Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authentik: add option to set serviceaccount #253

Merged
merged 4 commits into from
May 23, 2024
Merged

authentik: add option to set serviceaccount #253

merged 4 commits into from
May 23, 2024

Conversation

wrenix
Copy link
Contributor

@wrenix wrenix commented Mar 13, 2024
edited

I like to follow security guide lines, which say nobody should use the "default" serviceAccount of an namespace ...

so i like to create my own serviceAccount and assign it with this helm-chart.

PS: maybe it is also needed for #146

@wrenix wrenix requested a review from a team as a code owner March 13, 2024 18:34
rissson
rissson requested changes Mar 14, 2024
View reviewed changes
charts/authentik/templates/worker/deployment.yaml Outdated Show resolved Hide resolved
charts/authentik/Chart.yaml Outdated Show resolved Hide resolved
BeryJu
BeryJu reviewed Mar 14, 2024
View reviewed changes
Copy link
Member

@BeryJu BeryJu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for the server container we could just not mount a service account at all since it doesn't need one. Although I suppose that would only change the defaults as there might still be usecases where someone might want to mount a service account themselves

@wrenix
Copy link
Contributor Author

wrenix commented Apr 6, 2024
edited

That is not BSI conform to use default serviceAccount, take a look in:
APP.4.4.A9 Nutzung von Kubernetes Service-Accounts

https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/IT-GS-Kompendium_Einzel_PDFs_2022/06_APP_Anwendungen/APP_4_4_Kubernetes_Edition_2022.pdf?__blob=publicationFile&v=3

if you prefer to stop using the mount of the serviceaccount, it will break additional feature which user of this helm-chart could needed (e.g. #146).

@rissson
fix(authentik): add option to set serviceaccount
6d30ff4 
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: WrenIX <133280015+wrenix@users.noreply.github.com>
@rissson
revert version change
46e03c3 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson
some nitpicks
e39bb2e 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson
readme
98af493 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson rissson changed the title fix(authentik): add option to set serviceaccount authentik: add option to set serviceaccount May 21, 2024
@rissson rissson requested a review from BeryJu May 21, 2024 11:37
@rissson rissson self-assigned this May 21, 2024
@BeryJu BeryJu merged commit 48ae13f into goauthentik:main May 23, 2024
1 of 2 checks passed
@wrenix
Copy link
Contributor Author

wrenix commented May 26, 2024

we miss the version bump -> does anybody create one, or should i create a PullRequest for it.

@rissson
Copy link
Member

rissson commented May 26, 2024

We bump the chart when we release authentik

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rissson rissson rissson approved these changes

@BeryJu BeryJu Awaiting requested review from BeryJu

Assignees

@rissson rissson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wrenix @rissson @BeryJu