Allow specifying the service's ipFamilyPolicy and ipFamilies

2023-10-28 22:29:55 +02:00 · 2023-10-28 22:29:55 +02:00 · ca025690e0
parent a43b2fb17c
commit ca025690e0
3 changed files with 13 additions and 3 deletions
--- a/authentik/outposts/controllers/k8s/service.py
+++ b/authentik/outposts/controllers/k8s/service.py
@ -32,6 +32,12 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
        # priority than being updated.
        if current.spec.selector != reference.spec.selector:
            raise NeedsUpdate()
+        if current.spec.type != reference.spec.type:
+            raise NeedsUpdate()
+        if current.spec.ipFamilyPolicy != reference.spec.ipFamilyPolicy:
+            raise NeedsUpdate()
+        if current.spec.ipFamilies != reference.spec.ipFamilies:
+            raise NeedsUpdate()
        super().reconcile(current, reference)

    def get_reference_object(self) -> V1Service:
@ -60,6 +66,8 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
                ports=ports,
                selector=selector_labels,
                type=self.controller.outpost.config.kubernetes_service_type,
+                ip_family_policy=self.controller.outpost.config.kubernetes_service_ip_family_policy,
+                ip_families=self.controller.outpost.config.kubernetes_service_ip_families,
            ),
        )

--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -73,6 +73,8 @@ class OutpostConfig:
    kubernetes_ingress_secret_name: str = field(default="authentik-outpost-tls")
    kubernetes_ingress_class_name: Optional[str] = field(default=None)
    kubernetes_service_type: str = field(default="ClusterIP")
+    kubernetes_service_ip_family_policy: Optional[str] = field(default="SingleStack")
+    kubernetes_service_ip_families: list[str] = field(default_factory=list)
    kubernetes_disabled_components: list[str] = field(default_factory=list)
    kubernetes_image_pull_secrets: list[str] = field(default_factory=list)
    kubernetes_json_patches: Optional[dict[str, list[dict[str, Any]]]] = field(default=None)
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@ -159,13 +159,13 @@ class IngressReconciler(KubernetesObjectReconciler[V1Ingress]):
            rules.append(rule)
        tls_config = None
        if tls_hosts:
-            tls_config = V1IngressTLS(
+            tls_config = [V1IngressTLS(
                hosts=tls_hosts,
                secret_name=self.controller.outpost.config.kubernetes_ingress_secret_name,
-            )
+            )]
        spec = V1IngressSpec(
            rules=rules,
-            tls=[tls_config],
+            tls=tls_config,
        )
        if self.controller.outpost.config.kubernetes_ingress_class_name:
            spec.ingress_class_name = self.controller.outpost.config.kubernetes_ingress_class_name