providers/proxy: don't create ingress for domains which use forwardAuth, don't create ingress at all if all providers are forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
3f8cd7ff13
commit
be8b2bf6f6
|
@ -29,6 +29,11 @@ class NeedsUpdate(ReconcileTrigger):
|
|||
"""Exception to trigger an update to the Kubernetes Object"""
|
||||
|
||||
|
||||
class Disabled(SentryIgnoredException):
|
||||
"""Exception which can be thrown in a reconciler to signal than an
|
||||
object should not be created."""
|
||||
|
||||
|
||||
class KubernetesObjectReconciler(Generic[T]):
|
||||
"""Base Kubernetes Reconciler, handles the basic logic."""
|
||||
|
||||
|
@ -50,7 +55,11 @@ class KubernetesObjectReconciler(Generic[T]):
|
|||
def up(self):
|
||||
"""Create object if it doesn't exist, update if needed or recreate if needed."""
|
||||
current = None
|
||||
reference = self.get_reference_object()
|
||||
try:
|
||||
reference = self.get_reference_object()
|
||||
except Disabled:
|
||||
self.logger.debug("Object not required")
|
||||
return
|
||||
try:
|
||||
try:
|
||||
current = self.retrieve()
|
||||
|
|
|
@ -17,6 +17,7 @@ from kubernetes.client.models.networking_v1beta1_ingress_rule import (
|
|||
|
||||
from authentik.outposts.controllers.base import FIELD_MANAGER
|
||||
from authentik.outposts.controllers.k8s.base import (
|
||||
Disabled,
|
||||
KubernetesObjectReconciler,
|
||||
NeedsUpdate,
|
||||
)
|
||||
|
@ -50,7 +51,8 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
|
|||
expected_hosts = []
|
||||
expected_hosts_tls = []
|
||||
for proxy_provider in ProxyProvider.objects.filter(
|
||||
outpost__in=[self.controller.outpost]
|
||||
outpost__in=[self.controller.outpost],
|
||||
forward_auth_mode=True,
|
||||
):
|
||||
proxy_provider: ProxyProvider
|
||||
external_host_name = urlparse(proxy_provider.external_host)
|
||||
|
@ -98,7 +100,8 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
|
|||
rules = []
|
||||
tls_hosts = []
|
||||
for proxy_provider in ProxyProvider.objects.filter(
|
||||
outpost__in=[self.controller.outpost]
|
||||
outpost__in=[self.controller.outpost],
|
||||
forward_auth_mode=True,
|
||||
):
|
||||
proxy_provider: ProxyProvider
|
||||
external_host_name = urlparse(proxy_provider.external_host)
|
||||
|
@ -119,6 +122,8 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
|
|||
),
|
||||
)
|
||||
rules.append(rule)
|
||||
if not rules:
|
||||
raise Disabled()
|
||||
tls_config = None
|
||||
if tls_hosts:
|
||||
tls_config = NetworkingV1beta1IngressTLS(
|
||||
|
|
Reference in a new issue