:
-    - accessMode: ReadWriteOnce
-      size: 10Gi
+    - size: 10Gi
+      storageClass: ''
+      writeMany: 'false'
    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
      size:
        default: 10Gi
        type: string
+      storageClass:
+        default: ''
+        type: string
+      writeMany:
+        default: 'false'
+        type: string
    type: object
  admin-users:
    default: woodpecker,admin
    examples:
    - woodpecker,admin
    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  app-group:
+    default: dev
+    examples:
+    - dev
+    type: string
  images:
    default:
      agent:
@@ -132,51 +143,35 @@ options:
            type: string
        type: object
    type: object
+  storage-server:
+    default:
+      accessMode: ReadWriteOnce
+      size: 10Gi
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 10Gi
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 10Gi
+        type: string
+    type: object
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  app-group:
-    default: dev
-    examples:
-    - dev
-    type: string
-  storage-agent:
-    default:
-      size: 10Gi
-      storageClass: ''
-      writeMany: 'false'
-    examples:
-    - size: 10Gi
-      storageClass: ''
-      writeMany: 'false'
-    properties:
-      size:
-        default: 10Gi
-        type: string
-      storageClass:
-        default: ''
-        type: string
-      writeMany:
-        default: 'false'
-        type: string
-    type: object
  timeouts:
    default:
      default: '60'
@@ -192,6 +187,11 @@ options:
        default: '120'
        type: string
    type: object
+  sub-domain:
+    default: ci
+    examples:
+    - ci
+    type: string
 dependencies:
 - dist: null
  category: apps
--- a/meta/domain-erp/apps.tf
+++ b/meta/domain-erp/apps.tf
@@ -6,6 +6,10 @@ locals {
      "vynil.solidite.fr/issuer" = var.issuer
      "vynil.solidite.fr/ingress" = var.ingress-class
    }
+    annotations_default = {
+      "vynil.solidite.fr/default/domain_name" = var.domain-name
+      "vynil.solidite.fr/default/*" = var.domain-name
+    }
    global = {
        "domain"        = var.namespace
        "domain-name"   = var.domain-name
@@ -27,7 +31,7 @@ locals {
 resource "kubernetes_namespace_v1" "erp-ns" {
  count = ( var.dolibarr.enable )? 1 : 0
  metadata {
-    annotations = local.annotations
+    annotations = merge(local.annotations, local.annotations_default)
    labels = merge(local.common-labels, local.annotations)
    name = "${var.namespace}-erp"
  }
--- a/meta/domain-erp/index.yaml
+++ b/meta/domain-erp/index.yaml
@@ -6,26 +6,6 @@ metadata:
  name: domain-erp
  description: null
 options:
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
  backups:
    default:
      enable: false
@@ -61,6 +41,48 @@ options:
    examples:
    - traefik
    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  dolibarr:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: apps
+    x-vynil-package: dolibarr
  storage-classes:
    default:
      BlockReadWriteMany: ''
@@ -86,28 +108,6 @@ options:
        default: ''
        type: string
    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  dolibarr:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: apps
-    x-vynil-package: dolibarr
 dependencies: []
 providers:
  kubernetes: true
--- a/meta/domain-monitor/index.yaml
+++ b/meta/domain-monitor/index.yaml
@@ -6,7 +6,12 @@ metadata:
  name: domain-monitor
  description: null
 options:
-  dashboards-namespace:
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  alerts-containers:
    default:
      enable: true
    examples:
@@ -17,7 +22,106 @@ options:
        type: boolean
    type: object
    x-vynil-category: monitor
-    x-vynil-package: dashboards-namespace
+    x-vynil-package: alerts-containers
+  loki:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: loki
+  promtail:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: promtail
+  kube-state-metrics:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: kube-state-metrics
+  dashboards-cluster:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: dashboards-cluster
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  app-group:
+    default: monitor
+    examples:
+    - monitor
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  grafana:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: grafana
+  monitor-control-plan:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: monitor-control-plan
+  dashboards-workload:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: dashboards-workload
  backups:
    default:
      enable: false
@@ -48,7 +152,7 @@ options:
        default: backup-settings
        type: string
    type: object
-  alertmanager:
+  alerts-core:
    default:
      enable: true
    examples:
@@ -59,8 +163,8 @@ options:
        type: boolean
    type: object
    x-vynil-category: monitor
-    x-vynil-package: alertmanager
-  loki:
+    x-vynil-package: alerts-core
+  dashboards-namespace:
    default:
      enable: true
    examples:
@@ -71,24 +175,39 @@ options:
        type: boolean
    type: object
    x-vynil-category: monitor
-    x-vynil-package: loki
-  dashboards-workload:
-    default:
-      enable: true
+    x-vynil-package: dashboards-namespace
+  domain-name:
+    default: your_company.com
    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: dashboards-workload
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
+    - your_company.com
    type: string
+  dashboards-minimal:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+    x-vynil-category: monitor
+    x-vynil-package: dashboards-minimal
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
  storage-classes:
    default:
      BlockReadWriteMany: ''
@@ -114,47 +233,6 @@ options:
        default: ''
        type: string
    type: object
-  node-exporter:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: node-exporter
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  monitor-control-plan:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: monitor-control-plan
-  alerts-core:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: alerts-core
  prometheus:
    default:
      enable: true
@@ -167,7 +245,7 @@ options:
    type: object
    x-vynil-category: monitor
    x-vynil-package: prometheus
-  kube-state-metrics:
+  alertmanager:
    default:
      enable: true
    examples:
@@ -178,28 +256,8 @@ options:
        type: boolean
    type: object
    x-vynil-category: monitor
-    x-vynil-package: kube-state-metrics
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
-  alerts-containers:
+    x-vynil-package: alertmanager
+  node-exporter:
    default:
      enable: true
    examples:
@@ -210,65 +268,7 @@ options:
        type: boolean
    type: object
    x-vynil-category: monitor
-    x-vynil-package: alerts-containers
-  dashboards-minimal:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: dashboards-minimal
-  promtail:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: promtail
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  grafana:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: grafana
-  app-group:
-    default: monitor
-    examples:
-    - monitor
-    type: string
-  dashboards-cluster:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-    x-vynil-category: monitor
-    x-vynil-package: dashboards-cluster
+    x-vynil-package: node-exporter
 dependencies: []
 providers:
  kubernetes: true
--- a/monitor/alertmanager/datas.tf
+++ b/monitor/alertmanager/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/monitor/alertmanager/index.yaml
+++ b/monitor/alertmanager/index.yaml
@@ -6,36 +6,21 @@ metadata:
  name: alertmanager
  description: null
 options:
-  replicas:
-    default: 1
-    examples:
-    - 1
-    type: integer
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  listenLocal:
-    default: false
-    examples:
-    - false
-    type: boolean
  sub-domain:
    default: alertmanager
    examples:
    - alertmanager
    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
  app-group:
    default: monitor
    examples:
    - monitor
    type: string
-  logLevel:
-    default: info
-    examples:
-    - info
-    type: string
  images:
    default:
      alertmanager:
@@ -75,15 +60,10 @@ options:
            type: string
        type: object
    type: object
-  issuer:
-    default: letsencrypt-prod
+  logLevel:
+    default: info
    examples:
-    - letsencrypt-prod
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
+    - info
    type: string
  domain-name:
    default: your_company.com
@@ -95,6 +75,26 @@ options:
    examples:
    - 120h
    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  listenLocal:
+    default: false
+    examples:
+    - false
+    type: boolean
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
 dependencies:
 - dist: null
  category: share
--- a/monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml
+++ b/monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "alertmanager"
    heritage: "Helm"
 spec:
--- a/monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml
+++ b/monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "alertmanager"
    heritage: "Helm"
 spec:
--- a/monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml
+++ b/monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "alertmanager"
    heritage: "Helm"
 spec:
--- a/monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml
+++ b/monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "alertmanager"
    heritage: "Helm"
 data:
--- a/monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml
+++ b/monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "alertmanager"
    heritage: "Helm"
 data:
--- a/monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml
+++ b/monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "alertmanager"
    heritage: "Helm"
 automountServiceAccountToken: true
--- a/monitor/grafana/datas.tf
+++ b/monitor/grafana/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/monitor/grafana/index.yaml
+++ b/monitor/grafana/index.yaml
@@ -6,6 +6,35 @@ metadata:
  name: grafana
  description: null
 options:
+  volume:
+    default:
+      accessMode: ReadWriteOnce
+      size: 10Gi
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 10Gi
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 10Gi
+        type: string
+    type: object
+  sub-domain:
+    default: grafana
+    examples:
+    - grafana
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
  images:
    default:
      busybox:
@@ -103,59 +132,30 @@ options:
            type: string
        type: object
    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  sub-domain:
-    default: grafana
-    examples:
-    - grafana
-    type: string
-  volume:
-    default:
-      accessMode: ReadWriteOnce
-      size: 10Gi
-    examples:
-    - accessMode: ReadWriteOnce
-      size: 10Gi
-    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
-      size:
-        default: 10Gi
-        type: string
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  app-group:
-    default: monitor
-    examples:
-    - monitor
-    type: string
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
  admin_name:
    default: grafana_admin
    examples:
    - grafana_admin
    type: string
-  domain:
-    default: your-company
+  app-group:
+    default: monitor
    examples:
-    - your-company
+    - monitor
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
    type: string
 dependencies: []
 providers:
--- a/monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml
+++ b/monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: kube-state-metrics
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "kube-state-metrics"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml
+++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 spec:
--- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml
+++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 data:
--- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml
+++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 data:
--- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml
+++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 data:
--- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml
+++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
 data:
--- a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml
+++ b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
  namespace: kube-system
--- a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml
+++ b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
  namespace: kube-system
--- a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml
+++ b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus-community
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus-community"
    heritage: "Helm"
  namespace: kube-system
--- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml
+++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 spec:
--- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml
+++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 spec:
--- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml
+++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 spec:
--- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml
+++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 spec:
--- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml
+++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 data:
--- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml
+++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 data:
--- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml
+++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 data:
--- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml
+++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: node-exporter
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "node-exporter"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/datas.tf
+++ b/monitor/prometheus/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/monitor/prometheus/index.yaml
+++ b/monitor/prometheus/index.yaml
@@ -6,51 +6,26 @@ metadata:
  name: prometheus
  description: null
 options:
-  alertmanager:
-    default: alertmanager-alertmanager
+  listenLocal:
+    default: false
    examples:
-    - alertmanager-alertmanager
+    - false
+    type: boolean
+  retention:
+    default: 10d
+    examples:
+    - 10d
    type: string
  sub-domain:
    default: prometheus
    examples:
    - prometheus
    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  shards:
-    default: 1
-    examples:
-    - 1
-    type: integer
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
-  enableAdminAPI:
-    default: false
-    examples:
-    - false
-    type: boolean
-  app-group:
-    default: monitor
-    examples:
-    - monitor
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  images:
    default:
      prometheus:
@@ -90,12 +65,37 @@ options:
            type: string
        type: object
    type: object
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
  replicas:
    default: 1
    examples:
    - 1
    type: integer
-  listenLocal:
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  app-group:
+    default: monitor
+    examples:
+    - monitor
+    type: string
+  alertmanager:
+    default: alertmanager-alertmanager
+    examples:
+    - alertmanager-alertmanager
+    type: string
+  enableAdminAPI:
    default: false
    examples:
    - false
@@ -105,11 +105,11 @@ options:
    examples:
    - info
    type: string
-  retention:
-    default: 10d
+  shards:
+    default: 1
    examples:
-    - 10d
-    type: string
+    - 1
+    type: integer
 dependencies:
 - dist: null
  category: share
--- a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml
@@ -8,9 +8,9 @@ metadata:
    app: kube-prometheus-stack-kubelet    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 spec:
--- a/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml
@@ -8,9 +8,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 roleRef:
--- a/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml
@@ -8,9 +8,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 rules:
--- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml
+++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml
@@ -10,9 +10,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml
+++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml
+++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml
+++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml
@@ -12,9 +12,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml
@@ -10,9 +10,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
 data:
--- a/monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml
+++ b/monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml
@@ -12,8 +12,8 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
--- a/monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml
+++ b/monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
  namespace: kube-system
--- a/monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml
+++ b/monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml
@@ -9,9 +9,9 @@ metadata:
    
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: prometheus
-    app.kubernetes.io/version: "56.0.3"
+    app.kubernetes.io/version: "56.0.4"
    app.kubernetes.io/part-of: kube-prometheus-stack
-    chart: kube-prometheus-stack-56.0.3
+    chart: kube-prometheus-stack-56.0.4
    release: "prometheus"
    heritage: "Helm"
  namespace: kube-system
--- a/share/accounts-management/datas.tf
+++ b/share/accounts-management/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/share/accounts-management/index.yaml
+++ b/share/accounts-management/index.yaml
@@ -6,18 +6,6 @@ metadata:
  name: accounts-management
  description: null
 options:
-  employes:
-    default:
-      apps: []
-    examples:
-    - apps: []
-    properties:
-      apps:
-        default: []
-        items:
-          type: string
-        type: array
-    type: object
  domain:
    default: your-company
    examples:
@@ -57,6 +45,18 @@ options:
        default: false
        type: boolean
    type: object
+  employes:
+    default:
+      apps: []
+    examples:
+    - apps: []
+    properties:
+      apps:
+        default: []
+        items:
+          type: string
+        type: array
+    type: object
 dependencies:
 - dist: null
  category: share
--- a/share/authentik-forward/datas.tf
+++ b/share/authentik-forward/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/share/authentik-forward/index.yaml
+++ b/share/authentik-forward/index.yaml
@@ -11,23 +11,23 @@ options:
    examples:
    - letsencrypt-prod
    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  ingress-class:
    default: traefik
    examples:
    - traefik
    type: string
-  sub-domain:
-    default: null
  domain:
    default: your-company
    examples:
    - your-company
    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  sub-domain:
+    default: null
 dependencies:
 - dist: null
  category: share
--- a/share/authentik-forward/outpost-forward.tf
+++ b/share/authentik-forward/outpost-forward.tf
@@ -1,9 +1,8 @@
 locals {
  request_headers = {
    "Content-Type"  = "application/json"
-    Authorization   = "Bearer ${local.authentik-token}"
+    Authorization   = "Bearer ${local.authentik_token}"
  }
-  authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  forward-outpost-json = jsondecode(data.http.get_forward_outpost.response_body).results
  forward-outpost-providers = length(local.forward-outpost-json)>0?(contains(local.forward-outpost-json[0].providers, authentik_provider_proxy.provider_forward.id)?local.forward-outpost-json[0].providers:concat(local.forward-outpost-json[0].providers, [authentik_provider_proxy.provider_forward.id])):[authentik_provider_proxy.provider_forward.id]
 }
--- a/share/authentik-ldap/datas.tf
+++ b/share/authentik-ldap/datas.tf
@@ -1,4 +1,6 @@
 locals {
+  authentik_url = "http://authentik.${var.domain}-auth.svc"
+  authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  common-labels = {
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
--- a/share/authentik-ldap/outpost-ldap.tf
+++ b/share/authentik-ldap/outpost-ldap.tf
@@ -1,9 +1,8 @@
 locals {
  request_headers = {
    "Content-Type"  = "application/json"
-    Authorization   = "Bearer ${local.authentik-token}"
+    Authorization   = "Bearer ${local.authentik_token}"
  }
-  authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
  ldap-outpost-json = jsondecode(data.http.get_ldap_outpost.response_body).results
  ldap-outpost-prividers = length(local.ldap-outpost-json)>0?(contains(local.ldap-outpost-json[0].providers, authentik_provider_ldap.provider_ldap.id)?local.ldap-outpost-json[0].providers:concat(local.ldap-outpost-json[0].providers, [authentik_provider_ldap.provider_ldap.id])):[authentik_provider_ldap.provider_ldap.id]
 }
--- a/share/authentik/apps_v1_Deployment_authentik-server.yaml
+++ b/share/authentik/apps_v1_Deployment_authentik-server.yaml
@@ -4,13 +4,15 @@ kind: Deployment
 metadata:
  name: authentik-server
  labels:
-    helm.sh/chart: authentik-2023.8.3
+    helm.sh/chart: authentik-2023.10.6
    app.kubernetes.io/name: authentik
    app.kubernetes.io/instance: authentik
-    app.kubernetes.io/version: "2023.8.3"
+    app.kubernetes.io/version: "2023.10.6"
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: "server"
 spec:
+  strategy:
+    {}
  selector:
    matchLabels:
      app.kubernetes.io/name: authentik
@@ -22,16 +24,16 @@ spec:
        app.kubernetes.io/name: authentik
        app.kubernetes.io/instance: authentik
        app.kubernetes.io/component: "server"
-        app.kubernetes.io/version: "2023.8.3"
+        app.kubernetes.io/version: "2023.10.6"
      annotations:
-        goauthentik.io/config-checksum: 08cc036af634e14e21493747fd10c37a9e31a9ed71f8e668884f7dfc86a936bd
+        goauthentik.io/config-checksum: 1beef732e07ae88db4d75233936272af195329398ffec096097feae528030fb0
    spec:
      enableServiceLinks: true
      securityContext:
        {}
      containers:
        - name: authentik
-          image: "ghcr.io/goauthentik/server:2023.8.3"
+          image: "ghcr.io/goauthentik/server:2023.10.6"
          imagePullPolicy: "IfNotPresent"
          args: ["server"]
          env:
--- a/Show More
+++ b/Show More