update remote-cluster chart (#142)

charts/authentik-remote-cluster/Chart.yaml

@@ -1,43 +1,40 @@
 apiVersion: v2
+version: 1.1.0
+appVersion: 2021.10.2
 name: authentik-remote-cluster
 description: RBAC required for a remote cluster to be connected to authentik.
 type: application
-version: 1.0.3
-appVersion: "2021.10.2"
 home: https://goauthentik.io
 sources:
-  - https://github.com/goauthentik/authentik
   - https://goauthentik.io/docs/
+  - https://github.com/goauthentik/authentik
 keywords:
-  - proxy
-  - oauth
   - authentication
-  - saml
-  - sso
+  - directory
   - identity
-  - single-sign-on
-  - ldap
   - idp
+  - ldap
+  - oauth
+  - oidc
+  - proxy
+  - saml
+  - scim
+  - single-sign-on
   - sp
-icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
+  - sso
+icon: https://goauthentik.io/img/icon.png
 maintainers:
-  - name: BeryJu
-    email: jens@beryju.org
-    url: https://github.com/BeryJu
-  - name: dirtycajunrice
-    email: nick@cajun.pro
-    url: https://github.com/dirtycajunrice
+  - name: authentik Team
+    email: hello@goauthentik.io
+    url: https://goauthentik.io
 annotations:
-  artifacthub.io/license: GPL-3.0-only
+  artifacthub.io/license: MIT
   artifacthub.io/links: |
     - name: Github
       url: https://github.com/goauthentik/authentik
     - name: Docs
       url: https://goauthentik.io/docs/
   artifacthub.io/maintainers: |
-    - name: Jens L. BeryJu
-      email: jens@beryju.org
-      url: https://beryju.org
-    - name: Nicholas St. Germain
-      email: nick@cajun.pro
-      url: https://github.com/dirtycajunrice
+    - name: authentik Team
+      email: hello@goauthentik.io
+      url: https://goauthentik.io

charts/authentik-remote-cluster/README.md

@@ -16,13 +16,12 @@ RBAC required for a remote cluster to be connected to authentik.
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| BeryJu | <jens@beryju.org> | <https://github.com/BeryJu> |
-| dirtycajunrice | <nick@cajun.pro> | <https://github.com/dirtycajunrice> |
+| authentik Team | <hello@goauthentik.io> | <https://goauthentik.io> |
 
 ## Source Code
 
-* <https://github.com/goauthentik/authentik>
 * <https://goauthentik.io/docs/>
+* <https://github.com/goauthentik/authentik>
 
 ## Values
 

charts/authentik-remote-cluster/templates/_helpers.tpl

@@ -11,6 +11,9 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "authentik-remote-cluster.fullname" -}}
+{{- if not .Chart.IsRoot }}
+{{- .Release.Name }}
+{{- else }}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -22,6 +25,7 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
@@ -42,3 +46,11 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
+
+{{- define "authentik-remote-cluster.api-verbs-rw" -}}
+- get
+- create
+- delete
+- list
+- patch
+{{- end -}}

charts/authentik-remote-cluster/templates/cluster-role-binding.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "authentik-remote-cluster.fullname" . }}
+  name: {{ include "authentik-remote-cluster.fullname" . }}-{{ .Release.Namespace }}
   labels:
     {{- include "authentik-remote-cluster.labels" . | nindent 4 }}
   {{- with .Values.annotations }}
@@ -11,7 +11,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "authentik-remote-cluster.fullname" . }}
+  name: {{ include "authentik-remote-cluster.fullname" . }}-{{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "authentik-remote-cluster.fullname" . }}

charts/authentik-remote-cluster/templates/cluster-role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "authentik-remote-cluster.fullname" . }}
+  name: {{ include "authentik-remote-cluster.fullname" . }}-{{ .Release.Namespace }}
   labels:
     {{- include "authentik-remote-cluster.labels" . | nindent 4 }}
   {{- with .Values.annotations }}

charts/authentik-remote-cluster/templates/role.yaml

@@ -16,54 +16,29 @@ rules:
       - secrets
       - services
       - configmaps
-    verbs:
-      - get
-      - create
-      - delete
-      - list
-      - patch
+    verbs: {{- include "authentik-remote-cluster.api-verbs-rw" . | nindent 6 }}
   - apiGroups:
       - extensions
       - apps
     resources:
       - deployments
-    verbs:
-      - get
-      - create
-      - delete
-      - list
-      - patch
+    verbs: {{- include "authentik-remote-cluster.api-verbs-rw" . | nindent 6 }}
   - apiGroups:
       - extensions
       - networking.k8s.io
     resources:
       - ingresses
-    verbs:
-      - get
-      - create
-      - delete
-      - list
-      - patch
+    verbs: {{- include "authentik-remote-cluster.api-verbs-rw" . | nindent 6 }}
   - apiGroups:
       - traefik.containo.us
     resources:
       - middlewares
-    verbs:
-      - get
-      - create
-      - delete
-      - list
-      - patch
+    verbs: {{- include "authentik-remote-cluster.api-verbs-rw" . | nindent 6 }}
   - apiGroups:
       - monitoring.coreos.com
     resources:
       - servicemonitors
-    verbs:
-      - get
-      - create
-      - delete
-      - list
-      - patch
+    verbs: {{- include "authentik-remote-cluster.api-verbs-rw" . | nindent 6 }}
   - apiGroups:
       - apiextensions.k8s.io
     resources: