outposts: allow better configuration of outpost image name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-29 20:07:53 +02:00
parent 2a409215d3
commit 25c001f2cd
9 changed files with 31 additions and 14 deletions

2
.gitignore vendored
View file

@ -202,3 +202,5 @@ selenium_screenshots/
backups/ backups/
media/ media/
*mmdb *mmdb
.idea/

View file

@ -34,7 +34,10 @@ email:
from: authentik@localhost from: authentik@localhost
outposts: outposts:
docker_image_base: "beryju/authentik" # this is prepended to -proxy:version # Placeholders:
# %(type)s: Outpost type; proxy, ldap, etc
# %(version)s: Current version; 2021.4.1
docker_image_base: "beryju/authentik-%(type)s:%(version)s"
authentik: authentik:
avatars: gravatar # gravatar or none avatars: gravatar # gravatar or none

View file

@ -4,6 +4,8 @@ from dataclasses import dataclass
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from structlog.testing import capture_logs from structlog.testing import capture_logs
from authentik import __version__
from authentik.lib.config import CONFIG
from authentik.lib.sentry import SentryIgnoredException from authentik.lib.sentry import SentryIgnoredException
from authentik.outposts.models import Outpost, OutpostServiceConnection from authentik.outposts.models import Outpost, OutpostServiceConnection
@ -55,3 +57,10 @@ class BaseController:
def get_static_deployment(self) -> str: def get_static_deployment(self) -> str:
"""Return a static deployment configuration""" """Return a static deployment configuration"""
raise NotImplementedError raise NotImplementedError
def get_container_image(self) -> str:
"""Get container image to use for this outpost"""
image_name_template: str = CONFIG.y("outposts.docker_image_base")
return image_name_template.format(
{"type": self.outpost.type, "version": __version__}
)

View file

@ -8,7 +8,6 @@ from docker.models.containers import Container
from yaml import safe_dump from yaml import safe_dump
from authentik import __version__ from authentik import __version__
from authentik.lib.config import CONFIG
from authentik.outposts.controllers.base import BaseController, ControllerException from authentik.outposts.controllers.base import BaseController, ControllerException
from authentik.outposts.models import ( from authentik.outposts.models import (
DockerServiceConnection, DockerServiceConnection,
@ -60,8 +59,7 @@ class DockerController(BaseController):
return self.client.containers.get(container_name), False return self.client.containers.get(container_name), False
except NotFound: except NotFound:
self.logger.info("Container does not exist, creating") self.logger.info("Container does not exist, creating")
image_prefix = CONFIG.y("outposts.docker_image_base") image_name = self.get_container_image()
image_name = f"{image_prefix}-{self.outpost.type}:{__version__}"
self.client.images.pull(image_name) self.client.images.pull(image_name)
container_args = { container_args = {
"image": image_name, "image": image_name,
@ -146,12 +144,12 @@ class DockerController(BaseController):
f"{port.port}:{port.port}/{port.protocol.lower()}" f"{port.port}:{port.port}/{port.protocol.lower()}"
for port in self.deployment_ports for port in self.deployment_ports
] ]
image_prefix = CONFIG.y("outposts.docker_image_base") image_name = self.get_container_image()
compose = { compose = {
"version": "3.5", "version": "3.5",
"services": { "services": {
f"authentik_{self.outpost.type}": { f"authentik_{self.outpost.type}": {
"image": f"{image_prefix}-{self.outpost.type}:{__version__}", "image": image_name,
"ports": ports, "ports": ports,
"environment": { "environment": {
"AUTHENTIK_HOST": self.outpost.config.authentik_host, "AUTHENTIK_HOST": self.outpost.config.authentik_host,

View file

@ -16,8 +16,6 @@ from kubernetes.client import (
V1SecretKeySelector, V1SecretKeySelector,
) )
from authentik import __version__
from authentik.lib.config import CONFIG
from authentik.outposts.controllers.base import FIELD_MANAGER from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import ( from authentik.outposts.controllers.k8s.base import (
KubernetesObjectReconciler, KubernetesObjectReconciler,
@ -75,7 +73,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
) )
meta = self.get_object_meta(name=self.name) meta = self.get_object_meta(name=self.name)
secret_name = f"authentik-outpost-{self.controller.outpost.uuid.hex}-api" secret_name = f"authentik-outpost-{self.controller.outpost.uuid.hex}-api"
image_prefix = CONFIG.y("outposts.docker_image_base") image_name = self.controller.get_container_image()
return V1Deployment( return V1Deployment(
metadata=meta, metadata=meta,
spec=V1DeploymentSpec( spec=V1DeploymentSpec(
@ -87,7 +85,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
containers=[ containers=[
V1Container( V1Container(
name=str(self.outpost.type), name=str(self.outpost.type),
image=f"{image_prefix}-{self.outpost.type}:{__version__}", image=image_name,
ports=container_ports, ports=container_ports,
env=[ env=[
V1EnvVar( V1EnvVar(

View file

@ -4,6 +4,7 @@
|-----------------------------------|-------------------------|-------------| |-----------------------------------|-------------------------|-------------|
| image.name | beryju/authentik | Image used to run the authentik server and worker | | image.name | beryju/authentik | Image used to run the authentik server and worker |
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) | | image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
| image.name_outposts | beryju/authentik-%(type)s:%(version)s | Image used for managed outposts. Placeholders: %(type)s: Outpost type; proxy, ldap, etc. %(version)s: Current version; 2021.4.1 |
| image.tag | 2021.4.4 | Image tag | | image.tag | 2021.4.4 | Image tag |
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments | | image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
| serverReplicas | 1 | Replicas for the Server deployment | | serverReplicas | 1 | Replicas for the Server deployment |

View file

@ -4,7 +4,10 @@
image: image:
name: beryju/authentik name: beryju/authentik
name_static: beryju/authentik-static name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended # Image used for managed outposts. Placeholders:
# %(type)s: Outpost type; proxy, ldap, etc
# %(version)s: Current version; 2021.4.1
name_outposts: "beryju/authentik-%(type)s:%(version)s"
tag: 2021.4.4 tag: 2021.4.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent

View file

@ -20,7 +20,7 @@ Add the following block to your `.env` file:
AUTHENTIK_IMAGE=docker.beryju.org/authentik/server AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
AUTHENTIK_TAG=gh-next AUTHENTIK_TAG=gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik/outpost AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik/outpost-%(type)s:gh-next
``` ```
Afterwards, run the upgrade commands from the latest releasae notes. Afterwards, run the upgrade commands from the latest releasae notes.
@ -32,7 +32,7 @@ Add the following block to your `values.yml` file:
image: image:
name: docker.beryju.org/authentik/server name: docker.beryju.org/authentik/server
name_static: docker.beryju.org/authentik/static name_static: docker.beryju.org/authentik/static
name_outposts: docker.beryju.org/authentik/outpost name_outposts: docker.beryju.org/authentik/outpost-%(type)s:gh-next
tag: gh-next tag: gh-next
# pullPolicy: Always to ensure you always get the latest version # pullPolicy: Always to ensure you always get the latest version
pullPolicy: Always pullPolicy: Always

View file

@ -37,7 +37,10 @@ It is also recommended to configure global email credentials. These are used by
image: image:
name: beryju/authentik name: beryju/authentik
name_static: beryju/authentik-static name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended # Image used for managed outposts. Placeholders:
# %(type)s: Outpost type; proxy, ldap, etc
# %(version)s: Current version; 2021.4.1
name_outposts: "beryju/authentik-%(type)s:%(version)s"
tag: 2021.4.4 tag: 2021.4.4
serverReplicas: 1 serverReplicas: 1