outposts: allow better configuration of outpost image name

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

.gitignore

@@ -202,3 +202,5 @@ selenium_screenshots/
 backups/
 media/
 *mmdb
+
+.idea/

authentik/lib/default.yml

@@ -34,7 +34,10 @@ email:
   from: authentik@localhost
 
 outposts:
-  docker_image_base: "beryju/authentik" # this is prepended to -proxy:version
+  # Placeholders:
+  # %(type)s: Outpost type; proxy, ldap, etc
+  # %(version)s: Current version; 2021.4.1
+  docker_image_base: "beryju/authentik-%(type)s:%(version)s"
 
 authentik:
   avatars: gravatar  # gravatar or none

authentik/outposts/controllers/base.py

@@ -4,6 +4,8 @@ from dataclasses import dataclass
 from structlog.stdlib import get_logger
 from structlog.testing import capture_logs
 
+from authentik import __version__
+from authentik.lib.config import CONFIG
 from authentik.lib.sentry import SentryIgnoredException
 from authentik.outposts.models import Outpost, OutpostServiceConnection
 
@@ -55,3 +57,10 @@ class BaseController:
     def get_static_deployment(self) -> str:
         """Return a static deployment configuration"""
         raise NotImplementedError
+
+    def get_container_image(self) -> str:
+        """Get container image to use for this outpost"""
+        image_name_template: str = CONFIG.y("outposts.docker_image_base")
+        return image_name_template.format(
+            {"type": self.outpost.type, "version": __version__}
+        )

authentik/outposts/controllers/docker.py

@@ -8,7 +8,6 @@ from docker.models.containers import Container
 from yaml import safe_dump
 
 from authentik import __version__
-from authentik.lib.config import CONFIG
 from authentik.outposts.controllers.base import BaseController, ControllerException
 from authentik.outposts.models import (
     DockerServiceConnection,
@@ -60,8 +59,7 @@ class DockerController(BaseController):
             return self.client.containers.get(container_name), False
         except NotFound:
             self.logger.info("Container does not exist, creating")
-            image_prefix = CONFIG.y("outposts.docker_image_base")
-            image_name = f"{image_prefix}-{self.outpost.type}:{__version__}"
+            image_name = self.get_container_image()
             self.client.images.pull(image_name)
             container_args = {
                 "image": image_name,
@@ -146,12 +144,12 @@ class DockerController(BaseController):
             f"{port.port}:{port.port}/{port.protocol.lower()}"
             for port in self.deployment_ports
         ]
-        image_prefix = CONFIG.y("outposts.docker_image_base")
+        image_name = self.get_container_image()
         compose = {
             "version": "3.5",
             "services": {
                 f"authentik_{self.outpost.type}": {
-                    "image": f"{image_prefix}-{self.outpost.type}:{__version__}",
+                    "image": image_name,
                     "ports": ports,
                     "environment": {
                         "AUTHENTIK_HOST": self.outpost.config.authentik_host,

authentik/outposts/controllers/k8s/deployment.py

@@ -16,8 +16,6 @@ from kubernetes.client import (
     V1SecretKeySelector,
 )
 
-from authentik import __version__
-from authentik.lib.config import CONFIG
 from authentik.outposts.controllers.base import FIELD_MANAGER
 from authentik.outposts.controllers.k8s.base import (
     KubernetesObjectReconciler,
@@ -75,7 +73,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
             )
         meta = self.get_object_meta(name=self.name)
         secret_name = f"authentik-outpost-{self.controller.outpost.uuid.hex}-api"
-        image_prefix = CONFIG.y("outposts.docker_image_base")
+        image_name = self.controller.get_container_image()
         return V1Deployment(
             metadata=meta,
             spec=V1DeploymentSpec(
@@ -87,7 +85,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
                         containers=[
                             V1Container(
                                 name=str(self.outpost.type),
-                                image=f"{image_prefix}-{self.outpost.type}:{__version__}",
+                                image=image_name,
                                 ports=container_ports,
                                 env=[
                                     V1EnvVar(

helm/README.md

@@ -4,6 +4,7 @@
 |-----------------------------------|-------------------------|-------------|
 | image.name                        | beryju/authentik        | Image used to run the authentik server and worker |
 | image.name_static                 | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
+| image.name_outposts               | beryju/authentik-%(type)s:%(version)s | Image used for managed outposts. Placeholders: %(type)s: Outpost type; proxy, ldap, etc. %(version)s: Current version; 2021.4.1 |
 | image.tag                         | 2021.4.4                | Image tag |
 | image.pullPolicy                  | IfNotPresent            | Image Pull Policy used for all deployments |
 | serverReplicas                    | 1                       | Replicas for the Server deployment |

helm/values.yaml

@@ -4,7 +4,10 @@
 image:
   name: beryju/authentik
   name_static: beryju/authentik-static
-  name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
+  # Image used for managed outposts. Placeholders:
+  # %(type)s: Outpost type; proxy, ldap, etc
+  # %(version)s: Current version; 2021.4.1
+  name_outposts: "beryju/authentik-%(type)s:%(version)s"
   tag: 2021.4.4
   pullPolicy: IfNotPresent
 

website/docs/installation/beta.mdx

@@ -20,7 +20,7 @@ Add the following block to your `.env` file:
 AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
 AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
 AUTHENTIK_TAG=gh-next
-AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik/outpost
+AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik/outpost-%(type)s:gh-next
 ```
 
 Afterwards, run the upgrade commands from the latest releasae notes.
@@ -32,7 +32,7 @@ Add the following block to your `values.yml` file:
 image:
   name: docker.beryju.org/authentik/server
   name_static: docker.beryju.org/authentik/static
-  name_outposts: docker.beryju.org/authentik/outpost
+  name_outposts: docker.beryju.org/authentik/outpost-%(type)s:gh-next
   tag: gh-next
   # pullPolicy: Always to ensure you always get the latest version
   pullPolicy: Always

website/docs/installation/kubernetes.md

@@ -37,7 +37,10 @@ It is also recommended to configure global email credentials. These are used by
 image:
   name: beryju/authentik
   name_static: beryju/authentik-static
-  name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
+  # Image used for managed outposts. Placeholders:
+  # %(type)s: Outpost type; proxy, ldap, etc
+  # %(version)s: Current version; 2021.4.1
+  name_outposts: "beryju/authentik-%(type)s:%(version)s"
   tag: 2021.4.4
 
 serverReplicas: 1