charts: stop vendoring postgresql and redis

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
goauthentik · Jan 3, 2024 · 821a2b8 · 821a2b8
1 parent 9422882
commit 821a2b8
Show file tree

Hide file tree

Showing 130 changed files with 66 additions and 14,100 deletions.
diff --git a/charts/authentik/Chart.yaml b/charts/authentik/Chart.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: v2
 version: 2023.10.5
 appVersion: 2023.10.5
@@ -29,12 +30,12 @@ maintainers:
     url: https://goauthentik.io
 dependencies:
   - name: postgresql
-    version: 10.16.2
-    repository: https://charts.goauthentik.io
+    version: 12.12.10
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - name: redis
-    version: 15.7.6
-    repository: https://charts.goauthentik.io
+    version: 18.6.1
+    repository: oci://registry-1.docker.io/bitnamicharts
     condition: redis.enabled
   - name: authentik-remote-cluster
     repository: https://charts.goauthentik.io

diff --git a/charts/authentik/ci/ct-values-hpa.yaml b/charts/authentik/ci/ct-values-hpa.yaml
@@ -1,3 +1,4 @@
+---
 autoscaling:
   server:
     enabled: true
@@ -29,7 +30,8 @@ authentik:
 
 postgresql:
   enabled: false
-  postgresqlPassword: au7h3n71k
+  auth:
+    password: au7h3n71k
   persistence:
     enabled: false
 

diff --git a/charts/authentik/ci/ct-values-min.yaml b/charts/authentik/ci/ct-values-min.yaml
@@ -1,3 +1,4 @@
+---
 replicas: 1
 
 worker:
@@ -26,7 +27,8 @@ authentik:
 
 postgresql:
   enabled: false
-  postgresqlPassword: au7h3n71k
+  auth:
+    password: au7h3n71k
   persistence:
     enabled: false
 

diff --git a/charts/authentik/ci/ct-values-pdb-max.yaml b/charts/authentik/ci/ct-values-pdb-max.yaml
@@ -1,3 +1,4 @@
+---
 pdb:
   server:
     enabled: true
@@ -29,7 +30,8 @@ authentik:
 
 postgresql:
   enabled: false
-  postgresqlPassword: au7h3n71k
+  auth:
+    password: au7h3n71k
   persistence:
     enabled: false
 

diff --git a/charts/authentik/ci/ct-values-pdb-min.yaml b/charts/authentik/ci/ct-values-pdb-min.yaml
@@ -1,3 +1,4 @@
+---
 pdb:
   server:
     enabled: true
@@ -29,7 +30,8 @@ authentik:
 
 postgresql:
   enabled: false
-  postgresqlPassword: au7h3n71k
+  auth:
+    password: au7h3n71k
   persistence:
     enabled: false
 

diff --git a/charts/authentik/ci/ct-values-pr.yaml b/charts/authentik/ci/ct-values-pr.yaml
@@ -1,3 +1,4 @@
+---
 replicas: 1
 
 worker:
@@ -26,7 +27,8 @@ authentik:
 
 postgresql:
   enabled: true
-  postgresqlPassword: au7h3n71k
+  auth:
+    password: au7h3n71k
   persistence:
     enabled: false
 

diff --git a/charts/authentik/ci/ct-values.yaml b/charts/authentik/ci/ct-values.yaml
@@ -1,3 +1,4 @@
+---
 replicas: 1
 
 worker:
@@ -26,7 +27,8 @@ authentik:
 
 postgresql:
   enabled: true
-  postgresqlPassword: au7h3n71k
+  auth:
+    password: au7h3n71k
   persistence:
     enabled: false
 

diff --git a/charts/authentik/templates/secret.yaml b/charts/authentik/templates/secret.yaml
@@ -10,6 +10,9 @@ metadata:
   {{- end }}
 data:
   {{- include "authentik.env" (dict "root" $ "values" $.Values.authentik) | indent 2 }}
+  {{- if and (not $.Values.authentik.postgresql.password) $.Values.postgresql.enabled }}
+  AUTHENTIK_POSTGRESQL__PASSWORD: {{ print "file:///postgresql-credentials/password" | b64enc | quote }}
+  {{- end }}
   {{- if $.Values.geoip.enabled }}
   GEOIPUPDATE_ACCOUNT_ID: {{ required "geoip account id required" $.Values.geoip.accountId | b64enc | quote }}
   GEOIPUPDATE_LICENSE_KEY: {{ required "geoip license key required" $.Values.geoip.licenseKey | b64enc | quote }}

diff --git a/charts/authentik/templates/server-deployment.yaml b/charts/authentik/templates/server-deployment.yaml
@@ -88,6 +88,11 @@ spec:
               {{- toYaml . | nindent 12 }}
             {{- end }}
           volumeMounts:
+          {{- if and (not $.Values.authentik.postgresql.password) $.Values.postgresql.enabled }}
+            - name: postgresql-credentials
+              mountPath: /postgresql-credentials
+              readOnly: true
+          {{- end }}
           {{- if $.Values.geoip.enabled }}
             - name: geoip-db
               mountPath: /geoip
@@ -166,6 +171,11 @@ spec:
         {{- tpl (toYaml $additionalContainers) $ | nindent 8 }}
       {{- end }}
       volumes:
+      {{- if and (not $.Values.authentik.postgresql.password) $.Values.postgresql.enabled }}
+        - name: postgresql-credentials
+          secret:
+            secretName: {{ .Release.Name }}-postgresql
+      {{- end }}
       {{- if $.Values.geoip.enabled }}
         - name: geoip-db
           emptyDir: {}

diff --git a/charts/authentik/templates/worker-deployment.yaml b/charts/authentik/templates/worker-deployment.yaml
@@ -91,6 +91,11 @@ spec:
               {{- toYaml . | nindent 12 }}
             {{- end }}
           volumeMounts:
+          {{- if and (not $.Values.authentik.postgresql.password) $.Values.postgresql.enabled }}
+            - name: postgresql-credentials
+              mountPath: /postgresql-credentials
+              readOnly: true
+          {{- end }}
           {{- if $.Values.geoip.enabled }}
             - name: geoip-db
               mountPath: /geoip
@@ -147,6 +152,11 @@ spec:
         {{- tpl (toYaml $additionalContainers) $ | nindent 8 }}
       {{- end }}
       volumes:
+      {{- if and (not $.Values.authentik.postgresql.password) $.Values.postgresql.enabled }}
+        - name: postgresql-credentials
+          secret:
+            secretName: {{ .Release.Name }}-postgresql
+      {{- end }}
       {{- if $.Values.geoip.enabled }}
         - name: geoip-db
           emptyDir: {}

diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml
@@ -7,7 +7,8 @@ securityContext: {}
 # -- server containerSecurityContext
 containerSecurityContext: {}
 # -- server deployment strategy
-strategy: {}
+strategy:
+  {}
   # type: RollingUpdate
   # rollingUpdate:
   #  maxSurge: 25%
@@ -23,7 +24,8 @@ worker:
   # -- worker containerSecurityContext
   containerSecurityContext: {}
   # -- worker strategy
-  strategy: {}
+  strategy:
+    {}
     # type: RollingUpdate
     # rollingUpdate:
     #  maxSurge: 25%
@@ -269,24 +271,24 @@ geoip:
   # -- server containerSecurityContext
   containerSecurityContext: {}
 postgresql:
-  # -- enable the bundled bitnami postgresql chart
+  # -- enable the Bitnami PostgreSQL chart. Refer to https://github.com/bitnami/charts/blob/main/bitnami/postgresql/ for possible values.
   enabled: false
-  postgresqlMaxConnections: 500
-  postgresqlUsername: "authentik"
-  # postgresqlPassword: ""
-  postgresqlDatabase: "authentik"
-  # persistence:
-  #   enabled: true
-  #   storageClass:
-  #   accessModes:
-  #     - ReadWriteOnce
-  image:
-    tag: 15.4.0-debian-11-r0
+  auth:
+    username: authentik
+    database: authentik
+    # password: ""
+  primary:
+    extendedConfiguration: |
+      max_connections = 500
+    # persistence:
+    #   enabled: true
+    #   storageClass:
+    #   accessModes:
+    #     - ReadWriteOnce
+
 redis:
-  # -- enable the bundled bitnami redis chart
+  # -- enable the Bitnami Redis chart. Refer to https://github.com/bitnami/charts/blob/main/bitnami/redis/ for possible values.
   enabled: false
   architecture: standalone
   auth:
     enabled: false
-  image:
-    tag: 6.2.10-debian-11-r13
diff --git a/charts/postgresql/Chart.yaml b/charts/postgresql/Chart.yaml