providers/proxy: create ingress for forward_auth /akprox path

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 12:40:44 +02:00 · 2021-05-09 12:40:44 +02:00 · a6a8eddf7c
parent 8c0a87b710
commit a6a8eddf7c
1 changed files with 30 additions and 15 deletions
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@ -101,26 +101,41 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
        tls_hosts = []
        for proxy_provider in ProxyProvider.objects.filter(
            outpost__in=[self.controller.outpost],
            forward_auth_mode=False,
        ):
            proxy_provider: ProxyProvider
            external_host_name = urlparse(proxy_provider.external_host)
            if external_host_name.scheme == "https":
                tls_hosts.append(external_host_name.hostname)
-            rule = NetworkingV1beta1IngressRule(
+            if proxy_provider.forward_auth_mode:
-                host=external_host_name.hostname,
+                rule = NetworkingV1beta1IngressRule(
-                http=NetworkingV1beta1HTTPIngressRuleValue(
+                    host=external_host_name.hostname,
-                    paths=[
+                    http=NetworkingV1beta1HTTPIngressRuleValue(
-                        NetworkingV1beta1HTTPIngressPath(
+                        paths=[
-                            backend=NetworkingV1beta1IngressBackend(
+                            NetworkingV1beta1HTTPIngressPath(
-                                service_name=self.name,
+                                backend=NetworkingV1beta1IngressBackend(
-                                service_port="http",
+                                    service_name=self.name,
-                            ),
+                                    service_port="http",
-                            path="/",
+                                ),
-                        )
+                                path="/akprox",
-                    ]
+                            )
-                ),
+                        ]
-            )
+                    ),
                )
            else:
                rule = NetworkingV1beta1IngressRule(
                    host=external_host_name.hostname,
                    http=NetworkingV1beta1HTTPIngressRuleValue(
                        paths=[
                            NetworkingV1beta1HTTPIngressPath(
                                backend=NetworkingV1beta1IngressBackend(
                                    service_name=self.name,
                                    service_port="http",
                                ),
                                path="/",
                            )
                        ]
                    ),
                )
            rules.append(rule)
        if not rules:
            self.logger.debug("No providers use proxying, no ingress needed")