outposts: make local discovery configurable

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/lib/default.yml

@@ -55,6 +55,7 @@ outposts:
   # %(version)s: Current version; 2021.4.1
   # %(build_hash)s: Build hash if you're running a beta version
   container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
+  discover: true
 
 cookie_domain: null
 disable_update_check: false

authentik/outposts/tasks.py

@@ -23,6 +23,7 @@ from authentik.events.monitored_tasks import (
     TaskResultStatus,
     prefill_task,
 )
+from authentik.lib.config import CONFIG
 from authentik.lib.utils.reflection import path_to_class
 from authentik.outposts.controllers.base import BaseController, ControllerException
 from authentik.outposts.controllers.docker import DockerClient
@@ -231,6 +232,9 @@ def _outpost_single_update(outpost: Outpost, layer=None):
 @CELERY_APP.task()
 def outpost_local_connection():
     """Checks the local environment and create Service connections."""
+    if not CONFIG.y_bool("outposts.discover"):
+        LOGGER.debug("outpost integration discovery is disabled")
+        return
     # Explicitly check against token filename, as that's
     # only present when the integration is enabled
     if Path(SERVICE_TOKEN_FILENAME).exists():

website/docs/installation/configuration.md

@@ -121,6 +121,16 @@ Disable the inbuilt update-checker. Defaults to `false`.
 
   Placeholder for outpost docker images. Default: `ghcr.io/goauthentik/%(type)s:%(version)s`.
 
+- `AUTHENTIK_OUTPOSTS__DISCOVER`
+
+  Configure the automatic discovery of integrations. Defaults to `true`.
+
+  By default, the following is discovered:
+
+    - Kubernetes in-cluster config
+    - Kubeconfig
+    - Existence of a docker socket
+
 ### AUTHENTIK_AVATARS
 
 Configure how authentik should show avatars for users. Following values can be set: