authentik/website/docs/releases/v0.12.md

2.2 KiB

title slug
Release 0.12 0.12

This update brings these headline features:

  • Rewrite Outpost state Logic, which now supports multiple concurrent Outpost instances.
  • Add Kubernetes Integration for Outposts, which deploys and maintains Outposts with High Availability in a Kubernetes Cluster
  • Add System Task Overview to see all background tasks, their status, the log output, and retry them
  • Alerts now disappear automatically
  • Audit Logs are now searchable
  • Users can now create their own Tokens to access the API
  • docker-compose deployment now uses traefik 2.3

Fixes:

  • Fix high CPU Usage of the proxy when Websocket connections fail

Upgrading

docker-compose

Docker-compose users should download the latest docker-compose file from here. This includes the new traefik 2.3.

Afterwards, you can simply run docker-compose up -d and then the normal upgrade command of docker-compose run --rm server migrate.

Kubernetes

For Kubernetes users, there are some changes to the helm values.

The values change from

config:
    # Optionally specify fixed secret_key, otherwise generated automatically
    # secret_key: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
    # Enable error reporting
    error_reporting:
        enabled: false
        environment: customer
        send_pii: false
    # Log level used by web and worker
    # Can be either debug, info, warning, error
    log_level: warning

to

config:
    # Optionally specify fixed secret_key, otherwise generated automatically
    # secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
    # Enable error reporting
    errorReporting:
        enabled: false
        environment: customer
        sendPii: false
    # Log level used by web and worker
    # Can be either debug, info, warning, error
    logLevel: warning

in order to be consistent with the rest of the settings.

There is also a new setting called kubernetesIntegration, which controls the Kubernetes integration for authentik. When enabled (the default), a Service Account is created, which allows authentik to deploy and update Outposts.