Merge pull request #27 from goauthentik/v3.0.0

README.md

@@ -5,8 +5,8 @@
 ---
 
 [![](https://img.shields.io/discord/809154715984199690?label=Discord&style=for-the-badge)](https://discord.gg/jg33eMhnj6)
-![Version: 2.3.2](https://img.shields.io/badge/Version-2.3.2-informational?style=for-the-badge)
-![AppVersion: 2021.8.4](https://img.shields.io/badge/AppVersion-2021.8.4-informational?style=for-the-badge)
+![Version: 3.0.0-rc1](https://img.shields.io/badge/Version-3.0.0-rc1-informational?style=for-the-badge)
+![AppVersion: 2021.9.1-rc1](https://img.shields.io/badge/AppVersion-2021.9.1-rc1-informational?style=for-the-badge)
 
 authentik is an open-source Identity Provider focused on flexibility and versatility
 
@@ -55,16 +55,15 @@ redis:
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 |
-| https://charts.bitnami.com/bitnami | redis | 14.1.1 |
+| https://charts.bitnami.com/bitnami | postgresql | 10.9.5 |
+| https://charts.bitnami.com/bitnami | redis | 15.3.2 |
 | https://library-charts.k8s-at-home.com | common | 2.4.0 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | affinity applied to the deployments |
-| authentik.authentik | object | `{"geoip":"/geoip/GeoLite2-City.mmdb"}` | Deprecated, use `authentik.geoip` instead of `authentik.authentik.geoip` |
 | authentik.avatars | string | `"gravatar"` | Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none' |
 | authentik.email.from | string | `""` | Email from address, can either be in the format "[email protected]" or "authentik <[email protected]>" |
 | authentik.email.host | string | `""` | SMTP Server emails are sent from, fully optional |
@@ -101,12 +100,12 @@ redis:
 | geoip.accountId | string | `""` | sign up under https://www.maxmind.com/en/geolite2/signup |
 | geoip.editionIds | string | `"GeoLite2-City"` |  |
 | geoip.enabled | bool | `false` | optional GeoIP, deploys a cronjob to download the maxmind database |
-| geoip.image | string | `"maxmindinc/geoipupdate:v4.7"` |  |
+| geoip.image | string | `"maxmindinc/geoipupdate:v4.8"` |  |
 | geoip.licenseKey | string | `""` | sign up under https://www.maxmind.com/en/geolite2/signup |
 | geoip.updateInterval | int | `8` | number of hours between update runs |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/goauthentik/server"` |  |
-| image.tag | string | `"2021.8.4"` |  |
+| image.tag | string | `"2021.9.1-rc1"` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.hosts[0].host | string | `"authentik.domain.tld"` |  |
@@ -126,9 +125,6 @@ redis:
 | prometheus.serviceMonitor.create | bool | `false` |  |
 | prometheus.serviceMonitor.interval | string | `"30s"` |  |
 | prometheus.serviceMonitor.scrapeTimeout | string | `"3s"` |  |
-| prometheus.serviceMonitor.secret.name | string | `""` |  |
-| prometheus.serviceMonitor.secret.passwordKey | string | `"password"` | password is the secret key |
-| prometheus.serviceMonitor.secret.usernameKey | string | `"username"` | username *value* currently _MUST_ be "monitor" |
 | readinessProbe.enabled | bool | `true` |  |
 | readinessProbe.httpGet.path | string | `"/-/health/ready/"` |  |
 | readinessProbe.httpGet.port | string | `"http"` |  |

charts/authentik/Chart.yaml

@@ -16,8 +16,8 @@ keywords:
   - ldap
   - idp
   - sp
-version: 2.3.2
-appVersion: 2021.8.4
+version: 3.0.0-rc1
+appVersion: 2021.9.1-rc1
 icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
 maintainers:
   - name: BeryJu
@@ -28,11 +28,11 @@ maintainers:
     url: https://github.com/dirtycajunrice
 dependencies:
   - name: postgresql
-    version: 10.4.2
+    version: 10.9.5
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
   - name: redis
-    version: 14.1.1
+    version: 15.3.2
     repository: https://charts.bitnami.com/bitnami
     condition: redis.enabled
   - name: common
@@ -41,7 +41,11 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: Don't use lifecycle: sidecar for geoip
+      description: Use new, dedicated metrics port without authentication
+    - kind: removed
+      description: Remove deprecated field authentik.authentik.geoip
+    - kind: changed
+      description: Update dependency charts
   artifacthub.io/license: GPL-3.0-only
   artifacthub.io/links: |
     - name: Github
@@ -57,8 +61,8 @@ annotations:
       url: https://github.com/dirtycajunrice
   artifacthub.io/images: |
     - name: authentik
-      image: ghcr.io/goauthentik/server:2021.8.4
+      image: ghcr.io/goauthentik/server:2021.9.1-rc1
     - name: authentik-outpost-proxy
-      image: ghcr.io/goauthentik/proxy:2021.8.4
+      image: ghcr.io/goauthentik/proxy:2021.9.1-rc1
     - name: authentik-outpost-ldap
-      image: ghcr.io/goauthentik/ldap:2021.8.4
+      image: ghcr.io/goauthentik/ldap:2021.9.1-rc1

charts/authentik/README.md

@@ -5,8 +5,8 @@
 ---
 
 [![](https://img.shields.io/discord/809154715984199690?label=Discord&style=for-the-badge)](https://discord.gg/jg33eMhnj6)
-![Version: 2.3.2](https://img.shields.io/badge/Version-2.3.2-informational?style=for-the-badge)
-![AppVersion: 2021.8.4](https://img.shields.io/badge/AppVersion-2021.8.4-informational?style=for-the-badge)
+![Version: 3.0.0-rc1](https://img.shields.io/badge/Version-3.0.0-rc1-informational?style=for-the-badge)
+![AppVersion: 2021.9.1-rc1](https://img.shields.io/badge/AppVersion-2021.9.1-rc1-informational?style=for-the-badge)
 
 authentik is an open-source Identity Provider focused on flexibility and versatility
 
@@ -55,16 +55,15 @@ redis:
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 |
-| https://charts.bitnami.com/bitnami | redis | 14.1.1 |
+| https://charts.bitnami.com/bitnami | postgresql | 10.9.5 |
+| https://charts.bitnami.com/bitnami | redis | 15.3.2 |
 | https://library-charts.k8s-at-home.com | common | 2.4.0 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | affinity applied to the deployments |
-| authentik.authentik | object | `{"geoip":"/geoip/GeoLite2-City.mmdb"}` | Deprecated, use `authentik.geoip` instead of `authentik.authentik.geoip` |
 | authentik.avatars | string | `"gravatar"` | Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none' |
 | authentik.email.from | string | `""` | Email from address, can either be in the format "[email protected]" or "authentik <[email protected]>" |
 | authentik.email.host | string | `""` | SMTP Server emails are sent from, fully optional |
@@ -101,12 +100,12 @@ redis:
 | geoip.accountId | string | `""` | sign up under https://www.maxmind.com/en/geolite2/signup |
 | geoip.editionIds | string | `"GeoLite2-City"` |  |
 | geoip.enabled | bool | `false` | optional GeoIP, deploys a cronjob to download the maxmind database |
-| geoip.image | string | `"maxmindinc/geoipupdate:v4.7"` |  |
+| geoip.image | string | `"maxmindinc/geoipupdate:v4.8"` |  |
 | geoip.licenseKey | string | `""` | sign up under https://www.maxmind.com/en/geolite2/signup |
 | geoip.updateInterval | int | `8` | number of hours between update runs |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/goauthentik/server"` |  |
-| image.tag | string | `"2021.8.4"` |  |
+| image.tag | string | `"2021.9.1-rc1"` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.hosts[0].host | string | `"authentik.domain.tld"` |  |
@@ -126,9 +125,6 @@ redis:
 | prometheus.serviceMonitor.create | bool | `false` |  |
 | prometheus.serviceMonitor.interval | string | `"30s"` |  |
 | prometheus.serviceMonitor.scrapeTimeout | string | `"3s"` |  |
-| prometheus.serviceMonitor.secret.name | string | `""` |  |
-| prometheus.serviceMonitor.secret.passwordKey | string | `"password"` | password is the secret key |
-| prometheus.serviceMonitor.secret.usernameKey | string | `"username"` | username *value* currently _MUST_ be "monitor" |
 | readinessProbe.enabled | bool | `true` |  |
 | readinessProbe.httpGet.path | string | `"/-/health/ready/"` |  |
 | readinessProbe.httpGet.port | string | `"http"` |  |

charts/authentik/README.md.gotmpl

@@ -5,8 +5,8 @@
 ---
 
 [![](https://img.shields.io/discord/809154715984199690?label=Discord&style=for-the-badge)](https://discord.gg/jg33eMhnj6)
-![Version: 2.3.2](https://img.shields.io/badge/Version-2.3.2-informational?style=for-the-badge)
-![AppVersion: 2021.8.4](https://img.shields.io/badge/AppVersion-2021.8.4-informational?style=for-the-badge)
+![Version: 3.0.0-rc1](https://img.shields.io/badge/Version-3.0.0-rc1-informational?style=for-the-badge)
+![AppVersion: 2021.9.1-rc1](https://img.shields.io/badge/AppVersion-2021.9.1-rc1-informational?style=for-the-badge)
 
 {{ template "chart.deprecationWarning" . }}
 

charts/authentik/ci/ct-values.yaml

@@ -5,7 +5,7 @@ worker:
 
 image:
   repository: ghcr.io/goauthentik/server
-  tag: 2021.8.4
+  tag: 2021.9.1-rc1
   pullPolicy: IfNotPresent
 
 ingress:

charts/authentik/templates/deployment.yaml

@@ -62,6 +62,9 @@ spec:
             - name: http
               containerPort: 9000
               protocol: TCP
+            - name: http-metrics
+              containerPort: 9300
+              protocol: TCP
             - name: https
               containerPort: 9443
               protocol: TCP

charts/authentik/templates/prom-service-monitor.yaml

@@ -7,21 +7,8 @@ metadata:
   name: {{ include "common.names.fullname" . }}
 spec:
   endpoints:
-    - basicAuth:
-        password:
-          name: {{ required "serviceMonitor secret name is required" .Values.prometheus.serviceMonitor.secret.name }}
-          key: {{ required "serviceMonitor secret password key is required"  .Values.prometheus.serviceMonitor.secret.passwordKey }}
-        username:
-          name: {{ required "serviceMonitor secret name is required" .Values.prometheus.serviceMonitor.secret.name }}
-          key: {{ required "serviceMonitor secret username key is required" .Values.prometheus.serviceMonitor.secret.usernameKey }}
-      port: http
-      path: /metrics/
+    - port: http-metrics
       scrapeTimeout: {{ .Values.prometheus.serviceMonitor.scrapeTimeout }}
-      # TODO: add bearerToken auth option
-      # bearerTokenSecret:
-      #   key: secret-key
-      #   name: secret
-      #   optional: false
       interval: {{ .Values.prometheus.serviceMonitor.interval }}
   selector:
     matchLabels:

charts/authentik/templates/rbac.yaml

@@ -68,6 +68,16 @@ rules:
       - delete
       - list
       - patch
+  - apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+    verbs:
+      - get
+      - create
+      - delete
+      - list
+      - patch
   - apiGroups:
       - apiextensions.k8s.io
     resources:

charts/authentik/templates/service.yaml

@@ -42,6 +42,10 @@ spec:
   publishNotReadyAddresses: {{ . }}
   {{- end }}
   ports:
+    - port: 9100
+      name: http-metrics
+      protocol: TCP
+      targetPort: http-metrics
     - port: {{ .Values.service.port }}
       targetPort: {{ .Values.service.name }}
       protocol: {{ .Values.service.protocol }}

charts/authentik/values.yaml

@@ -7,7 +7,7 @@ worker:
 
 image:
   repository: ghcr.io/goauthentik/server
-  tag: 2021.8.4
+  tag: 2021.9.1-rc1
   pullPolicy: IfNotPresent
 
 ingress:
@@ -22,9 +22,6 @@ ingress:
           pathType: Prefix
 
 authentik:
-  # -- Deprecated, use `authentik.geoip` instead of `authentik.authentik.geoip`
-  authentik:
-    geoip: /geoip/GeoLite2-City.mmdb
   # -- Log level for server and worker
   log_level: info
   # -- Secret key used for cookie singing and unique user IDs,
@@ -163,12 +160,6 @@ prometheus:
     create: false
     interval: 30s
     scrapeTimeout: 3s
-    secret:
-      name: ""
-      # -- username *value* currently _MUST_ be "monitor"
-      usernameKey: username
-      # -- password is the secret key
-      passwordKey: password
   rules:
     create: false