goauthentik
outposts: fix docker ssh integration
fix SSH integration being very finicky currently currently the SSH Config is done by creating ~/.ssh/config which is then read by paramiko, but interpreted by docker-py and only certain params are actually parsed. Also there's only one config file that needs to be updated with multiple hosts
this switches the SSH Connection to use a shell process, hence gets rid of paramiko, uses openssh-client, and as such we can use /etc/ssh/ssh_config.d and just create a file per service-connection in there
closes #4314 closes #3679
Codecov Report
Patch coverage: 26.67% and project coverage change: -66.36 :warning:
Comparison is base (
13591fc) 92.69% compared to head (4e9a466) 26.33%.
Additional details and impacted files
@@ Coverage Diff @@
## main #5362 +/- ##
===========================================
- Coverage 92.69% 26.33% -66.36%
===========================================
Files 506 506
Lines 25908 25893 -15
===========================================
- Hits 24013 6816 -17197
- Misses 1895 19077 +17182
| Flag | Coverage Δ | |
|---|---|---|
| e2e | ? |
|
| integration | 26.33% <26.67%> (+0.01%) |
:arrow_up: |
| unit | ? |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Impacted Files | Coverage Δ | |
|---|---|---|
| authentik/outposts/docker_ssh.py | 41.87% <23.08%> (+7.38%) |
:arrow_up: |
| authentik/outposts/controllers/docker.py | 69.11% <50.00%> (-11.51%) |
:arrow_down: |
... and 451 files with indirect coverage changes
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
authentik PR Installation instructions
Instructions for docker-compose
Add the following block to your .env file:
AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-outposts-fix-docker-ssh-integration-1682351885-4e9a466
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
For arm64, use these values:
AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-outposts-fix-docker-ssh-integration-1682351885-4e9a466-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
Afterwards, run the upgrade commands from the latest release notes.
Instructions for Kubernetes
Add the following block to your values.yml file:
authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-outposts-fix-docker-ssh-integration-1682351885-4e9a466
For arm64, use these values:
authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-outposts-fix-docker-ssh-integration-1682351885-4e9a466-arm64
Afterwards, run the upgrade commands from the latest release notes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
using the plain SSH connection works but is quite slow due to https://github.com/docker/docker-py/issues/2966
Heho Is this still on the list to be merged? Because I'm running into the same issues :D
That would be awesome to use acme.sh --deploy -d example.com --deploy-hook ssh
