From 0a61958efa821ee73dbd70eea0f092fa4b317ebc Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Tue, 6 Sep 2022 02:20:55 +0300 Subject: [PATCH] fix(authentik): use https://localhost:9443 for outposts (#3708) --- charts/incubator/authentik/Chart.yaml | 2 +- charts/incubator/authentik/docs/installation_notes.md | 7 +++++-- charts/incubator/authentik/questions.yaml | 4 ++-- charts/incubator/authentik/templates/_config.tpl | 6 +++--- charts/incubator/authentik/templates/_secret.tpl | 2 +- charts/incubator/authentik/values.yaml | 8 ++++---- 6 files changed, 16 insertions(+), 13 deletions(-) diff --git a/charts/incubator/authentik/Chart.yaml b/charts/incubator/authentik/Chart.yaml index 865dc513445..bd9d3ce15ce 100644 --- a/charts/incubator/authentik/Chart.yaml +++ b/charts/incubator/authentik/Chart.yaml @@ -27,7 +27,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/incubator/authentik - https://github.com/goauthentik/authentik - https://goauthentik.io/docs/ -version: 6.0.0 +version: 6.0.1 annotations: truecharts.org/catagories: | - authentication diff --git a/charts/incubator/authentik/docs/installation_notes.md b/charts/incubator/authentik/docs/installation_notes.md index 0cf991a117e..bbab5b73606 100644 --- a/charts/incubator/authentik/docs/installation_notes.md +++ b/charts/incubator/authentik/docs/installation_notes.md @@ -10,11 +10,12 @@ Enable each outpost by simple setting `enabled` to `true`. Scale users, just have to check the checkbox > You have to create an outpost in the GUI first. +> And afterwards enable it. > Applications > Outposts ### Host -`host` should not need to be overridden. Defaults to `http://localhost:9000` +`host` should not need to be overridden. Defaults to `https://localhost:9443` ### Host Browser @@ -22,4 +23,6 @@ Scale users, just have to check the checkbox ### Token -`token` is only needed if you accidentally deleted it within the UI +`token` is only needed if you accidentally deleted the bootstrap token within the UI. + +> You can get one from Applications > Outposts > View Deployment Info diff --git a/charts/incubator/authentik/questions.yaml b/charts/incubator/authentik/questions.yaml index 681cd63723c..820bdf8f836 100644 --- a/charts/incubator/authentik/questions.yaml +++ b/charts/incubator/authentik/questions.yaml @@ -277,7 +277,7 @@ questions: subquestions: - variable: token label: API Token - description: Generated in the Authentik GUI > Directory > Token & App Passwords + description: You can get this from Applications > Outposts > View Deployment Info schema: type: string private: true @@ -347,7 +347,7 @@ questions: subquestions: - variable: token label: API Token - description: Generated in the Authentik GUI > Directory > Token & App Passwords + description: You can get this from Applications > Outposts > View Deployment Info schema: type: string private: true diff --git a/charts/incubator/authentik/templates/_config.tpl b/charts/incubator/authentik/templates/_config.tpl index 8a9aefb8137..cc02f68e54e 100644 --- a/charts/incubator/authentik/templates/_config.tpl +++ b/charts/incubator/authentik/templates/_config.tpl @@ -6,7 +6,7 @@ {{- $geoipConfigName := printf "%s-geoip-config" (include "tc.common.names.fullname" .) }} {{- $ldapConfigName := printf "%s-ldap-config" (include "tc.common.names.fullname" .) }} {{- $proxyConfigName := printf "%s-proxy-config" (include "tc.common.names.fullname" .) }} -{{ $host := printf "http://localhost:%v" .Values.service.http.ports.http.targetPort }} +{{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }} {{- if .Values.ingress.main.enabled }} {{ $first := (first .Values.ingress.main.hosts) }} {{- if $first }} @@ -98,7 +98,7 @@ metadata: {{- include "tc.common.labels" . | nindent 4 }} data: AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }} - AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "http://localhost:%v" .Values.service.http.ports.http.targetPort) }} + AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }} AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }} AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }} AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }} @@ -115,7 +115,7 @@ metadata: {{- include "tc.common.labels" . | nindent 4 }} data: AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }} - AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "http://localhost:%v" .Values.service.http.ports.http.targetPort) }} + AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }} AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }} AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }} AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }} diff --git a/charts/incubator/authentik/templates/_secret.tpl b/charts/incubator/authentik/templates/_secret.tpl index 000911b166e..5f78c0dc3b3 100644 --- a/charts/incubator/authentik/templates/_secret.tpl +++ b/charts/incubator/authentik/templates/_secret.tpl @@ -5,7 +5,7 @@ {{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.common.names.fullname" .) }} {{- $ldapSecretName := printf "%s-ldap-secret" (include "tc.common.names.fullname" .) }} {{- $proxySecretName := printf "%s-proxy-secret" (include "tc.common.names.fullname" .) }} -{{- $token := randAlphaNum 32 | b64enc }} +{{- $token := randAlphaNum 128 | b64enc }} --- diff --git a/charts/incubator/authentik/values.yaml b/charts/incubator/authentik/values.yaml index e74d9301358..b7c2c086a24 100644 --- a/charts/incubator/authentik/values.yaml +++ b/charts/incubator/authentik/values.yaml @@ -83,9 +83,9 @@ outposts: enabled: false # -- Host Browser by default is set to the first ingress host you set # host_browser: "" - # -- Host should not need to be overridden. Defaults to http://localhost:9000 + # -- Host should not need to be overridden. Defaults to https://localhost:9443 # host: "" - # -- As we use http://localhost:9000 it's an unsecure connection + # -- As we use https://localhost:9443 it's an unsecure connection # insecure: false # -- Token is only needed if you accidentally deleted the token within the UI # token: "" @@ -95,9 +95,9 @@ outposts: enabled: false # -- Host Browser by default is set to the first ingress host you set # host_browser: "" - # -- As we use http://localhost:9000 it's an unsecure connection + # -- As we use https://localhost:9443 it's an unsecure connection # insecure: false - # -- Host should not need to be overridden. Defaults to http://localhost:9000 + # -- Host should not need to be overridden. Defaults to https://localhost:9443 # host: "" # -- Token is only needed if you accidentally deleted the token within the UI # token: ""