outposts: create different service when using embedded outpost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/outposts/controllers/k8s/base.py

@@ -40,6 +40,11 @@ class KubernetesObjectReconciler(Generic[T]):
         self.namespace = controller.outpost.config.kubernetes_namespace
         self.logger = get_logger().bind(type=self.__class__.__name__)
 
+    @property
+    def is_embedded(self) -> bool:
+        """Return true if the current outpost is embedded"""
+        return self.controller.outpost.managed != ""
+
     @property
     def noop(self) -> bool:
         """Return true if this object should not be created/updated/deleted in this cluster"""

authentik/outposts/controllers/k8s/service.py

@@ -3,7 +3,7 @@ from typing import TYPE_CHECKING
 
 from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec
 
-from authentik.outposts.controllers.base import FIELD_MANAGER
+from authentik.outposts.controllers.base import FIELD_MANAGER, DeploymentPort
 from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler, NeedsUpdate
 from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
 
@@ -26,8 +26,39 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
             if port not in current.spec.ports:
                 raise NeedsUpdate()
 
+    def get_embedded_reference_object(self) -> V1Service:
+        """Get Service for embedded outpost"""
+        selector_labels = {
+            "app.kubernetes.io/name": "authentik",
+            "app.kubernetes.io/component": "server",
+        }
+        meta = self.get_object_meta(name=self.name)
+        ports = []
+        for port in [
+            DeploymentPort(9000, "http", "tcp"),
+            DeploymentPort(9443, "https", "tcp"),
+        ]:
+            ports.append(
+                V1ServicePort(
+                    name=port.name,
+                    port=port.port,
+                    protocol=port.protocol.upper(),
+                    target_port=port.inner_port or port.port,
+                )
+            )
+        return V1Service(
+            metadata=meta,
+            spec=V1ServiceSpec(
+                ports=ports,
+                selector=selector_labels,
+                type=self.controller.outpost.config.kubernetes_service_type,
+            ),
+        )
+
     def get_reference_object(self) -> V1Service:
         """Get deployment object for outpost"""
+        if self.is_embedded:
+            return self.get_embedded_reference_object()
         meta = self.get_object_meta(name=self.name)
         ports = []
         for port in self.controller.deployment_ports:

authentik/outposts/managed.py

@@ -38,7 +38,6 @@ class OutpostManager(ObjectManager):
                         authentik_host="",
                         kubernetes_disabled_components=[
                             "deployment",
-                            "service",
                             "secret",
                         ],
                     )