trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: create ingress for forward_auth /akprox path 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-09 12:40:44 +02:00
parent 8c0a87b710
commit a6a8eddf7c
1 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
authentik/providers/proxy/controllers/k8s/ingress.py
View File

@ -101,26 +101,41 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
tls_hosts = []
for proxy_provider in ProxyProvider.objects.filter(
outpost__in=[self.controller.outpost],
forward_auth_mode=False,
):
proxy_provider: ProxyProvider
external_host_name = urlparse(proxy_provider.external_host)
if external_host_name.scheme == "https":
tls_hosts.append(external_host_name.hostname)
rule = NetworkingV1beta1IngressRule(
host=external_host_name.hostname,
http=NetworkingV1beta1HTTPIngressRuleValue(
paths=[
NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend(
service_name=self.name,
service_port="http",
),
path="/",
)
]
),
)
if proxy_provider.forward_auth_mode:
rule = NetworkingV1beta1IngressRule(
host=external_host_name.hostname,
http=NetworkingV1beta1HTTPIngressRuleValue(
paths=[
NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend(
service_name=self.name,
service_port="http",
),
path="/akprox",
)
]
),
)
else:
rule = NetworkingV1beta1IngressRule(
host=external_host_name.hostname,
http=NetworkingV1beta1HTTPIngressRuleValue(
paths=[
NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend(
service_name=self.name,
service_port="http",
),
path="/",
)
]
),
)
rules.append(rule)
if not rules:
self.logger.debug("No providers use proxying, no ingress needed")