outposts: make AUTHENTIK_HOST_BROWSER configurable from central config
closes #1471 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
05db9e5c40
commit
b248f450dd
|
@ -38,6 +38,7 @@ class DockerController(BaseController):
|
|||
"AUTHENTIK_HOST": self.outpost.config.authentik_host.lower(),
|
||||
"AUTHENTIK_INSECURE": str(self.outpost.config.authentik_host_insecure).lower(),
|
||||
"AUTHENTIK_TOKEN": self.outpost.token.key,
|
||||
"AUTHENTIK_HOST_BROWSER": self.outpost.config.authentik_host_browser,
|
||||
}
|
||||
|
||||
def _comp_env(self, container: Container) -> bool:
|
||||
|
@ -215,6 +216,7 @@ class DockerController(BaseController):
|
|||
"AUTHENTIK_HOST": self.outpost.config.authentik_host,
|
||||
"AUTHENTIK_INSECURE": str(self.outpost.config.authentik_host_insecure),
|
||||
"AUTHENTIK_TOKEN": self.outpost.token.key,
|
||||
"AUTHENTIK_HOST_BROWSER": self.outpost.config.authentik_host_browser,
|
||||
},
|
||||
"labels": self._get_labels(),
|
||||
}
|
||||
|
|
|
@ -89,6 +89,15 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
|
|||
)
|
||||
),
|
||||
),
|
||||
V1EnvVar(
|
||||
name="AUTHENTIK_HOST_BROWSER",
|
||||
value_from=V1EnvVarSource(
|
||||
secret_key_ref=V1SecretKeySelector(
|
||||
name=self.name,
|
||||
key="authentik_host_browser",
|
||||
)
|
||||
),
|
||||
),
|
||||
V1EnvVar(
|
||||
name="AUTHENTIK_TOKEN",
|
||||
value_from=V1EnvVarSource(
|
||||
|
|
|
@ -26,7 +26,7 @@ class SecretReconciler(KubernetesObjectReconciler[V1Secret]):
|
|||
def reconcile(self, current: V1Secret, reference: V1Secret):
|
||||
super().reconcile(current, reference)
|
||||
for key in reference.data.keys():
|
||||
if current.data[key] != reference.data[key]:
|
||||
if key not in current.data or current.data[key] != reference.data[key]:
|
||||
raise NeedsUpdate()
|
||||
|
||||
def get_reference_object(self) -> V1Secret:
|
||||
|
@ -40,6 +40,9 @@ class SecretReconciler(KubernetesObjectReconciler[V1Secret]):
|
|||
str(self.controller.outpost.config.authentik_host_insecure)
|
||||
),
|
||||
"token": b64string(self.controller.outpost.token.key),
|
||||
"authentik_host_browser": b64string(
|
||||
self.controller.outpost.config.authentik_host_browser
|
||||
),
|
||||
},
|
||||
)
|
||||
|
||||
|
|
|
@ -64,6 +64,7 @@ class OutpostConfig:
|
|||
|
||||
authentik_host: str = ""
|
||||
authentik_host_insecure: bool = False
|
||||
authentik_host_browser: str = ""
|
||||
|
||||
log_level: str = CONFIG.y("log_level")
|
||||
error_reporting_enabled: bool = CONFIG.y_bool("error_reporting.enabled")
|
||||
|
|
|
@ -18,7 +18,7 @@ type OIDCEndpoint struct {
|
|||
func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoint {
|
||||
authUrl := p.OidcConfiguration.AuthorizationEndpoint
|
||||
endUrl := p.OidcConfiguration.EndSessionEndpoint
|
||||
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found {
|
||||
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found && browserHost != "" {
|
||||
host := os.Getenv("AUTHENTIK_HOST")
|
||||
authUrl = strings.ReplaceAll(authUrl, host, browserHost)
|
||||
endUrl = strings.ReplaceAll(endUrl, host, browserHost)
|
||||
|
|
|
@ -37,6 +37,8 @@ error_reporting_environment: beryjuorg-prod
|
|||
authentik_host: https://authentik.tld/
|
||||
# Disable SSL Validation for the authentik connection
|
||||
authentik_host_insecure: false
|
||||
# Optionally specify a different URL used for user-facing interactions
|
||||
authentik_host_browser:
|
||||
# Template used for objects created (deployments, services, secrets, etc)
|
||||
object_naming_template: ak-outpost-%(name)s
|
||||
########################################
|
||||
|
|
Reference in a new issue