From 72836ecd9dde2eef0ec085f133992e2bde4dc6a3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 9 May 2021 18:44:32 +0200 Subject: [PATCH] outposts: default to currently running namespace if possible Signed-off-by: Jens Langhammer --- authentik/outposts/controllers/k8s/base.py | 11 +++++++---- authentik/outposts/controllers/k8s/utils.py | 11 +++++++++++ authentik/outposts/models.py | 3 ++- 3 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 authentik/outposts/controllers/k8s/utils.py diff --git a/authentik/outposts/controllers/k8s/base.py b/authentik/outposts/controllers/k8s/base.py index ec3b6a107..2e53abb4c 100644 --- a/authentik/outposts/controllers/k8s/base.py +++ b/authentik/outposts/controllers/k8s/base.py @@ -48,10 +48,13 @@ class KubernetesObjectReconciler(Generic[T]): @property def name(self) -> str: """Get the name of the object this reconciler manages""" - return (self.controller.outpost.config.object_naming_template % { - "name": slugify(self.controller.outpost.name), - "uuid": self.controller.outpost.uuid.hex, - }).lower() + return ( + self.controller.outpost.config.object_naming_template + % { + "name": slugify(self.controller.outpost.name), + "uuid": self.controller.outpost.uuid.hex, + } + ).lower() def up(self): """Create object if it doesn't exist, update if needed or recreate if needed.""" diff --git a/authentik/outposts/controllers/k8s/utils.py b/authentik/outposts/controllers/k8s/utils.py new file mode 100644 index 000000000..c4e446a25 --- /dev/null +++ b/authentik/outposts/controllers/k8s/utils.py @@ -0,0 +1,11 @@ +"""k8s utils""" +from pathlib import Path + + +def get_namespace() -> str: + """Get the namespace if we're running in a pod, otherwise default to default""" + path = Path("/var/run/secrets/kubernetes.io/serviceaccount/namespace") + if path.exists(): + with open(path, "r") as _namespace_file: + return _namespace_file.read() + return "default" diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 9cc3e087b..9eb4cdce3 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -33,6 +33,7 @@ from authentik.lib.config import CONFIG from authentik.lib.models import InheritanceForeignKey from authentik.lib.sentry import SentryIgnoredException from authentik.lib.utils.http import USER_ATTRIBUTE_CAN_OVERRIDE_IP +from authentik.outposts.controllers.k8s.utils import get_namespace from authentik.outposts.docker_tls import DockerInlineTLS OUR_VERSION = parse(__version__) @@ -59,7 +60,7 @@ class OutpostConfig: object_naming_template: str = field(default="ak-outpost-%(name)s") kubernetes_replicas: int = field(default=1) - kubernetes_namespace: str = field(default="default") + kubernetes_namespace: str = field(default_factory=get_namespace) kubernetes_ingress_annotations: dict[str, str] = field(default_factory=dict) kubernetes_ingress_secret_name: str = field(default="authentik-outpost-tls") kubernetes_service_type: str = field(default="ClusterIP")