trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/controllers: re-create service when mismatched ports to prevent errors 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-08 23:00:53 +02:00
parent 8ca29f6d49
commit 533eb59a04
1 changed files with 11 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
authentik/outposts/controllers/k8s/service.py
View File

@ -3,8 +3,8 @@ from typing import TYPE_CHECKING
from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec
from authentik.outposts.controllers.base import FIELD_MANAGER, DeploymentPort from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsUpdate from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsRecreate
from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
if TYPE_CHECKING: if TYPE_CHECKING:
@ -21,44 +21,13 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
def reconcile(self, current: V1Service, reference: V1Service): def reconcile(self, current: V1Service, reference: V1Service):
super().reconcile(current, reference) super().reconcile(current, reference)
if len(current.spec.ports) != len(reference.spec.ports): if len(current.spec.ports) != len(reference.spec.ports):
raise NeedsUpdate() raise NeedsRecreate()
for port in reference.spec.ports: for port in reference.spec.ports:
if port not in current.spec.ports: if port not in current.spec.ports:
raise NeedsUpdate() raise NeedsRecreate()
def get_embedded_reference_object(self) -> V1Service:
"""Get Service for embedded outpost"""
selector_labels = {
"app.kubernetes.io/name": "authentik",
"app.kubernetes.io/component": "server",
}
meta = self.get_object_meta(name=self.name)
ports = []
for port in [
DeploymentPort(9000, "http", "tcp"),
DeploymentPort(9443, "https", "tcp"),
]:
ports.append(
V1ServicePort(
name=port.name,
port=port.port,
protocol=port.protocol.upper(),
target_port=port.inner_port or port.port,
)
)
return V1Service(
metadata=meta,
spec=V1ServiceSpec(
ports=ports,
selector=selector_labels,
type=self.controller.outpost.config.kubernetes_service_type,
),
)
def get_reference_object(self) -> V1Service: def get_reference_object(self) -> V1Service:
"""Get deployment object for outpost""" """Get deployment object for outpost"""
if self.is_embedded:
return self.get_embedded_reference_object()
meta = self.get_object_meta(name=self.name) meta = self.get_object_meta(name=self.name)
ports = [] ports = []
for port in self.controller.deployment_ports: for port in self.controller.deployment_ports:
@ -70,7 +39,13 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
target_port=port.inner_port or port.port, target_port=port.inner_port or port.port,
) )
) )
selector_labels = DeploymentReconciler(self.controller).get_pod_meta() if self.is_embedded:
selector_labels = {
"app.kubernetes.io/name": "authentik",
"app.kubernetes.io/component": "server",
}
else:
selector_labels = DeploymentReconciler(self.controller).get_pod_meta()
return V1Service( return V1Service(
metadata=meta, metadata=meta,
spec=V1ServiceSpec( spec=V1ServiceSpec(