2026-04-20 01:09:32 +00:00
27 changed files with 78 additions and 100 deletions
--- a/clusters/cl01tl/helm/argocd/Chart.lock
+++ b/clusters/cl01tl/helm/argocd/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 9.5.1
-digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78
-generated: "2026-04-16T15:57:15.168206017Z"
+  version: 9.5.2
+digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
+generated: "2026-04-19T19:53:40.43789-05:00"
--- a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
@@ -1,70 +1,42 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-oidc-secret
+  name: argocd-oidc-authentik
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-oidc-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: secret
      remoteRef:
-        key: /authentik/oidc/argocd
+        key: /cl01tl/authentik/oidc/argocd
        property: secret
    - secretKey: client
      remoteRef:
-        key: /authentik/oidc/argocd
+        key: /cl01tk/authentik/oidc/argocd
        property: client

 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-notifications-secret
+  name: argocd-notifications-ntfy
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-notifications-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: ntfy-token
      remoteRef:
-        key: /ntfy/user/cl01tl
+        key: /cl01tl/ntfy/users/cl01tl
        property: token
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: argocd-gitea-repo-infrastructure-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: type
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: type
-    - secretKey: url
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: url
-    - secretKey: sshPrivateKey
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: sshPrivateKey
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -13,8 +13,8 @@ argo-cd:
        connectors:
        - config:
            issuer: https://authentik.alexlebens.net/application/o/argocd/
-            clientID: $argocd-oidc-secret:client
-            clientSecret: $argocd-oidc-secret:secret
+            clientID: $argocd-oidc-authentik:client
+            clientSecret: $argocd-oidc-authentik:secret
            insecureEnableGroups: true
            scopes:
              - openid
@@ -205,7 +205,7 @@ argo-cd:
    argocdUrl: https://argocd.alexlebens.net
    secret:
      create: false
-      name: argocd-notifications-secret
+      name: argocd-notifications-ntfy
    metrics:
      enabled: true
      serviceMonitor:
--- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
@@ -1,18 +1,24 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: audiobookshelf-apprise-config
+  name: audiobookshelf-config-apprise
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-apprise-config
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
  data:
-    - secretKey: ntfy-url
+    - secretKey: internal-endpoint-credential
      remoteRef:
-        key: /cl01tl/audiobookshelf/apprise
-        property: ntfy-url
+        key: /cl01tl/ntfy/users/cl01tl
+        property: internal-endpoint-credential
--- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
@@ -4,11 +4,11 @@ metadata:
  name: audiobookshelf-books-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-books-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: audiobookshelf-books-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -23,11 +23,11 @@ metadata:
  name: audiobookshelf-audiobooks-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: audiobookshelf-audiobooks-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -42,11 +42,11 @@ metadata:
  name: audiobookshelf-podcasts-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: audiobookshelf-podcasts-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
@@ -4,7 +4,7 @@ metadata:
  name: audiobookshelf-books-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-books-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -29,7 +29,7 @@ metadata:
  name: audiobookshelf-audiobooks-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -54,7 +54,7 @@ metadata:
  name: audiobookshelf-podcasts-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/audiobookshelf/values.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml
@@ -40,7 +40,7 @@ audiobookshelf:
            - name: APPRISE_STATELESS_URLS
              valueFrom:
                secretKeyRef:
-                  name: audiobookshelf-apprise-config
+                  name: audiobookshelf-config-apprise
                  key: ntfy-url
  service:
    main:
--- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml
@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: authentik-key-secret
+  name: authentik-key
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: authentik-key-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: key
      remoteRef:
--- a/clusters/cl01tl/helm/authentik/templates/ingress.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/ingress.yaml
@@ -4,7 +4,7 @@ metadata:
  name: authentik-tailscale
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: authentik-tailscale
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
    tailscale.com/proxy-class: no-metrics
--- a/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
@@ -4,7 +4,7 @@ metadata:
  name: allow-outpost-cross-namespace-access
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: allow-outpost-cross-namespace-access
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/authentik/values.yaml
+++ b/clusters/cl01tl/helm/authentik/values.yaml
@@ -4,7 +4,7 @@ authentik:
      - name: AUTHENTIK_SECRET_KEY
        valueFrom:
          secretKeyRef:
-            name: authentik-key-secret
+            name: authentik-key
            key: key
      - name: AUTHENTIK_POSTGRESQL__HOST
        valueFrom:
--- a/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
@@ -4,11 +4,11 @@ metadata:
  name: backrest-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: backrest-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -23,11 +23,11 @@ metadata:
  name: backrest-nfs-share
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-share
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: backrest-nfs-share
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
@@ -4,7 +4,7 @@ metadata:
  name: backrest-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -29,7 +29,7 @@ metadata:
  name: backrest-nfs-share
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-share
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: bazarr-key-secret
+  name: bazarr-key
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bazarr-key-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: key
      remoteRef:
--- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
@@ -4,11 +4,11 @@ metadata:
  name: bazarr-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bazarr-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: bazarr-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
@@ -4,7 +4,7 @@ metadata:
  name: bazarr-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bazarr-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/bazarr/values.yaml
+++ b/clusters/cl01tl/helm/bazarr/values.yaml
@@ -39,7 +39,7 @@ bazarr:
            - name: APIKEY
              valueFrom:
                secretKeyRef:
-                  name: bazarr-key-secret
+                  name: bazarr-key
                  key: key
            - name: ENABLE_ADDITIONAL_METRICS
              value: false
--- a/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
@@ -4,7 +4,7 @@ metadata:
  name: letsencrypt-issuer
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: letsencrypt-issuer
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
@@ -4,15 +4,15 @@ metadata:
  name: cloudflare-api-token
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: cloudflare-api-token
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: api-token
      remoteRef:
-        key: /cloudflare/alexlebens.net/clusterissuer
+        key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
        property: token
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-bgp-advertisements
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-bgp-advertisements
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-bgp
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-bgp
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-peer
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-peer
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
--- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -4,7 +4,7 @@ metadata:
  name: default-ip-pool
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: default-ip-pool
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -19,7 +19,7 @@ metadata:
  name: bgp-ip-pool
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bgp-ip-pool
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-tls-gateway
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-tls-gateway
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 #   annotations:
--- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml
@@ -4,7 +4,7 @@ metadata:
  name: hubble
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: hubble
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: dawarich-key-secret
+  name: dawarich-key
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: dawarich-key-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: key
      remoteRef:
@@ -21,22 +21,22 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: dawarich-oidc-secret
+  name: dawarich-oidc-authentik
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: dawarich-oidc-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: client
      remoteRef:
-        key: /authentik/oidc/dawarich
+        key: /cl01tl/authentik/oidc/dawarich
        property: client
    - secretKey: secret
      remoteRef:
-        key: /authentik/oidc/dawarich
+        key: /cl01tl/authentik/oidc/dawarich
        property: secret
--- a/clusters/cl01tl/helm/dawarich/values.yaml
+++ b/clusters/cl01tl/helm/dawarich/values.yaml
@@ -61,12 +61,12 @@ dawarich:
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
-                  name: dawarich-oidc-secret
+                  name: dawarich-oidc-authentik
                  key: client
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
-                  name: dawarich-oidc-secret
+                  name: dawarich-oidc-authentik
                  key: secret
            - name: OIDC_PROVIDER_NAME
              value: Authentik
@@ -81,7 +81,7 @@ dawarich:
            - name: SECRET_KEY_BASE
              valueFrom:
                secretKeyRef:
-                  name: dawarich-key-secret
+                  name: dawarich-key
                  key: key
            - name: RAILS_LOG_TO_STDOUT
              value: true