-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authentik chart rework #230
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rissson
force-pushed
the
full-rework
branch
9 times, most recently
from
January 3, 2024 14:10
821a2b8
to
8953aa7
Compare
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
rissson
force-pushed
the
full-rework
branch
12 times, most recently
from
January 5, 2024 23:57
4bf6338
to
008bd0c
Compare
The only thing missing I want to add is examples of values, but that can be done after a first round of review. Good luck 💙 |
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
…dentials Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
7 tasks
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
BeryJu
approved these changes
Feb 15, 2024
6 tasks
Nice work, thanks for this :) |
This was referenced Feb 29, 2024
bidluo
added a commit
to bidluo/Home-GitOps
that referenced
this pull request
Mar 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Major Helm chart rework to allow for more configurability and extension in the future.
Closes #218
Closes #109
Closes #227
Closes #221
Closes #216
Closes #168
Closes #209
Closes #219
Closes #94
Closes #170
Closes #229
Closes #200
Closes #232
Everything after this is to be included in the release notes
Breaking changes
The vendored Bitnami PostgreSQL and Redis Helm charts have been removed and now use upstream versions.
The PostgreSQL Helm chart has been updated from 10.16.2 to 12.12.10. The full diff is here but is quite large. We recommend checking out the upstream release notes for the 11.x.x and 12.x.x upgrades. Among the changes you may be required to do, the
postgresql.persistence
key has been renamed topostgresql.primary.persistence
,postgresql.postgresqlPassword
topostgresql.auth.password
,postgresql.existingSecret
topostgresql.auth.existingSecret
. Note that this update does not change the major version of PostgreSQL, so no manual intervention is required on that side.The Redis Helm chart has been updated from 15.7.6 to 18.6.1. The full diff is here but is quite large. We recommend checking out the upstream release notes for the 16.x.x, 17.x.x and 18.x.x upgrades. If you do not have any custom values, no action is required. Not that this upgrades the major Redis version from 6 to 7, and thus no rollback is possible.
Ingress versions before
networking.k8s.io/v1
are not supported anymore.blueprints
has been renamed toblueprints.configMaps
andblueprints.secrets
has been added to import blueprints from secrets.image
has been renamed toglobal.image
, and can now be overridden for the server and worker withserver.image
andworker.image
.image.pullSecrets
has been renamed toglobal.imagePullSecrets
, and can now be overridden for the server and worker withserver.imagePullSecrets
andworker.imagePullSecrets
.annotations
has been renamedglobal.deploymentAnnotations
, and additional annotations can now be configured for only the server or worker withserver.deploymentAnnotations
andworker.deploymentAnnotations
.podAnnotations
has been renamedglobal.podAnnotations
, and additional annotations can now be configured for only the server or worker withserver.podAnnotations
andworker.podAnnotations
.nodeSelector
has been renamed toglobal.nodeSelector
, and can now be overridden for the server and worker withserver.nodeSelector
andworker.nodeSelector
.tolerations
has been renamed toglobal.tolerations
, and can now be overridden for the server and worker withserver.tolerations
andworker.tolerations
.affinity
has been removed and replaced by the reworkedglobal.affinity
which pre-sets affinity rules. It is possible override those rules for the server and worker withserver.affinity
andworker.affinity
.env
,envValueFrom
andenvFrom
have been removed and replaced byglobal.env
andglobal.envFrom
.global.env
now puts the configured list directly into the deployment, without modifications as the previous setting used to do. It is now also possible to pass environment variables to only the server or worker withserver.env
,worker.env
,server.envFrom
andworker.envFrom
.additionalContainers
has been removed and replaced byserver.extraContainers
andworker.extraContainers
. The previous dictionary must now be a list andname
is a required property.initContainers
has been removed and replaced byserver.initContainers
andworker.initContainers
. The previous dictionary must now be a list andname
is a required property.volumes
andvolumeMounts
have been renamed toglobal.volumes
andglobal.volumeMounts
. Additionally,server.volumes
,worker.volumes
,server.volumeMounts
andworker.volumeMounts
have been added.replicas
has been renamed toserver.replicas
.strategy
has been renamed toserver.deploymentStrategy
.worker.strategy
has been renamed toworker.deploymentStrategy
.global.deploymentStrategy
has been added to configure deployment strategy for all authentik deployments.priorityClassName
has been renamed toserver.priorityClassName
. Also,server.priorityClassName
andworker.priorityClassName
can be used withglobal.priorityClassName
.containerSecurityContext
has been renamed toserver.containerSecurityContext
.livenessProbe
,readinessProbe
andstartupProbe
have been renamed toserver.livenessProbe
,server.readinessProbe
andserver.startupProbe
. Additionally, theenabled
option of those has been removed. If you need to disable those, you can doserver.readinessProbe: ~
in your values. Also, some defaults have been reworked.autoscaling.server
has been renamed toserver.autoscaling
andautoscaling.worker
has been renamed toworker.autoscaling
.pdb.server
has been renamed toserver.pdb
andpdb.worker
has been renamed toworker.pdb
.resources.server
has been renamed toserver.resources
andresources.worker
has been renamed toworker.resources
.service
has been renamedserver.service
. Inside the service definition,port
has been renamedservicePortHttp
,nodePort
has been renamednodePortHttp
,name
has been renamed toservicePortHttpName
,protocol
has been removed. A lot of options have been added to customize it.prometheus.serviceMonitor
has been renamed toserver.metrics.serviceMonitor
. Inside the service monitor definition,create
has been renamed toenabled
.prometheus.rules.create
has been renamed toprometheus.rules.enabled
. Additional options have also been added for more configurability.ingress
has been renamed toserver.ingress
. Additionally, thehosts
key has been replaced by a list of hosts and paths, instead of a stand-in for an ingress definition. Additional keys are now also available for more configurability.The
geoip.image
has been broken up into a dictionary following the other images definitions.The GeoIP image repository has been changed from docker.io/maxmindinc/geoipupdate to ghcr.io/maxmind/geoipupdate. The image version has been ugpraded from 4.8 to 6.0.0
New features
global.additionalLabels
has been added for labels to be applied to all resources.Add
global.revisionHistoryLimit
for the number of deployment ReplicaSets to retain.global.podLabels
,server.podLabels
andworker.podLabels
have been added to configure extra labels to add the the deployed pods.global.addPrometheusAnnotations
allows for Prometheus annotations to be added to metrics services. This can be used as an alternative to the ServiceMonitors.global.securityContext
has been added to define pod-level security context for all deployed pods.global.topologySpreadConstraints
has been added to define topology spread constraints rules for all components.The
autoscaling
configuration has gained some more configurability. Check out the values.yaml for more information.server.terminationGracePeriodSeconds
has been added and is set to a value of 30 by default.Add the ability to use an existing secret for GeoIP credentials with
geoip.existingSecret
.additionalObjects
has been added to allow deploying other Kubernetes objects.