From 30b6eeee9ffaa68ee274a680ebe82f41fa860250 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Sat, 30 Dec 2023 21:40:54 +0100 Subject: [PATCH] outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) (#8024) outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (#8021) Signed-off-by: Jens Langhammer Co-authored-by: Jens L --- authentik/outposts/api/outposts.py | 2 +- authentik/outposts/apps.py | 7 ------- authentik/outposts/controllers/k8s/deployment.py | 4 ++++ authentik/outposts/controllers/k8s/secret.py | 4 ++++ authentik/outposts/controllers/k8s/service_monitor.py | 5 ++++- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/authentik/outposts/api/outposts.py b/authentik/outposts/api/outposts.py index 09862a6e7..3d6b026a7 100644 --- a/authentik/outposts/api/outposts.py +++ b/authentik/outposts/api/outposts.py @@ -51,7 +51,7 @@ class OutpostSerializer(ModelSerializer): """Validate name (especially for embedded outpost)""" if not self.instance: return name - if self.instance.managed == MANAGED_OUTPOST: + if self.instance.managed == MANAGED_OUTPOST and name != MANAGED_OUTPOST_NAME: raise ValidationError("Embedded outpost's name cannot be changed") if self.instance.name == MANAGED_OUTPOST_NAME: self.instance.managed = MANAGED_OUTPOST diff --git a/authentik/outposts/apps.py b/authentik/outposts/apps.py index 08d1080ee..b0a6298c7 100644 --- a/authentik/outposts/apps.py +++ b/authentik/outposts/apps.py @@ -36,7 +36,6 @@ class AuthentikOutpostConfig(ManagedAppConfig): DockerServiceConnection, KubernetesServiceConnection, Outpost, - OutpostConfig, OutpostType, ) @@ -56,10 +55,4 @@ class AuthentikOutpostConfig(ManagedAppConfig): outpost.service_connection = KubernetesServiceConnection.objects.first() elif DockerServiceConnection.objects.exists(): outpost.service_connection = DockerServiceConnection.objects.first() - outpost.config = OutpostConfig( - kubernetes_disabled_components=[ - "deployment", - "secret", - ] - ) outpost.save() diff --git a/authentik/outposts/controllers/k8s/deployment.py b/authentik/outposts/controllers/k8s/deployment.py index 4aa10e7f7..e06d97139 100644 --- a/authentik/outposts/controllers/k8s/deployment.py +++ b/authentik/outposts/controllers/k8s/deployment.py @@ -43,6 +43,10 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]): self.api = AppsV1Api(controller.client) self.outpost = self.controller.outpost + @property + def noop(self) -> bool: + return self.is_embedded + @staticmethod def reconciler_name() -> str: return "deployment" diff --git a/authentik/outposts/controllers/k8s/secret.py b/authentik/outposts/controllers/k8s/secret.py index 8a2293404..ddc3643c6 100644 --- a/authentik/outposts/controllers/k8s/secret.py +++ b/authentik/outposts/controllers/k8s/secret.py @@ -24,6 +24,10 @@ class SecretReconciler(KubernetesObjectReconciler[V1Secret]): super().__init__(controller) self.api = CoreV1Api(controller.client) + @property + def noop(self) -> bool: + return self.is_embedded + @staticmethod def reconciler_name() -> str: return "secret" diff --git a/authentik/outposts/controllers/k8s/service_monitor.py b/authentik/outposts/controllers/k8s/service_monitor.py index 4e58c119a..8e00f9c50 100644 --- a/authentik/outposts/controllers/k8s/service_monitor.py +++ b/authentik/outposts/controllers/k8s/service_monitor.py @@ -77,7 +77,10 @@ class PrometheusServiceMonitorReconciler(KubernetesObjectReconciler[PrometheusSe @property def noop(self) -> bool: - return (not self._crd_exists()) or (self.is_embedded) + if not self._crd_exists(): + self.logger.debug("CRD doesn't exist") + return True + return self.is_embedded def _crd_exists(self) -> bool: """Check if the Prometheus ServiceMonitor exists"""