outposts: check ports of deployment in kubernetes outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
62cfb76b39
commit
c720c9f41b
|
@ -18,6 +18,7 @@ from kubernetes.client import (
|
||||||
|
|
||||||
from authentik.outposts.controllers.base import FIELD_MANAGER
|
from authentik.outposts.controllers.base import FIELD_MANAGER
|
||||||
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsUpdate
|
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsUpdate
|
||||||
|
from authentik.outposts.controllers.k8s.utils import compare_ports
|
||||||
from authentik.outposts.models import Outpost
|
from authentik.outposts.models import Outpost
|
||||||
|
|
||||||
if TYPE_CHECKING:
|
if TYPE_CHECKING:
|
||||||
|
@ -35,7 +36,10 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
|
||||||
self.outpost = self.controller.outpost
|
self.outpost = self.controller.outpost
|
||||||
|
|
||||||
def reconcile(self, current: V1Deployment, reference: V1Deployment):
|
def reconcile(self, current: V1Deployment, reference: V1Deployment):
|
||||||
super().reconcile(current, reference)
|
compare_ports(
|
||||||
|
current.spec.template.spec.containers[0].ports,
|
||||||
|
reference.spec.template.spec.containers[0].ports,
|
||||||
|
)
|
||||||
if current.spec.replicas != reference.spec.replicas:
|
if current.spec.replicas != reference.spec.replicas:
|
||||||
raise NeedsUpdate()
|
raise NeedsUpdate()
|
||||||
if (
|
if (
|
||||||
|
@ -43,6 +47,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
|
||||||
!= reference.spec.template.spec.containers[0].image
|
!= reference.spec.template.spec.containers[0].image
|
||||||
):
|
):
|
||||||
raise NeedsUpdate()
|
raise NeedsUpdate()
|
||||||
|
super().reconcile(current, reference)
|
||||||
|
|
||||||
def get_pod_meta(self) -> dict[str, str]:
|
def get_pod_meta(self) -> dict[str, str]:
|
||||||
"""Get common object metadata"""
|
"""Get common object metadata"""
|
||||||
|
|
|
@ -4,8 +4,9 @@ from typing import TYPE_CHECKING
|
||||||
from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec
|
from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec
|
||||||
|
|
||||||
from authentik.outposts.controllers.base import FIELD_MANAGER
|
from authentik.outposts.controllers.base import FIELD_MANAGER
|
||||||
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsRecreate
|
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler
|
||||||
from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
|
from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
|
||||||
|
from authentik.outposts.controllers.k8s.utils import compare_ports
|
||||||
|
|
||||||
if TYPE_CHECKING:
|
if TYPE_CHECKING:
|
||||||
from authentik.outposts.controllers.kubernetes import KubernetesController
|
from authentik.outposts.controllers.kubernetes import KubernetesController
|
||||||
|
@ -19,11 +20,7 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
|
||||||
self.api = CoreV1Api(controller.client)
|
self.api = CoreV1Api(controller.client)
|
||||||
|
|
||||||
def reconcile(self, current: V1Service, reference: V1Service):
|
def reconcile(self, current: V1Service, reference: V1Service):
|
||||||
if len(current.spec.ports) != len(reference.spec.ports):
|
compare_ports(current.spec, reference.spec)
|
||||||
raise NeedsRecreate()
|
|
||||||
for port in reference.spec.ports:
|
|
||||||
if port not in current.spec.ports:
|
|
||||||
raise NeedsRecreate()
|
|
||||||
# run the base reconcile last, as that will probably raise NeedsUpdate
|
# run the base reconcile last, as that will probably raise NeedsUpdate
|
||||||
# after an authentik update. However the ports might have also changed during
|
# after an authentik update. However the ports might have also changed during
|
||||||
# the update, so this causes the service to be re-created with higher
|
# the update, so this causes the service to be re-created with higher
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
"""k8s utils"""
|
"""k8s utils"""
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
|
from kubernetes.client.models.v1_container_port import V1ContainerPort
|
||||||
from kubernetes.config.incluster_config import SERVICE_TOKEN_FILENAME
|
from kubernetes.config.incluster_config import SERVICE_TOKEN_FILENAME
|
||||||
|
|
||||||
|
from authentik.outposts.controllers.k8s.base import NeedsRecreate
|
||||||
|
|
||||||
|
|
||||||
def get_namespace() -> str:
|
def get_namespace() -> str:
|
||||||
"""Get the namespace if we're running in a pod, otherwise default to default"""
|
"""Get the namespace if we're running in a pod, otherwise default to default"""
|
||||||
|
@ -11,3 +14,12 @@ def get_namespace() -> str:
|
||||||
with open(path, "r", encoding="utf8") as _namespace_file:
|
with open(path, "r", encoding="utf8") as _namespace_file:
|
||||||
return _namespace_file.read()
|
return _namespace_file.read()
|
||||||
return "default"
|
return "default"
|
||||||
|
|
||||||
|
|
||||||
|
def compare_ports(current: list[V1ContainerPort], reference: list[V1ContainerPort]):
|
||||||
|
"""Compare ports of a list"""
|
||||||
|
if len(current) != len(reference):
|
||||||
|
raise NeedsRecreate()
|
||||||
|
for port in reference:
|
||||||
|
if port not in current:
|
||||||
|
raise NeedsRecreate()
|
||||||
|
|
Reference in New Issue