Merge pull request #2 from goauthentik/rc2

v1.0.0-RC2

.github/workflows/charts-lint-test.yaml → .github/workflows/lint-test.yaml

@@ -1,4 +1,4 @@
-name: "Charts: Lint and test"
+name: "Lint and Test Chart"
 
 on:
   pull_request:
@@ -8,13 +8,13 @@ on:
       - '!charts/**/README.md.gotmpl'
 
 jobs:
-  lint-test:
+  lint-and-test:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
         with:
-          fetch-depth: 0
+          fetch-depth: "0"
 
       - name: Set up Helm
         uses: azure/setup-helm@v1
@@ -31,17 +31,17 @@ jobs:
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed)
+          changed=$(ct list-changed  --config ct.yaml)
           if [[ -n "$changed" ]]; then
             echo "::set-output name=changed::true"
           fi
 
       - name: Run chart-testing (lint)
-        run: ct lint
+        run: ct lint --config ct.yaml
 
       - name: Create kind cluster
         uses: helm/kind-action@v1.1.0
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install)
-        run: ct install
+        run: ct install --config ct.yaml

.github/workflows/release.yaml

@@ -0,0 +1,29 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+jobs:
+  release:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config --global user.name "$GITHUB_ACTOR"
+          git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.5.4
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.2.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

README.md

@@ -0,0 +1,105 @@
+# authentik
+
+![Version: 1.0.0-RC2](https://img.shields.io/badge/Version-1.0.0--RC2-informational?style=flat-square) ![AppVersion: 2021.4.5](https://img.shields.io/badge/AppVersion-2021.4.5-informational?style=flat-square)
+
+authentik is an open-source Identity Provider focused on flexibility and versatility.
+
+**Homepage:** <https://goauthentik.io>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| BeryJu | jens@beryju.org |  |
+| dirtycajunrice | nick@cajun.pro | https://github.com/DirtyCajunRice |
+
+## Source Code
+
+* <https://github.com/goauthentik/authentik>
+* <https://goauthentik.io/docs/>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 |
+| https://charts.bitnami.com/bitnami | redis | 14.1.1 |
+| https://library-charts.k8s-at-home.com | common | 2.4.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| authentik.email.from | string | `""` |  |
+| authentik.email.host | string | `""` |  |
+| authentik.email.port | string | `""` |  |
+| authentik.email.timeout | string | `""` |  |
+| authentik.email.use_ssl | string | `""` |  |
+| authentik.email.use_tls | string | `""` |  |
+| authentik.email.username | string | `""` |  |
+| authentik.error_reporting.enabled | bool | `false` |  |
+| authentik.error_reporting.environment | string | `""` |  |
+| authentik.error_reporting.send_pii | string | `""` |  |
+| authentik.log_level | string | `""` |  |
+| authentik.outposts.docker_image_base | string | `""` |  |
+| authentik.postgresql.database | string | `""` |  |
+| authentik.postgresql.host | string | `""` |  |
+| authentik.postgresql.s3_backup.access_key | string | `""` |  |
+| authentik.postgresql.s3_backup.bucket | string | `""` |  |
+| authentik.postgresql.s3_backup.host | string | `""` |  |
+| authentik.postgresql.s3_backup.region | string | `""` |  |
+| authentik.postgresql.user | string | `""` |  |
+| authentik.redis.host | string | `""` |  |
+| authentik.redis.password | string | `""` |  |
+| authentik.secret_key | string | `""` |  |
+| env | object | `{}` |  |
+| envFrom | list | `[]` |  |
+| geoip.accountId | string | `""` |  |
+| geoip.editionIds | string | `"GeoLite2-City"` |  |
+| geoip.enabled | bool | `false` |  |
+| geoip.licenseKey | string | `""` |  |
+| geoip.schedule | string | `"0 */8 * * *"` |  |
+| image.name | string | `"beryju//authentik"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.tag | string | `"2021.4.5"` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"authentik.domain.tld"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.ingressClassName | string | `""` |  |
+| ingress.labels | object | `{}` |  |
+| livenessProbe.enabled | bool | `true` |  |
+| livenessProbe.httpGet.path | string | `"/-/health/live/"` |  |
+| livenessProbe.httpGet.port | string | `"http"` |  |
+| livenessProbe.initialDelaySeconds | int | `15` |  |
+| livenessProbe.periodSeconds | int | `30` |  |
+| postgresql.enabled | bool | `false` |  |
+| prometheus.rules.create | bool | `false` |  |
+| prometheus.serviceMonitor.create | bool | `false` |  |
+| prometheus.serviceMonitor.interval | string | `"10s"` |  |
+| prometheus.serviceMonitor.scrapeTimeout | string | `"3s"` |  |
+| prometheus.serviceMonitor.secret.name | string | `""` |  |
+| prometheus.serviceMonitor.secret.passwordKey | string | `""` |  |
+| prometheus.serviceMonitor.secret.usernameKey | string | `""` |  |
+| readinessProbe.enabled | bool | `true` |  |
+| readinessProbe.httpGet.path | string | `"/-/health/ready/"` |  |
+| readinessProbe.httpGet.port | string | `"http"` |  |
+| readinessProbe.initialDelaySeconds | int | `15` |  |
+| readinessProbe.periodSeconds | int | `30` |  |
+| redis.auth.enabled | bool | `false` |  |
+| redis.enabled | bool | `false` |  |
+| replicas | int | `1` |  |
+| resources.server | object | `{}` |  |
+| resources.worker | object | `{}` |  |
+| service.annotations | object | `{}` |  |
+| service.enabled | bool | `true` |  |
+| service.labels | object | `{}` |  |
+| service.name | string | `"http"` |  |
+| service.port | int | `80` |  |
+| service.protocol | string | `"TCP"` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.create | bool | `true` |  |
+| volumeMounts | list | `[]` |  |
+| volumes | list | `[]` |  |

charts/authentik/Chart.yaml

@@ -4,14 +4,16 @@ name: authentik
 home: https://goauthentik.io
 sources:
   - https://github.com/goauthentik/authentik
-version: 1.0.0-RC1
+  - https://goauthentik.io/docs/
+version: 1.0.0-RC2
 appVersion: 2021.4.5
 icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
 maintainers:
   - name: BeryJu
     email: jens@beryju.org
   - name: dirtycajunrice
     email: nick@cajun.pro
+    url: https://github.com/DirtyCajunRice
 dependencies:
   - name: postgresql
     version: 10.4.2
@@ -29,6 +31,8 @@ annotations:
   artifacthub.io/links: |
     - name: Github
       url: https://github.com/goauthentik/authentik
+    - name: Docs
+      url: https://goauthentik.io/docs/
   artifacthub.io/maintainers: |
     - name: Jens L. BeryJu
       email: jens@beryju.org

charts/authentik/README.md

@@ -1,46 +1,105 @@
-# authentik Helm Chart
-
-| Name                              | Default                 | Description |
-|-----------------------------------|-------------------------|-------------|
-| image.name                        | beryju/authentik        | Image used to run the authentik server and worker |
-| image.name_static                 | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
-| image.tag                         | 2021.4.3                | Image tag |
-| image.pullPolicy                  | IfNotPresent            | Image Pull Policy used for all deployments |
-| serverReplicas                    | 1                       | Replicas for the Server deployment |
-| workerReplicas                    | 1                       | Replicas for the Worker deployment |
-| kubernetesIntegration             | true                    | Enable/disable the Kubernetes integration for authentik. This will create a service account for authentik to create and update outposts in authentik |
-| config.secretKey                  |                         | Secret key used to sign session cookies, generate with `pwgen 50 1` or `openssl rand -base64 36` for example. |
-| config.errorReporting.enabled     | false                   | Enable/disable error reporting |
-| config.errorReporting.environment | customer                | Environment sent with the error reporting |
-| config.errorReporting.sendPii     | false                   | Whether to send Personally-identifiable data with the error reporting |
-| config.logLevel                   | warning                 | Log level of authentik |
-| config.email.host                 | localhost               | SMTP Host Emails are sent to |
-| config.email.port                 | 25                      | SMTP Port Emails are sent to |
-| config.email.username             |                         | SMTP Username |
-| config.email.password             |                         | SMTP Password |
-| config.email.use_tls              | false                   | Enable StartTLS |
-| config.email.use_ssl              | false                   | Enable SSL |
-| config.email.timeout              | 10                      | SMTP Timeout |
-| config.email.from                 | authentik@localhost     | Email address authentik will send from, should have a correct @domain |
-| pvc.mode                          | ReadWriteMany           | Mode that the PVCs are created in (uploads and GeoIP, if enabled) |
-| pvc.uploadsSize                   | 5Gi                     | Size for the uploads PVC |
-| pvc.uploadsStorageClass           | null                    | Storage class for the uploads PVC (default: use default storage class) |
-| pvc.geoIpSize                     | 1Gi                     | Size for the GeoIP PVC |
-| pvc.geoIpStorageClass             | null                    | Storage class for the GeoIP PVC (default: use default storage class) |
-| geoip.enabled                     | false                   | Optionally enable GeoIP |
-| geoip.accountId                   |                         | GeoIP MaxMind Account ID |
-| geoip.licenseKey                  |                         | GeoIP MaxMind License key |
-| geoip.image                       | maxmindinc/geoipupdate:latest  | GeoIP Updater image |
-| backup.accessKey                  |                         | Optionally enable S3 Backup, Access Key |
-| backup.secretKey                  |                         | Optionally enable S3 Backup, Secret Key |
-| backup.bucket                     |                         | Optionally enable S3 Backup, Bucket |
-| backup.region                     |                         | Optionally enable S3 Backup, Region |
-| backup.host                       |                         | Optionally enable S3 Backup, to custom Endpoint like minio |
-| ingress.annotations               | {}                      | Annotations for the ingress object |
-| ingress.hosts                     | [authentik.k8s.local]   | Hosts which the ingress will match |
-| ingress.tls                       | []                      | TLS Configuration, same as Ingress objects |
-| install.postgresql                | true                    | Enables/disables the packaged PostgreSQL Chart
-| install.redis                     | true                    | Enables/disables the packaged Redis Chart
-| postgresql.postgresqlPassword     |                         | Password used for PostgreSQL, generated automatically.
-
-For more info, see https://goauthentik.io/ and https://goauthentik.io/docs/installation/kubernetes/
+# authentik
+
+![Version: 1.0.0-RC2](https://img.shields.io/badge/Version-1.0.0--RC2-informational?style=flat-square) ![AppVersion: 2021.4.5](https://img.shields.io/badge/AppVersion-2021.4.5-informational?style=flat-square)
+
+authentik is an open-source Identity Provider focused on flexibility and versatility.
+
+**Homepage:** <https://goauthentik.io>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| BeryJu | jens@beryju.org |  |
+| dirtycajunrice | nick@cajun.pro | https://github.com/DirtyCajunRice |
+
+## Source Code
+
+* <https://github.com/goauthentik/authentik>
+* <https://goauthentik.io/docs/>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 |
+| https://charts.bitnami.com/bitnami | redis | 14.1.1 |
+| https://library-charts.k8s-at-home.com | common | 2.4.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| authentik.email.from | string | `""` |  |
+| authentik.email.host | string | `""` |  |
+| authentik.email.port | string | `""` |  |
+| authentik.email.timeout | string | `""` |  |
+| authentik.email.use_ssl | string | `""` |  |
+| authentik.email.use_tls | string | `""` |  |
+| authentik.email.username | string | `""` |  |
+| authentik.error_reporting.enabled | bool | `false` |  |
+| authentik.error_reporting.environment | string | `""` |  |
+| authentik.error_reporting.send_pii | string | `""` |  |
+| authentik.log_level | string | `""` |  |
+| authentik.outposts.docker_image_base | string | `""` |  |
+| authentik.postgresql.database | string | `""` |  |
+| authentik.postgresql.host | string | `""` |  |
+| authentik.postgresql.s3_backup.access_key | string | `""` |  |
+| authentik.postgresql.s3_backup.bucket | string | `""` |  |
+| authentik.postgresql.s3_backup.host | string | `""` |  |
+| authentik.postgresql.s3_backup.region | string | `""` |  |
+| authentik.postgresql.user | string | `""` |  |
+| authentik.redis.host | string | `""` |  |
+| authentik.redis.password | string | `""` |  |
+| authentik.secret_key | string | `""` |  |
+| env | object | `{}` |  |
+| envFrom | list | `[]` |  |
+| geoip.accountId | string | `""` |  |
+| geoip.editionIds | string | `"GeoLite2-City"` |  |
+| geoip.enabled | bool | `false` |  |
+| geoip.licenseKey | string | `""` |  |
+| geoip.schedule | string | `"0 */8 * * *"` |  |
+| image.name | string | `"beryju//authentik"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.tag | string | `"2021.4.5"` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"authentik.domain.tld"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.ingressClassName | string | `""` |  |
+| ingress.labels | object | `{}` |  |
+| livenessProbe.enabled | bool | `true` |  |
+| livenessProbe.httpGet.path | string | `"/-/health/live/"` |  |
+| livenessProbe.httpGet.port | string | `"http"` |  |
+| livenessProbe.initialDelaySeconds | int | `15` |  |
+| livenessProbe.periodSeconds | int | `30` |  |
+| postgresql.enabled | bool | `false` |  |
+| prometheus.rules.create | bool | `false` |  |
+| prometheus.serviceMonitor.create | bool | `false` |  |
+| prometheus.serviceMonitor.interval | string | `"10s"` |  |
+| prometheus.serviceMonitor.scrapeTimeout | string | `"3s"` |  |
+| prometheus.serviceMonitor.secret.name | string | `""` |  |
+| prometheus.serviceMonitor.secret.passwordKey | string | `""` |  |
+| prometheus.serviceMonitor.secret.usernameKey | string | `""` |  |
+| readinessProbe.enabled | bool | `true` |  |
+| readinessProbe.httpGet.path | string | `"/-/health/ready/"` |  |
+| readinessProbe.httpGet.port | string | `"http"` |  |
+| readinessProbe.initialDelaySeconds | int | `15` |  |
+| readinessProbe.periodSeconds | int | `30` |  |
+| redis.auth.enabled | bool | `false` |  |
+| redis.enabled | bool | `false` |  |
+| replicas | int | `1` |  |
+| resources.server | object | `{}` |  |
+| resources.worker | object | `{}` |  |
+| service.annotations | object | `{}` |  |
+| service.enabled | bool | `true` |  |
+| service.labels | object | `{}` |  |
+| service.name | string | `"http"` |  |
+| service.port | int | `80` |  |
+| service.protocol | string | `"TCP"` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.create | bool | `true` |  |
+| volumeMounts | list | `[]` |  |
+| volumes | list | `[]` |  |

charts/authentik/README.md.gotmpl

@@ -0,0 +1,16 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}