diff --git a/.github/scripts/tc-lint.sh b/.github/scripts/tc-lint.sh index 5c5e58a51e4..86fefffabbe 100755 --- a/.github/scripts/tc-lint.sh +++ b/.github/scripts/tc-lint.sh @@ -42,7 +42,9 @@ function check_chart_schema(){ yamale_output=$(yamale --schema .github/chart_schema.yaml "$chart_path/Chart.yaml") yamale_exit_code=$? while IFS= read -r line; do - echo -e "\t$line" + if [[ -n $line ]]; then + echo -e "\t$line" + fi done <<< "$yamale_output" if [ $yamale_exit_code -ne 0 ]; then @@ -61,7 +63,9 @@ function helm_lint(){ helm_lint_output=$(helm lint --quiet "$chart_path") helm_lint_exit_code=$? while IFS= read -r line; do - echo -e "\t$line" + if [[ -n $line ]]; then + echo -e "\t$line" + fi done <<< "$helm_lint_output" if [ $helm_lint_exit_code -ne 0 ]; then @@ -75,12 +79,19 @@ export -f helm_lint function helm_template(){ chart_path=${1:?"No chart path provided to [Helm template]"} + values=${2:-} + + if [[ -n "$values" ]]; then + values="-f $values" + fi # Print only errors and warnings - helm_template_output=$(helm template "$chart_path" 2>&1 >/dev/null) + helm_template_output=$(helm template $values "$chart_path" 2>&1 >/dev/null) helm_template_exit_code=$? while IFS= read -r line; do - echo -e "\t$line" + if [[ -n $line ]]; then + echo -e "\t$line" + fi done <<< "$helm_template_output" if [ $helm_template_exit_code -ne 0 ]; then @@ -98,7 +109,9 @@ function yaml_lint(){ yaml_lint_output=$(yamllint --config-file .github/yaml-lint-conf.yaml "$file_path") yaml_lint_exit_code=$? while IFS= read -r line; do - echo -e "\t$line" + if [[ -n $line ]]; then + echo -e "\t$line" + fi done <<< "$yaml_lint_output" if [ $yaml_lint_exit_code -ne 0 ]; then @@ -132,7 +145,7 @@ function lint_chart(){ for values in $chart_path/ci/*values.yaml; do if [ -f "${values}" ]; then echo "👣 Helm Template - [$values]" - helm_template "$chart_path" -f "$values" + helm_template "$chart_path" "$values" fi done @@ -168,6 +181,7 @@ function lint_chart(){ echo '' } > "$curr_result_file" cat "$curr_result_file" + # $curr_result starts with 0, and it gets set to 1 only when a linting step fails echo $curr_result >> "$status_file" } export -f lint_chart diff --git a/charts/incubator/authentik/Chart.yaml b/charts/incubator/authentik/Chart.yaml index b5722aaf250..91a2d832954 100644 --- a/charts/incubator/authentik/Chart.yaml +++ b/charts/incubator/authentik/Chart.yaml @@ -23,7 +23,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/incubator/authentik - https://github.com/goauthentik/authentik - https://goauthentik.io/docs/ -version: 13.0.3 +version: 13.0.4 annotations: truecharts.org/catagories: | - authentication diff --git a/charts/incubator/authentik/ci/outposts-values.yaml b/charts/incubator/authentik/ci/outposts-values.yaml new file mode 100644 index 00000000000..d62f8b4c083 --- /dev/null +++ b/charts/incubator/authentik/ci/outposts-values.yaml @@ -0,0 +1,18 @@ +authentik: + credentials: + bootstrapToken: some_super_secret_token + outposts: + disableEmbeddedOutpost: true + proxy: + enabled: true + token: some_super_secret_token + radius: + # Can't enable it before creating a + # provider in the GUI + enabled: false + token: some_super_secret_token + ldap: + # Can't enable it before creating a + # provider in the GUI + enabled: false + token: some_super_secret_token diff --git a/charts/incubator/authentik/questions.yaml b/charts/incubator/authentik/questions.yaml index f7ad5614e42..d54793b89a1 100644 --- a/charts/incubator/authentik/questions.yaml +++ b/charts/incubator/authentik/questions.yaml @@ -45,6 +45,17 @@ questions: required: true immutable: true default: "" + - variable: bootstrapToken + label: (Optional) Bootstrap Token + description: | + Set the bootstrap token for the authentik server.
+ Only read on initial install, changing this will have no effect.
+ Only set this token if you plan to use the API right after installation. + schema: + type: string + private: true + immutable: true + default: "" - variable: general label: General schema: diff --git a/charts/incubator/authentik/templates/_config.tpl b/charts/incubator/authentik/templates/_config.tpl index e5b6038f201..849f7e2c8b5 100644 --- a/charts/incubator/authentik/templates/_config.tpl +++ b/charts/incubator/authentik/templates/_config.tpl @@ -41,7 +41,7 @@ server-worker: {{- end -}} {{- with .Values.authentik.email.timeout }} AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }} - {{- end -}} + {{- end }} {{/* LDAP */}} AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS: {{ .Values.authentik.ldap.taskTimeoutHours | quote }} @@ -64,7 +64,7 @@ server-worker: {{- end -}} {{- with .Values.authentik.general.footerLinks }} AUTHENTIK_FOOTER_LINKS: {{ toJson . | squote }} - {{- end -}} + {{- end }} {{/* General */}} AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disableUpdateCheck | quote }} @@ -121,4 +121,5 @@ geoip: GEOIPUPDATE_EDITION_IDS: {{ .Values.authentik.geoip.editionID }} GEOIPUPDATE_FREQUENCY: {{ .Values.authentik.geoip.frequency | quote }} {{- end -}} + {{- end -}} diff --git a/charts/incubator/authentik/templates/_secret.tpl b/charts/incubator/authentik/templates/_secret.tpl index 7d9f3f9a9ef..7104932c349 100644 --- a/charts/incubator/authentik/templates/_secret.tpl +++ b/charts/incubator/authentik/templates/_secret.tpl @@ -22,6 +22,9 @@ server-worker: {{/* Initial credentials */}} AUTHENTIK_BOOTSTRAP_EMAIL: {{ .Values.authentik.credentials.email | quote }} AUTHENTIK_BOOTSTRAP_PASSWORD: {{ .Values.authentik.credentials.password | quote }} + {{- with .Values.authentik.credentials.bootstrapToken }} + AUTHENTIK_BOOTSTRAP_TOKEN: {{ . }} + {{- end }} {{/* Mail */}} {{- with .Values.authentik.email.host }} @@ -35,7 +38,7 @@ server-worker: {{- end -}} {{- with .Values.authentik.email.from }} AUTHENTIK_EMAIL__FROM: {{ . }} - {{- end }} + {{- end -}} {{- if .Values.authentik.geoip.enabled }} geoip: @@ -67,4 +70,5 @@ ldap: data: AUTHENTIK_TOKEN: {{ .Values.authentik.outposts.ldap.token | quote }} {{- end -}} + {{- end -}} diff --git a/charts/incubator/authentik/templates/_waitAuthentik.tpl b/charts/incubator/authentik/templates/_waitAuthentik.tpl new file mode 100644 index 00000000000..b2421746cef --- /dev/null +++ b/charts/incubator/authentik/templates/_waitAuthentik.tpl @@ -0,0 +1,20 @@ +{{- define "authentik.wait.server" -}} +{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}} +{{- $serverUrl := printf "https://%v:%v/-/health/ready/" $fullname .Values.service.main.ports.main.port }} +enabled: true +type: init +imageSelector: alpineImage +command: /bin/sh +args: + - -c + - | + echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..." + until wget --no-check-certificate --spider --quiet "{{ $serverUrl }}"; + do + echo "Waiting Authentik Server [{{ $serverUrl }}] to be ready..." + sleep 3 + done + + echo "Authentik [{{ $serverUrl }}] is ready..." + echo "Starting Outpost..." +{{- end -}} diff --git a/charts/incubator/authentik/templates/common.yaml b/charts/incubator/authentik/templates/common.yaml index d0f9eaacf5b..9f1b6424035 100644 --- a/charts/incubator/authentik/templates/common.yaml +++ b/charts/incubator/authentik/templates/common.yaml @@ -25,6 +25,10 @@ {{- if .Values.authentik.outposts.proxy.enabled -}} {{- $_ := set .Values.workload.proxy "enabled" true -}} + {{- if not .Values.workload.proxy.podSpec.initContainers -}} + {{- $_ := set .Values.workload.proxy.podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .Values.workload.proxy.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}} {{- $_ := set .Values.service.proxy "enabled" true -}} {{- $_ := set .Values.service.proxymetrics "enabled" true -}} {{- $_ := set .Values.metrics.proxymetrics "enabled" true -}} @@ -37,6 +41,10 @@ {{- if .Values.authentik.outposts.radius.enabled -}} {{- $_ := set .Values.workload.radius "enabled" true -}} + {{- if not .Values.workload.radius.podSpec.initContainers -}} + {{- $_ := set .Values.workload.radius.podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .Values.workload.radius.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}} {{- $_ := set .Values.service.radius "enabled" true -}} {{- $_ := set .Values.service.radiusmetrics "enabled" true -}} {{- $_ := set .Values.metrics.radiusmetrics "enabled" true -}} @@ -49,6 +57,10 @@ {{- if .Values.authentik.outposts.ldap.enabled -}} {{- $_ := set .Values.workload.ldap "enabled" true -}} + {{- if not .Values.workload.ldap.podSpec.initContainers -}} + {{- $_ := set .Values.workload.ldap.podSpec "initContainers" dict -}} + {{- end -}} + {{- $_ := set .Values.workload.ldap.podSpec.initContainers "wait-server" (include "authentik.wait.server" . | fromYaml) -}} {{- $_ := set .Values.service.ldap "enabled" true -}} {{- $_ := set .Values.service.ldaps "enabled" true -}} {{- $_ := set .Values.service.ldapmetrics "enabled" true -}} diff --git a/charts/incubator/authentik/values.yaml b/charts/incubator/authentik/values.yaml index cee9a523941..727e4648433 100644 --- a/charts/incubator/authentik/values.yaml +++ b/charts/incubator/authentik/values.yaml @@ -15,7 +15,7 @@ ldapImage: radiusImage: repository: tccr.io/truecharts/authentik-radius - tag: v2023.5.3@sha256:d46f4dbc727d5d6f6c91df0f6a2bf98d2c941de908fdc15193552413331e375b + tag: v2023.5.3@sha256:824415af5e7efa090d716d38b944df3a758df08a78f2dce5a77fd0f12ee41c5c pullPolicy: IfNotPresent proxyImage: @@ -28,6 +28,8 @@ authentik: # Only works on initial install email: my-mail@example.com password: my-password + # Optional, only set if you want to use it + bootstrapToken: "" general: disableUpdateCheck: false disableStartupAnalytics: true @@ -328,36 +330,47 @@ service: port: 10230 # Proxy proxy: + enabled: true + targetSelector: proxy ports: http: + enabled: true protocol: http port: 10227 + targetSelector: proxy https: enabled: true protocol: https port: 10228 + targetSelector: proxy # Radius radius: enabled: true + targetSelector: radius ports: radius: enabled: true protocol: udp + targetSelector: radius port: 1812 # LDAP ldap: enabled: true + targetSelector: ldap ports: ldap: enabled: true port: 389 + targetSelector: ldap # LDAPS ldaps: enabled: true + targetSelector: ldap ports: ldaps: enabled: true port: 636 + targetSelector: ldap # Server Metrics servermetrics: enabled: true @@ -371,30 +384,35 @@ service: radiusmetrics: enabled: true type: ClusterIP + targetSelector: radius ports: radiusmetrics: enabled: true protocol: http port: 10232 + targetSelector: radius # LDAP Metrics ldapmetrics: enabled: true type: ClusterIP + targetSelector: ldap ports: ldapmetrics: enabled: true protocol: http port: 10233 + targetSelector: ldap # Proxy Metrics proxymetrics: enabled: true type: ClusterIP + targetSelector: proxy ports: proxymetrics: enabled: true protocol: http port: 10234 - + targetSelector: proxy persistence: media: enabled: true