Allow namespace override with namespaceOverride helm value (#316)

* Allow namespace override with namespaceOverride helm value

* Add fixes for authentik-remote-cluster

charts/authentik-remote-cluster/README.md

@@ -33,6 +33,7 @@ RBAC required for a remote cluster to be connected to authentik.
 | global.additionalLabels | object | `{}` | Common labels for all resources. |
 | global.fullnameOverride | string | `""` | String to fully override `"authentik.fullname"` |
 | global.nameOverride | string | `""` | Provide a name in place of `authentik` |
+| global.namespaceOverride | string | `""` | A custom namespace to override the default namespace for the deployed resources. |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | nameOverride | string | `""` | Provide a name in place of `authentik`. Prefer using global.nameOverride if possible |
 | serviceAccountSecret.enabled | bool | `true` | Create a secret with the service account credentials |

charts/authentik-remote-cluster/templates/_helpers.tpl

@@ -11,6 +11,17 @@ Expand the name of the chart
 {{- default .Chart.Name (default .Values.nameOverride $globalNameOverride) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Determine the namespace to use, allowing for a namespace override.
+*/}}
+{{- define "authauthentik-remote-cluster.namespace" -}}
+  {{- if .Values.namespaceOverride }}
+    {{- .Values.namespaceOverride }}
+  {{- else }}
+    {{- .Release.Namespace }}
+  {{- end }}
+{{- end }}
+
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

charts/authentik-remote-cluster/templates/clusterrole.yaml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ printf "%s-%s" (include "authentik-remote-cluster.fullname" .) .Release.Namespace | quote }}
+  name: {{ printf "%s-%s" (include "authentik-remote-cluster.fullname" .) (include "authauthentik-remote-cluster.namespace" .) | quote }}
   labels:
     {{- include "authentik-remote-cluster.labels" (dict "context" .) | nindent 4 }}
   {{- with .Values.annotations }}

charts/authentik-remote-cluster/templates/clusterrolebinding.yaml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ printf "%s-%s" (include "authentik-remote-cluster.fullname" .) .Release.Namespace | quote }}
+  name: {{ printf "%s-%s" (include "authentik-remote-cluster.fullname" .) (include "authauthentik-remote-cluster.namespace" .) | quote }}
   labels:
     {{- include "authentik-remote-cluster.labels" (dict "context" .) | nindent 4 }}
   {{- with .Values.annotations }}
@@ -12,9 +12,9 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ printf "%s-%s" (include "authentik-remote-cluster.fullname" .) .Release.Namespace | quote }}
+  name: {{ printf "%s-%s" (include "authentik-remote-cluster.fullname" .) (include "authauthentik-remote-cluster.namespace" .) | quote }}
 subjects:
   - kind: ServiceAccount
     name: {{ template "authentik-remote-cluster.fullname" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ include "authauthentik-remote-cluster.namespace" . | quote }}
 {{- end }}

charts/authentik-remote-cluster/templates/role.yaml

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ template "authentik-remote-cluster.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authauthentik-remote-cluster.namespace" . | quote }}
   labels:
     {{- include "authentik-remote-cluster.labels" (dict "context" .) | nindent 4 }}
   {{- with .Values.annotations }}

charts/authentik-remote-cluster/templates/rolebinding.yaml

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ template "authentik-remote-cluster.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authauthentik-remote-cluster.namespace" . | quote }}
   labels:
     {{- include "authentik-remote-cluster.labels" (dict "context" .) | nindent 4 }}
   {{- with .Values.annotations }}
@@ -16,4 +16,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ template "authentik-remote-cluster.fullname" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ include "authauthentik-remote-cluster.namespace" . | quote }}

charts/authentik-remote-cluster/templates/serviceaccount-secret.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "authentik-remote-cluster.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authauthentik-remote-cluster.namespace" . | quote }}
   labels:
     {{- include "authentik-remote-cluster.labels" (dict "context" .) | nindent 4 }}
   annotations:

charts/authentik-remote-cluster/templates/serviceaccount.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "authentik-remote-cluster.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authauthentik-remote-cluster.namespace" . | quote }}
   labels:
     {{- include "authentik-remote-cluster.labels" (dict "context" .) | nindent 4 }}
   {{- with .Values.annotations }}

charts/authentik-remote-cluster/values.yaml

@@ -12,6 +12,8 @@ global:
   nameOverride: ""
   # -- String to fully override `"authentik.fullname"`
   fullnameOverride: ""
+  # -- A custom namespace to override the default namespace for the deployed resources.
+  namespaceOverride: ""
   # -- Common labels for all resources.
   additionalLabels: {}
     # app: authentik

charts/authentik/README.md

@@ -160,6 +160,7 @@ The secret `authentik-postgres-credentials` must have `username` and `password`
 | global.image.tag | string | `""` | Overrides the global authentik whose default is the chart appVersion |
 | global.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry |
 | global.nameOverride | string | `""` | Provide a name in place of `authentik` |
+| global.namespaceOverride | string | `""` | A custom namespace to override the default namespace for the deployed resources. |
 | global.nodeSelector | object | `{}` | Default node selector for all components |
 | global.podAnnotations | object | `{}` | Annotations for all deployed pods |
 | global.podLabels | object | `{}` | Labels for all deployed pods |

charts/authentik/templates/_helpers.tpl

@@ -14,6 +14,17 @@ Create authentik server worker and version as used by the chart label.
 {{- printf "%s-%s" (include "authentik.fullname" .) .Values.worker.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Determine the namespace to use, allowing for a namespace override.
+*/}}
+{{- define "authentik.namespace" -}}
+  {{- if .Values.namespaceOverride }}
+    {{- .Values.namespaceOverride }}
+  {{- else }}
+    {{- .Release.Namespace }}
+  {{- end }}
+{{- end }}
+
 {{/*
 Create authentik configuration environment variables.
 */}}

charts/authentik/templates/prometheusrule.yaml

@@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
   name: {{ template "authentik.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.prometheus.rules.namespace | quote }}
+  namespace: {{ .Values.prometheus.rules.namespace | default (include "authentik.namespace" .) | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" .) | nindent 4 }}
     {{- if .Values.prometheus.rules.selector }}

charts/authentik/templates/secret.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "authentik.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" .) | nindent 4 }}
   {{- if .Values.global.secretAnnotations }}

charts/authentik/templates/server/deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "authentik.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.server.name) | nindent 4 }}
   {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }}

charts/authentik/templates/server/hpa.yaml

@@ -3,7 +3,7 @@ apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "authentik.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.server.name) | nindent 4 }}
   {{- with .Values.server.autoscaling.annotations }}

charts/authentik/templates/server/ingress.yaml

@@ -7,7 +7,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ include "authentik.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.server.name) | nindent 4 }}
     {{- with .Values.server.ingress.labels }}

charts/authentik/templates/server/metrics.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "authentik.server.fullname" . }}-metrics
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" (printf "%s-metrics" .Values.server.name)) | nindent 4 }}
     {{- with .Values.server.metrics.service.labels }}

charts/authentik/templates/server/pdb.yaml

@@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "authentik.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.server.name) | nindent 4 }}
     {{- with .Values.server.pdb.labels }}

charts/authentik/templates/server/service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "authentik.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.server.name) | nindent 4 }}
     {{- with .Values.server.service.labels }}

charts/authentik/templates/server/servicemonitor.yaml

@@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ include "authentik.server.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ .Values.server.metrics.serviceMonitor.namespace | default (include "authentik.namespace" .) | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" (printf "%s-metrics" .Values.server.name)) | nindent 4 }}
     {{- with .Values.server.metrics.serviceMonitor.selector }}
@@ -43,7 +43,7 @@ spec:
       {{- end }}
   namespaceSelector:
     matchNames:
-      - {{ .Release.Namespace }}
+      - {{ include "authentik.namespace" . }}
   selector:
     matchLabels:
       {{- include "authentik.selectorLabels" (dict "context" . "component" (printf "%s-metrics" .Values.server.name)) | nindent 6 }}

charts/authentik/templates/worker/deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "authentik.worker.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 4 }}
   {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.worker.deploymentAnnotations) }}

charts/authentik/templates/worker/hpa.yaml

@@ -3,7 +3,7 @@ apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "authentik.worker.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 4 }}
   {{- with .Values.worker.autoscaling.annotations }}

charts/authentik/templates/worker/pdb.yaml

@@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "authentik.worker.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "authentik.namespace" . | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 4 }}
     {{- with .Values.worker.pdb.labels }}

charts/authentik/values.yaml

@@ -13,6 +13,8 @@ global:
   nameOverride: ""
   # -- String to fully override `"authentik.fullname"`
   fullnameOverride: ""
+  # -- A custom namespace to override the default namespace for the deployed resources.
+  namespaceOverride: ""
   # -- Common labels for all resources.
   additionalLabels: {}
     # app: authentik