outposts: use noop flag in each reconciler instead of raising Disabled and force use of get_referecen_object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
9b60fcb08b
commit
788fd00390
|
@ -30,11 +30,6 @@ class NeedsUpdate(ReconcileTrigger):
|
|||
"""Exception to trigger an update to the Kubernetes Object"""
|
||||
|
||||
|
||||
class Disabled(SentryIgnoredException):
|
||||
"""Exception which can be thrown in a reconciler to signal than an
|
||||
object should not be created."""
|
||||
|
||||
|
||||
class KubernetesObjectReconciler(Generic[T]):
|
||||
"""Base Kubernetes Reconciler, handles the basic logic."""
|
||||
|
||||
|
@ -45,6 +40,11 @@ class KubernetesObjectReconciler(Generic[T]):
|
|||
self.namespace = controller.outpost.config.kubernetes_namespace
|
||||
self.logger = get_logger().bind(type=self.__class__.__name__)
|
||||
|
||||
@property
|
||||
def noop(self) -> bool:
|
||||
"""Return true if this object should not be created/updated/deleted in this cluster"""
|
||||
return False
|
||||
|
||||
@property
|
||||
def name(self) -> str:
|
||||
"""Get the name of the object this reconciler manages"""
|
||||
|
@ -59,11 +59,10 @@ class KubernetesObjectReconciler(Generic[T]):
|
|||
def up(self):
|
||||
"""Create object if it doesn't exist, update if needed or recreate if needed."""
|
||||
current = None
|
||||
try:
|
||||
reference = self.get_reference_object()
|
||||
except Disabled:
|
||||
self.logger.debug("Object not required")
|
||||
if self.noop:
|
||||
self.logger.debug("Object is noop")
|
||||
return
|
||||
reference = self.get_reference_object()
|
||||
try:
|
||||
try:
|
||||
current = self.retrieve()
|
||||
|
@ -92,11 +91,8 @@ class KubernetesObjectReconciler(Generic[T]):
|
|||
|
||||
def down(self):
|
||||
"""Delete object if found"""
|
||||
# Call self.get_reference_object to check if we even need to do anything
|
||||
try:
|
||||
self.get_reference_object()
|
||||
except Disabled:
|
||||
self.logger.debug("Object not required")
|
||||
if self.noop:
|
||||
self.logger.debug("Object is noop")
|
||||
return
|
||||
try:
|
||||
current = self.retrieve()
|
||||
|
|
|
@ -8,7 +8,7 @@ from structlog.testing import capture_logs
|
|||
from yaml import dump_all
|
||||
|
||||
from authentik.outposts.controllers.base import BaseController, ControllerException
|
||||
from authentik.outposts.controllers.k8s.base import Disabled, KubernetesObjectReconciler
|
||||
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler
|
||||
from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
|
||||
from authentik.outposts.controllers.k8s.secret import SecretReconciler
|
||||
from authentik.outposts.controllers.k8s.service import ServiceReconciler
|
||||
|
@ -89,10 +89,9 @@ class KubernetesController(BaseController):
|
|||
documents = []
|
||||
for reconcile_key in self.reconcile_order:
|
||||
reconciler = self.reconcilers[reconcile_key](self)
|
||||
try:
|
||||
documents.append(reconciler.get_reference_object().to_dict())
|
||||
except Disabled:
|
||||
if reconciler.noop:
|
||||
continue
|
||||
documents.append(reconciler.get_reference_object().to_dict())
|
||||
|
||||
with StringIO() as _str:
|
||||
dump_all(
|
||||
|
|
|
@ -17,7 +17,6 @@ from kubernetes.client.models.networking_v1beta1_ingress_rule import (
|
|||
|
||||
from authentik.outposts.controllers.base import FIELD_MANAGER
|
||||
from authentik.outposts.controllers.k8s.base import (
|
||||
Disabled,
|
||||
KubernetesObjectReconciler,
|
||||
NeedsUpdate,
|
||||
)
|
||||
|
@ -137,9 +136,6 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
|
|||
),
|
||||
)
|
||||
rules.append(rule)
|
||||
if not rules:
|
||||
self.logger.debug("No providers use proxying, no ingress needed")
|
||||
raise Disabled()
|
||||
tls_config = None
|
||||
if tls_hosts:
|
||||
tls_config = NetworkingV1beta1IngressTLS(
|
||||
|
|
|
@ -7,7 +7,6 @@ from kubernetes.client import ApiextensionsV1Api, CustomObjectsApi
|
|||
|
||||
from authentik.outposts.controllers.base import FIELD_MANAGER
|
||||
from authentik.outposts.controllers.k8s.base import (
|
||||
Disabled,
|
||||
KubernetesObjectReconciler,
|
||||
NeedsUpdate,
|
||||
)
|
||||
|
@ -70,6 +69,18 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
|||
self.api_ex = ApiextensionsV1Api(controller.client)
|
||||
self.api = CustomObjectsApi(controller.client)
|
||||
|
||||
def noop(self) -> bool:
|
||||
if not ProxyProvider.objects.filter(
|
||||
outpost__in=[self.controller.outpost],
|
||||
forward_auth_mode=True,
|
||||
).exists():
|
||||
self.logger.debug("No providers with forward auth enabled.")
|
||||
return True
|
||||
if not self._crd_exists():
|
||||
self.logger.debug("CRD doesn't exist")
|
||||
return True
|
||||
return False
|
||||
|
||||
def _crd_exists(self) -> bool:
|
||||
"""Check if the traefik middleware exists"""
|
||||
return bool(
|
||||
|
@ -87,15 +98,6 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
|||
|
||||
def get_reference_object(self) -> TraefikMiddleware:
|
||||
"""Get deployment object for outpost"""
|
||||
if not ProxyProvider.objects.filter(
|
||||
outpost__in=[self.controller.outpost],
|
||||
forward_auth_mode=True,
|
||||
).exists():
|
||||
self.logger.debug("No providers with forward auth enabled.")
|
||||
raise Disabled()
|
||||
if not self._crd_exists():
|
||||
self.logger.debug("CRD doesn't exist")
|
||||
raise Disabled()
|
||||
return TraefikMiddleware(
|
||||
apiVersion=f"{CRD_GROUP}/{CRD_VERSION}",
|
||||
kind="Middleware",
|
||||
|
|
Reference in a new issue