From f0a8c30ce9712ddee4e8ce4bc0556626335ad6e0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 8 Aug 2021 14:01:39 +0200 Subject: [PATCH] outposts: create different service when using embedded outpost Signed-off-by: Jens Langhammer --- authentik/outposts/controllers/k8s/base.py | 5 +++ authentik/outposts/controllers/k8s/service.py | 33 ++++++++++++++++++- authentik/outposts/managed.py | 1 - 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/authentik/outposts/controllers/k8s/base.py b/authentik/outposts/controllers/k8s/base.py index 96c2f9464..4a2126b45 100644 --- a/authentik/outposts/controllers/k8s/base.py +++ b/authentik/outposts/controllers/k8s/base.py @@ -40,6 +40,11 @@ class KubernetesObjectReconciler(Generic[T]): self.namespace = controller.outpost.config.kubernetes_namespace self.logger = get_logger().bind(type=self.__class__.__name__) + @property + def is_embedded(self) -> bool: + """Return true if the current outpost is embedded""" + return self.controller.outpost.managed != "" + @property def noop(self) -> bool: """Return true if this object should not be created/updated/deleted in this cluster""" diff --git a/authentik/outposts/controllers/k8s/service.py b/authentik/outposts/controllers/k8s/service.py index c2d7d015a..efec9b694 100644 --- a/authentik/outposts/controllers/k8s/service.py +++ b/authentik/outposts/controllers/k8s/service.py @@ -3,7 +3,7 @@ from typing import TYPE_CHECKING from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec -from authentik.outposts.controllers.base import FIELD_MANAGER +from authentik.outposts.controllers.base import FIELD_MANAGER, DeploymentPort from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsUpdate from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler @@ -26,8 +26,39 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]): if port not in current.spec.ports: raise NeedsUpdate() + def get_embedded_reference_object(self) -> V1Service: + """Get Service for embedded outpost""" + selector_labels = { + "app.kubernetes.io/name": "authentik", + "app.kubernetes.io/component": "server", + } + meta = self.get_object_meta(name=self.name) + ports = [] + for port in [ + DeploymentPort(9000, "http", "tcp"), + DeploymentPort(9443, "https", "tcp"), + ]: + ports.append( + V1ServicePort( + name=port.name, + port=port.port, + protocol=port.protocol.upper(), + target_port=port.inner_port or port.port, + ) + ) + return V1Service( + metadata=meta, + spec=V1ServiceSpec( + ports=ports, + selector=selector_labels, + type=self.controller.outpost.config.kubernetes_service_type, + ), + ) + def get_reference_object(self) -> V1Service: """Get deployment object for outpost""" + if self.is_embedded: + return self.get_embedded_reference_object() meta = self.get_object_meta(name=self.name) ports = [] for port in self.controller.deployment_ports: diff --git a/authentik/outposts/managed.py b/authentik/outposts/managed.py index c74d4f313..e5f915b2a 100644 --- a/authentik/outposts/managed.py +++ b/authentik/outposts/managed.py @@ -38,7 +38,6 @@ class OutpostManager(ObjectManager): authentik_host="", kubernetes_disabled_components=[ "deployment", - "service", "secret", ], )