Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(helm-chart)!: Update Helm release authentik to 2024.2.1 #1980

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

klaus-renovate[bot]
Copy link
Contributor

This PR contains the following updates:

Package Update Change
authentik (source) major 2023.10.4 -> 2024.2.1

Release Notes

goauthentik/helm (authentik)

v2024.2.1

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

Full Changelog: goauthentik/helm@authentik-2024.2.0...authentik-2024.2.1

v2024.2.0

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

Breaking changes

The vendored Bitnami PostgreSQL and Redis Helm charts have been removed and now use upstream versions.

The PostgreSQL Helm chart has been updated from 10.16.2 to 12.12.10. The full diff is here but is quite large. We recommend checking out the upstream release notes for the 11.x.x and 12.x.x upgrades. Among the changes you may be required to do, the postgresql.persistence key has been renamed to postgresql.primary.persistence, postgresql.postgresqlPassword to postgresql.auth.password, postgresql.existingSecret to postgresql.auth.existingSecret. Note that this update does not change the major version of PostgreSQL, so no manual intervention is required on that side.

The Redis Helm chart has been updated from 15.7.6 to 18.6.1. The full diff is here but is quite large. We recommend checking out the upstream release notes for the 16.x.x, 17.x.x and 18.x.x upgrades. If you do not have any custom values, no action is required. Not that this upgrades the major Redis version from 6 to 7, and thus no rollback is possible.

Ingress versions before networking.k8s.io/v1 are not supported anymore.

blueprints has been renamed to blueprints.configMaps and blueprints.secrets has been added to import blueprints from secrets.

image has been renamed to global.image, and can now be overridden for the server and worker with server.image and worker.image.

image.pullSecrets has been renamed to global.imagePullSecrets, and can now be overridden for the server and worker with server.imagePullSecrets and worker.imagePullSecrets.

annotations has been renamed global.deploymentAnnotations, and additional annotations can now be configured for only the server or worker with server.deploymentAnnotations and worker.deploymentAnnotations.

podAnnotations has been renamed global.podAnnotations, and additional annotations can now be configured for only the server or worker with server.podAnnotations and worker.podAnnotations.

nodeSelector has been renamed to global.nodeSelector, and can now be overridden for the server and worker with server.nodeSelector and worker.nodeSelector.

tolerations has been renamed to global.tolerations, and can now be overridden for the server and worker with server.tolerations and worker.tolerations.

affinity has been removed and replaced by the reworked global.affinity which pre-sets affinity rules. It is possible override those rules for the server and worker with server.affinity and worker.affinity.

env, envValueFrom and envFrom have been removed and replaced by global.env and global.envFrom. global.env now puts the configured list directly into the deployment, without modifications as the previous setting used to do. It is now also possible to pass environment variables to only the server or worker with server.env, worker.env, server.envFrom and worker.envFrom.

additionalContainers has been removed and replaced by server.extraContainers and worker.extraContainers. The previous dictionary must now be a list and name is a required property.

initContainers has been removed and replaced by server.initContainers and worker.initContainers. The previous dictionary must now be a list and name is a required property.

volumes and volumeMounts have been renamed to global.volumes and global.volumeMounts. Additionally, server.volumes, worker.volumes, server.volumeMounts and worker.volumeMounts have been added.

replicas has been renamed to server.replicas.

strategy has been renamed to server.deploymentStrategy. worker.strategy has been renamed to worker.deploymentStrategy. global.deploymentStrategy has been added to configure deployment strategy for all authentik deployments.

priorityClassName has been renamed to server.priorityClassName. Also, server.priorityClassName and worker.priorityClassName can be used with global.priorityClassName.

containerSecurityContext has been renamed to server.containerSecurityContext.

livenessProbe, readinessProbe and startupProbe have been renamed to server.livenessProbe, server.readinessProbe and server.startupProbe. Additionally, the enabled option of those has been removed. If you need to disable those, you can do server.readinessProbe: ~ in your values. Also, some defaults have been reworked.

autoscaling.server has been renamed to server.autoscaling and autoscaling.worker has been renamed to worker.autoscaling.

pdb.server has been renamed to server.pdb and pdb.worker has been renamed to worker.pdb.

resources.server has been renamed to server.resources and resources.worker has been renamed to worker.resources.

service has been renamed server.service. Inside the service definition, port has been renamed servicePortHttp, nodePort has been renamed nodePortHttp, name has been renamed to servicePortHttpName, protocol has been removed. A lot of options have been added to customize it.

prometheus.serviceMonitor has been renamed to server.metrics.serviceMonitor. Inside the service monitor definition, create has been renamed to enabled.

prometheus.rules.create has been renamed to prometheus.rules.enabled. Additional options have also been added for more configurability.

ingress has been renamed to server.ingress. Additionally, the hosts key has been replaced by a list of hosts and paths, instead of a stand-in for an ingress definition. Additional keys are now also available for more configurability.

The geoip.image has been broken up into a dictionary following the other images definitions.

The GeoIP image repository has been changed from docker.io/maxmindinc/geoipupdate to ghcr.io/maxmind/geoipupdate. The image version has been ugpraded from 4.8 to 6.0.0

New features

global.additionalLabels has been added for labels to be applied to all resources.

Add global.revisionHistoryLimit for the number of deployment ReplicaSets to retain.

global.podLabels, server.podLabels and worker.podLabels have been added to configure extra labels to add the the deployed pods.

global.addPrometheusAnnotations allows for Prometheus annotations to be added to metrics services. This can be used as an alternative to the ServiceMonitors.

global.securityContext has been added to define pod-level security context for all deployed pods.

global.topologySpreadConstraints has been added to define topology spread constraints rules for all components.

The autoscaling configuration has gained some more configurability. Check out the values.yaml for more information.

server.terminationGracePeriodSeconds has been added and is set to a value of 30 by default.

Add the ability to use an existing secret for GeoIP credentials with geoip.existingSecret.

additionalObjects has been added to allow deploying other Kubernetes objects.

What's Changed

Full Changelog: goauthentik/helm@authentik-2024.2.0-rc2...authentik-2024.2.0

v2023.10.7

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

Full Changelog: goauthentik/helm@authentik-2023.10.6...authentik-2023.10.7

v2023.10.6

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

Full Changelog: goauthentik/helm@authentik-2023.10.5...authentik-2023.10.6

v2023.10.5

Compare Source

authentik is an open-source Identity Provider focused on flexibility and versatility

What's Changed

Full Changelog: goauthentik/helm@authentik-2023.10.4...authentik-2023.10.5


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@klaus-renovate
Copy link
Contributor Author

klaus-renovate bot commented Feb 25, 2024

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ COPYPASTE jscpd yes no 1.08s
✅ REPOSITORY git_diff yes no 0.47s
✅ REPOSITORY secretlint yes no 3.31s
✅ YAML prettier 1 0 0.39s
✅ YAML yamllint 1 0 0.31s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@klaus-renovate klaus-renovate bot force-pushed the renovate/authentik-2024.x branch 2 times, most recently from 4ee8df2 to 7cae514 Compare April 26, 2024 17:05
@klaus-renovate klaus-renovate bot force-pushed the renovate/authentik-2024.x branch from 7cae514 to 00f5045 Compare May 7, 2024 16:06
@klaus-renovate klaus-renovate bot force-pushed the renovate/authentik-2024.x branch 2 times, most recently from da53eb7 to b13f50a Compare August 5, 2024 19:08
@klaus-renovate klaus-renovate bot force-pushed the renovate/authentik-2024.x branch 2 times, most recently from ff75d02 to 8f16295 Compare September 7, 2024 17:08
| datasource | package   | from      | to       |
| ---------- | --------- | --------- | -------- |
| helm       | authentik | 2023.10.4 | 2024.8.3 |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants