chore(authentik): test outposts on CI (#9721)

**Description**
<!--
Please include a summary of the change and which issue is fixed. Please
also include relevant motivation and context. List any dependencies that
are required for this change.
-->
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
This commit is contained in:
Stavros Kois
2023-06-17 19:12:45 +03:00
committed by GitHub
parent 19a136f636
commit f07098cdfb
9 changed files with 110 additions and 12 deletions

View File

@@ -42,7 +42,9 @@ function check_chart_schema(){
yamale_output=$(yamale --schema .github/chart_schema.yaml "$chart_path/Chart.yaml")
yamale_exit_code=$?
while IFS= read -r line; do
echo -e "\t$line"
if [[ -n $line ]]; then
echo -e "\t$line"
fi
done <<< "$yamale_output"
if [ $yamale_exit_code -ne 0 ]; then
@@ -61,7 +63,9 @@ function helm_lint(){
helm_lint_output=$(helm lint --quiet "$chart_path")
helm_lint_exit_code=$?
while IFS= read -r line; do
echo -e "\t$line"
if [[ -n $line ]]; then
echo -e "\t$line"
fi
done <<< "$helm_lint_output"
if [ $helm_lint_exit_code -ne 0 ]; then
@@ -75,12 +79,19 @@ export -f helm_lint
function helm_template(){
chart_path=${1:?"No chart path provided to [Helm template]"}
values=${2:-}
if [[ -n "$values" ]]; then
values="-f $values"
fi
# Print only errors and warnings
helm_template_output=$(helm template "$chart_path" 2>&1 >/dev/null)
helm_template_output=$(helm template $values "$chart_path" 2>&1 >/dev/null)
helm_template_exit_code=$?
while IFS= read -r line; do
echo -e "\t$line"
if [[ -n $line ]]; then
echo -e "\t$line"
fi
done <<< "$helm_template_output"
if [ $helm_template_exit_code -ne 0 ]; then
@@ -98,7 +109,9 @@ function yaml_lint(){
yaml_lint_output=$(yamllint --config-file .github/yaml-lint-conf.yaml "$file_path")
yaml_lint_exit_code=$?
while IFS= read -r line; do
echo -e "\t$line"
if [[ -n $line ]]; then
echo -e "\t$line"
fi
done <<< "$yaml_lint_output"
if [ $yaml_lint_exit_code -ne 0 ]; then
@@ -132,7 +145,7 @@ function lint_chart(){
for values in $chart_path/ci/*values.yaml; do
if [ -f "${values}" ]; then
echo "👣 Helm Template - [$values]"
helm_template "$chart_path" -f "$values"
helm_template "$chart_path" "$values"
fi
done
@@ -168,6 +181,7 @@ function lint_chart(){
echo ''
} > "$curr_result_file"
cat "$curr_result_file"
# $curr_result starts with 0, and it gets set to 1 only when a linting step fails
echo $curr_result >> "$status_file"
}
export -f lint_chart

View File

@@ -23,7 +23,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/authentik
- https://github.com/goauthentik/authentik
- https://goauthentik.io/docs/
version: 13.0.3
version: 13.0.4
annotations:
truecharts.org/catagories: |
- authentication

View File

@@ -0,0 +1,18 @@
authentik:
credentials:
bootstrapToken: some_super_secret_token
outposts:
disableEmbeddedOutpost: true
proxy:
enabled: true
token: some_super_secret_token
radius:
# Can't enable it before creating a
# provider in the GUI
enabled: false
token: some_super_secret_token
ldap:
# Can't enable it before creating a
# provider in the GUI
enabled: false
token: some_super_secret_token

View File

@@ -45,6 +45,17 @@ questions:
required: true
immutable: true
default: ""
- variable: bootstrapToken
label: (Optional) Bootstrap Token
description: |
Set the bootstrap token for the authentik server.</br>
Only read on initial install, changing this will have no effect. </br>
Only set this token if you plan to use the API right after installation.
schema:
type: string
private: true
immutable: true
default: ""
- variable: general
label: General
schema:

View File

@@ -41,7 +41,7 @@ server-worker:
{{- end -}}
{{- with .Values.authentik.email.timeout }}
AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
{{- end -}}
{{- end }}
{{/* LDAP */}}
AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS: {{ .Values.authentik.ldap.taskTimeoutHours | quote }}
@@ -64,7 +64,7 @@ server-worker:
{{- end -}}
{{- with .Values.authentik.general.footerLinks }}
AUTHENTIK_FOOTER_LINKS: {{ toJson . | squote }}
{{- end -}}
{{- end }}
{{/* General */}}
AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disableUpdateCheck | quote }}
@@ -121,4 +121,5 @@ geoip:
GEOIPUPDATE_EDITION_IDS: {{ .Values.authentik.geoip.editionID }}
GEOIPUPDATE_FREQUENCY: {{ .Values.authentik.geoip.frequency | quote }}
{{- end -}}
{{- end -}}

View File

@@ -22,6 +22,9 @@ server-worker:
{{/* Initial credentials */}}
AUTHENTIK_BOOTSTRAP_EMAIL: {{ .Values.authentik.credentials.email | quote }}
AUTHENTIK_BOOTSTRAP_PASSWORD: {{ .Values.authentik.credentials.password | quote }}
{{- with .Values.authentik.credentials.bootstrapToken }}
AUTHENTIK_BOOTSTRAP_TOKEN: {{ . }}
{{- end }}
{{/* Mail */}}
{{- with .Values.authentik.email.host }}
@@ -35,7 +38,7 @@ server-worker:
{{- end -}}
{{- with .Values.authentik.email.from }}
AUTHENTIK_EMAIL__FROM: {{ . }}
{{- end }}
{{- end -}}
{{- if .Values.authentik.geoip.enabled }}
geoip:
@@ -67,4 +70,5 @@ ldap:
data:
AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.ldap.token | quote }}
{{- end -}}
{{- end -}}

View File

@@ -0,0 +1,20 @@
{{- define "authentik.wait.server" -}}
{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- $serverUrl := printf "https://%v:%v/-/health/ready/" $fullname .Values.service.main.ports.main.port }}
enabled: true
type: init
imageSelector: alpineImage
command: /bin/sh
args:
- -c
- |
echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
until wget --no-check-certificate --spider --quiet "{{ $serverUrl }}";
do
echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..."
sleep 3
done
echo "Authentik [{{ $serverUrl }}] is ready..."
echo "Starting Outpost..."
{{- end -}}

View File

@@ -25,6 +25,10 @@
{{- if .Values.authentik.outposts.proxy.enabled -}}
{{- $_ := set .Values.workload.proxy "enabled" true -}}
{{- if not .Values.workload.proxy.podSpec.initContainers -}}
{{- $_ := set .Values.workload.proxy.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.proxy.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.proxy "enabled" true -}}
{{- $_ := set .Values.service.proxymetrics "enabled" true -}}
{{- $_ := set .Values.metrics.proxymetrics "enabled" true -}}
@@ -37,6 +41,10 @@
{{- if .Values.authentik.outposts.radius.enabled -}}
{{- $_ := set .Values.workload.radius "enabled" true -}}
{{- if not .Values.workload.radius.podSpec.initContainers -}}
{{- $_ := set .Values.workload.radius.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.radius.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.radius "enabled" true -}}
{{- $_ := set .Values.service.radiusmetrics "enabled" true -}}
{{- $_ := set .Values.metrics.radiusmetrics "enabled" true -}}
@@ -49,6 +57,10 @@
{{- if .Values.authentik.outposts.ldap.enabled -}}
{{- $_ := set .Values.workload.ldap "enabled" true -}}
{{- if not .Values.workload.ldap.podSpec.initContainers -}}
{{- $_ := set .Values.workload.ldap.podSpec "initContainers" dict -}}
{{- end -}}
{{- $_ := set .Values.workload.ldap.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}}
{{- $_ := set .Values.service.ldap "enabled" true -}}
{{- $_ := set .Values.service.ldaps "enabled" true -}}
{{- $_ := set .Values.service.ldapmetrics "enabled" true -}}

View File

@@ -15,7 +15,7 @@ ldapImage:
radiusImage:
repository: tccr.io/truecharts/authentik-radius
tag: v2023.5.3@sha256:d46f4dbc727d5d6f6c91df0f6a2bf98d2c941de908fdc15193552413331e375b
tag: v2023.5.3@sha256:824415af5e7efa090d716d38b944df3a758df08a78f2dce5a77fd0f12ee41c5c
pullPolicy: IfNotPresent
proxyImage:
@@ -28,6 +28,8 @@ authentik:
# Only works on initial install
email: my-mail@example.com
password: my-password
# Optional, only set if you want to use it
bootstrapToken: ""
general:
disableUpdateCheck: false
disableStartupAnalytics: true
@@ -328,36 +330,47 @@ service:
port: 10230
# Proxy
proxy:
enabled: true
targetSelector: proxy
ports:
http:
enabled: true
protocol: http
port: 10227
targetSelector: proxy
https:
enabled: true
protocol: https
port: 10228
targetSelector: proxy
# Radius
radius:
enabled: true
targetSelector: radius
ports:
radius:
enabled: true
protocol: udp
targetSelector: radius
port: 1812
# LDAP
ldap:
enabled: true
targetSelector: ldap
ports:
ldap:
enabled: true
port: 389
targetSelector: ldap
# LDAPS
ldaps:
enabled: true
targetSelector: ldap
ports:
ldaps:
enabled: true
port: 636
targetSelector: ldap
# Server Metrics
servermetrics:
enabled: true
@@ -371,30 +384,35 @@ service:
radiusmetrics:
enabled: true
type: ClusterIP
targetSelector: radius
ports:
radiusmetrics:
enabled: true
protocol: http
port: 10232
targetSelector: radius
# LDAP Metrics
ldapmetrics:
enabled: true
type: ClusterIP
targetSelector: ldap
ports:
ldapmetrics:
enabled: true
protocol: http
port: 10233
targetSelector: ldap
# Proxy Metrics
proxymetrics:
enabled: true
type: ClusterIP
targetSelector: proxy
ports:
proxymetrics:
enabled: true
protocol: http
port: 10234
targetSelector: proxy
persistence:
media:
enabled: true