habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wip: rename to authentik (#361)

Browse Source 
* root: initial rename

* web: rename custom element prefix

* root: rename external functions with pb_ prefix

* root: fix formatting

* root: replace domain with goauthentik.io

* proxy: update path

* root: rename remaining prefixes

* flows: rename file extension

* root: pbadmin -> akadmin

* docs: fix image filenames

* lifecycle: ignore migration files

* ci: copy default config from current source before loading last tagged

* *: new sentry dsn

* tests: fix missing python3.9-dev package

* root: add additional migrations for service accounts created by outposts

* core: mark system-created service accounts with attribute

* policies/expression: fix pb_ replacement not working

* web: fix last linting errors, add lit-analyse

* policies/expressions: fix lint errors

* web: fix sidebar display on screens where not all items fit

* proxy: attempt to fix proxy pipeline

* proxy: use go env GOPATH to get gopath

* lib: fix user_default naming inconsistency

* docs: add upgrade docs

* docs: update screenshots to use authentik

* admin: fix create button on empty-state of outpost

* web: fix modal submit not refreshing SiteShell and Table

* web: fix height of app-card and height of generic icon

* web: fix rendering of subtext

* admin: fix version check error not being caught

* web: fix worker count not being shown

* docs: update screenshots

* root: new icon

* web: fix lint error

* admin: fix linting error

* root: migrate coverage config to pyproject
This commit is contained in:
Jens L
2020-12-05 22:08:42 +01:00
committed by GitHub
parent 810a7ab50b
commit 1cfe1aff13
989 changed files with 6425 additions and 4412 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
helm/Chart.yaml
View File

@ -1,11 +1,11 @@
apiVersion: v2
description: passbook is an open-source Identity Provider focused on flexibility and versatility. You can use passbook in an existing environment to add support for new protocols. passbook is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.
name: passbook
home: https://passbook.beryju.org
description: authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols. authentik is also a great solution for implementing signup/recovery/etc in your application, so you don't have to deal with it.
name: authentik
home: https://goauthentik.io
sources:
- https://github.com/BeryJu/passbook
- https://github.com/BeryJu/authentik
version: "0.12.11-stable"
icon: https://raw.githubusercontent.com/BeryJu/passbook/master/website/static/img/logo.svg
icon: https://raw.githubusercontent.com/BeryJu/authentik/master/icons/icon.svg
dependencies:
- name: postgresql
version: 9.4.1

14
helm/README.md
View File

@ -1,28 +1,28 @@
# passbook Helm Chart
# authentik Helm Chart
| Name | Default | Description |
|-----------------------------------|-------------------------|-------------|
| image.name | beryju/passbook | Image used to run the passbook server and worker |
| image.name_static | beryju/passbook-static | Image used to run the passbook static server (CSS and JS Files) |
| image.name | beryju/authentik | Image used to run the authentik server and worker |
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
| image.tag | 0.12.5-stable | Image tag |
| serverReplicas | 1 | Replicas for the Server deployment |
| workerReplicas | 1 | Replicas for the Worker deployment |
| kubernetesIntegration | true | Enable/disable the Kubernetes integration for passbook. This will create a service account for passbook to create and update outposts in passbook |
| kubernetesIntegration | true | Enable/disable the Kubernetes integration for authentik. This will create a service account for authentik to create and update outposts in authentik |
| config.secretKey | | Secret key used to sign session cookies, generate with `pwgen 50 1` for example. |
| config.errorReporting.enabled | false | Enable/disable error reporting |
| config.errorReporting.environment | customer | Environment sent with the error reporting |
| config.errorReporting.sendPii | false | Whether to send Personally-identifiable data with the error reporting |
| config.logLevel | warning | Log level of passbook |
| config.logLevel | warning | Log level of authentik |
| backup.accessKey | | Optionally enable S3 Backup, Access Key |
| backup.secretKey | | Optionally enable S3 Backup, Secret Key |
| backup.bucket | | Optionally enable S3 Backup, Bucket |
| backup.region | | Optionally enable S3 Backup, Region |
| backup.host | | Optionally enable S3 Backup, to custom Endpoint like minio |
| ingress.annotations | {} | Annotations for the ingress object |
| ingress.hosts | [passbook.k8s.local] | Hosts which the ingress will match |
| ingress.hosts | [authentik.k8s.local] | Hosts which the ingress will match |
| ingress.tls | [] | TLS Configuration, same as Ingress objects |
| install.postgresql | true | Enables/disables the packaged PostgreSQL Chart
| install.redis | true | Enables/disables the packaged Redis Chart
| postgresql.postgresqlPassword | | Password used for PostgreSQL, generated automatically.
For more info, see https://passbook.beryju.org/ and https://passbook.beryju.org/docs/installation/kubernetes/
For more info, see https://goauthentik.io/ and https://goauthentik.io/docs/installation/kubernetes/

4
helm/templates/NOTES.txt
View File

@ -1,5 +1,5 @@
1. Access passbook using the following URL:
1. Access authentik using the following URL:
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
2. Login to passbook using the user "pbadmin" and the password "pbadmin".
2. Login to authentik using the user "akadmin" and the password "akadmin".

6
helm/templates/_helpers.tpl
View File

@ -2,7 +2,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "passbook.name" -}}
{{- define "authentik.name" -}}
{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
@ -11,7 +11,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "passbook.fullname" -}}
{{- define "authentik.fullname" -}}
{{- $name := default .Chart.Name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
@ -23,6 +23,6 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "passbook.chart" -}}
{{- define "authentik.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

2
helm/templates/configmap.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "passbook.fullname" . }}-config
name: {{ include "authentik.fullname" . }}-config
data:
POSTGRESQL__HOST: "{{ .Release.Name }}-postgresql"
POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}"

6
helm/templates/ingress.yaml
View File

@ -1,11 +1,11 @@
{{- $fullName := include "passbook.fullname" . -}}
{{- $fullName := include "authentik.fullname" . -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
helm.sh/chart: {{ include "passbook.chart" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}

6
helm/templates/pvc.yaml
View File

@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "passbook.fullname" . }}-uploads
name: {{ include "authentik.fullname" . }}-uploads
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
helm.sh/chart: {{ include "passbook.chart" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:

2
helm/templates/secret.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "passbook.fullname" . }}-secret-key
name: {{ include "authentik.fullname" . }}-secret-key
data:
monitoring_username: bW9uaXRvcg== # monitor in base64
{{- if .Values.config.secretKey }}

10
helm/templates/service-account.yaml
View File

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "passbook.fullname" . }}-sa-role
name: {{ include "authentik.fullname" . }}-sa-role
rules:
- apiGroups:
- ""
@ -47,18 +47,18 @@ rules:
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "passbook.fullname" . }}-sa
name: {{ include "authentik.fullname" . }}-sa
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "passbook.fullname" . }}-sa-role-binding
name: {{ include "authentik.fullname" . }}-sa-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "passbook.fullname" . }}-sa-role
name: {{ include "authentik.fullname" . }}-sa-role
subjects:
- kind: ServiceAccount
name: {{ include "passbook.fullname" . }}-sa
name: {{ include "authentik.fullname" . }}-sa
namespace: {{ .Release.Namespace }}
{{- end }}

22
helm/templates/static-deployment.yaml
View File

@ -1,25 +1,25 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "passbook.fullname" . }}-static
name: {{ include "authentik.fullname" . }}-static
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
helm.sh/chart: {{ include "passbook.chart" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
k8s.passbook.beryju.org/component: static
k8s.goauthentik.io/component: static
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: static
k8s.goauthentik.io/component: static
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: static
k8s.goauthentik.io/component: static
spec:
containers:
- name: {{ .Chart.Name }}-static
@ -49,9 +49,9 @@ spec:
cpu: 20m
memory: 20M
volumeMounts:
- name: passbook-uploads
- name: authentik-uploads
mountPath: /usr/share/nginx/html/media
volumes:
- name: passbook-uploads
- name: authentik-uploads
persistentVolumeClaim:
claimName: {{ include "passbook.fullname" . }}-uploads
claimName: {{ include "authentik.fullname" . }}-uploads

12
helm/templates/static-service.yaml
View File

@ -1,13 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "passbook.fullname" . }}-static
name: {{ include "authentik.fullname" . }}-static
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
helm.sh/chart: {{ include "passbook.chart" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
k8s.passbook.beryju.org/component: static
k8s.goauthentik.io/component: static
spec:
type: ClusterIP
ports:
@ -16,6 +16,6 @@ spec:
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: static
k8s.goauthentik.io/component: static

56
helm/templates/web-deployment.yaml
View File

@ -1,26 +1,26 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "passbook.fullname" . }}-web
name: {{ include "authentik.fullname" . }}-web
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
helm.sh/chart: {{ include "passbook.chart" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
k8s.passbook.beryju.org/component: web
k8s.goauthentik.io/component: web
spec:
replicas: {{ .Values.serverReplicas }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: web
k8s.goauthentik.io/component: web
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: web
k8s.goauthentik.io/component: web
spec:
affinity:
podAntiAffinity:
@ -32,36 +32,36 @@ spec:
- key: app.kubernetes.io/name
operator: In
values:
- {{ include "passbook.name" . }}
- {{ include "authentik.name" . }}
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
- key: k8s.passbook.beryju.org/component
- key: k8s.goauthentik.io/component
operator: In
values:
- web
topologyKey: "kubernetes.io/hostname"
initContainers:
- name: passbook-database-migrations
- name: authentik-database-migrations
image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
args: [migrate]
envFrom:
- configMapRef:
name: {{ include "passbook.fullname" . }}-config
prefix: PASSBOOK_
name: {{ include "authentik.fullname" . }}-config
prefix: AUTHENTIK_
env:
- name: PASSBOOK_SECRET_KEY
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "passbook.fullname" . }}-secret-key
name: {{ include "authentik.fullname" . }}-secret-key
key: secret_key
- name: PASSBOOK_REDIS__PASSWORD
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-redis"
key: redis-password
- name: PASSBOOK_POSTGRESQL__PASSWORD
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-postgresql"
@ -72,26 +72,26 @@ spec:
args: [server]
envFrom:
- configMapRef:
name: {{ include "passbook.fullname" . }}-config
prefix: PASSBOOK_
name: {{ include "authentik.fullname" . }}-config
prefix: AUTHENTIK_
env:
- name: PASSBOOK_SECRET_KEY
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ include "passbook.fullname" . }}-secret-key"
name: "{{ include "authentik.fullname" . }}-secret-key"
key: "secret_key"
- name: PASSBOOK_REDIS__PASSWORD
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-redis"
key: "redis-password"
- name: PASSBOOK_POSTGRESQL__PASSWORD
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-postgresql"
key: "postgresql-password"
volumeMounts:
- name: passbook-uploads
- name: authentik-uploads
mountPath: /media
ports:
- name: http
@ -103,14 +103,14 @@ spec:
port: http
httpHeaders:
- name: Host
value: passbook-healthcheck-host
value: authentik-healthcheck-host
readinessProbe:
httpGet:
path: /
port: http
httpHeaders:
- name: Host
value: passbook-healthcheck-host
value: authentik-healthcheck-host
resources:
requests:
cpu: 100m
@ -119,6 +119,6 @@ spec:
cpu: 300m
memory: 500M
volumes:
- name: passbook-uploads
- name: authentik-uploads
persistentVolumeClaim:
claimName: {{ include "passbook.fullname" . }}-uploads
claimName: {{ include "authentik.fullname" . }}-uploads

12
helm/templates/web-service.yaml
View File

@ -1,13 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "passbook.fullname" . }}-web
name: {{ include "authentik.fullname" . }}-web
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "passbook.chart" . }}
k8s.passbook.beryju.org/component: web
helm.sh/chart: {{ include "authentik.chart" . }}
k8s.goauthentik.io/component: web
spec:
type: ClusterIP
ports:
@ -16,6 +16,6 @@ spec:
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: web
k8s.goauthentik.io/component: web

34
helm/templates/worker-deployment.yaml
View File

@ -1,29 +1,29 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "passbook.fullname" . }}-worker
name: {{ include "authentik.fullname" . }}-worker
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
helm.sh/chart: {{ include "passbook.chart" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
helm.sh/chart: {{ include "authentik.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
k8s.passbook.beryju.org/component: worker
k8s.goauthentik.io/component: worker
spec:
replicas: {{ .Values.workerReplicas }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: worker
k8s.goauthentik.io/component: worker
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "passbook.name" . }}
app.kubernetes.io/name: {{ include "authentik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.passbook.beryju.org/component: worker
k8s.goauthentik.io/component: worker
spec:
{{- if .Values.kubernetesIntegration }}
serviceAccountName: {{ include "passbook.fullname" . }}-sa
serviceAccountName: {{ include "authentik.fullname" . }}-sa
{{- end }}
affinity:
podAntiAffinity:
@ -35,12 +35,12 @@ spec:
- key: app.kubernetes.io/name
operator: In
values:
- {{ include "passbook.name" . }}
- {{ include "authentik.name" . }}
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
- key: k8s.passbook.beryju.org/component
- key: k8s.goauthentik.io/component
operator: In
values:
- worker
@ -52,20 +52,20 @@ spec:
args: [worker]
envFrom:
- configMapRef:
name: "{{ include "passbook.fullname" . }}-config"
prefix: "PASSBOOK_"
name: "{{ include "authentik.fullname" . }}-config"
prefix: "AUTHENTIK_"
env:
- name: PASSBOOK_SECRET_KEY
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ include "passbook.fullname" . }}-secret-key"
name: "{{ include "authentik.fullname" . }}-secret-key"
key: secret_key
- name: PASSBOOK_REDIS__PASSWORD
- name: AUTHENTIK_REDIS__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-redis"
key: "redis-password"
- name: PASSBOOK_POSTGRESQL__PASSWORD
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Release.Name }}-postgresql"

4
helm/values.test.yaml
View File

@ -11,9 +11,9 @@ config:
ingress:
hosts:
- passbook.127.0.0.1.nip.io
- authentik.127.0.0.1.nip.io
# These values influence the bundled postgresql and redis charts, but are also used by passbook to connect
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
postgresql:
postgresqlPassword: EK-5jnKfjrGRm<77

18
helm/values.yaml
View File

@ -1,16 +1,16 @@
###################################
# Values directly affecting passbook
# Values directly affecting authentik
###################################
image:
name: beryju/passbook
name_static: beryju/passbook-static
name_outposts: beryju/passbook # Prefix used for Outpost deployments, Outpost type and version is appended
name: beryju/authentik
name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 0.12.11-stable
serverReplicas: 1
workerReplicas: 1
# Enable the Kubernetes integration which lets passbook deploy outposts into kubernetes
# Enable the Kubernetes integration which lets authentik deploy outposts into kubernetes
kubernetesIntegration: true
config:
@ -38,11 +38,11 @@ ingress:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- passbook.k8s.local
- authentik.k8s.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - passbook.k8s.local
# - authentik.k8s.local
###################################
# Values controlling dependencies
@ -52,9 +52,9 @@ install:
postgresql: true
redis: true
# These values influence the bundled postgresql and redis charts, but are also used by passbook to connect
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
postgresql:
postgresqlDatabase: passbook
postgresqlDatabase: authentik
redis:
cluster: