outposts: Enhance config options for k8s outposts (#7363)

* Allow specifying the service's ipFamilyPolicy and ipFamilies * Add documentation * Only create k8s TLS Ingress config if secretName is set * Fix linter issues. * Fix wrong attributes * Remove IP family configuration option This shall rather be configured using `kubernetes_json_patch` introduced with https://github.com/goauthentik/authentik/pull/6319 * Add test for k8s service reconciler * Fix linter issues
2024-03-15 18:23:12 +01:00
parent 09e6b80fd6
commit 61b61ce960
5 changed files with 49 additions and 9 deletions
--- a/tests/integration/test_outpost_kubernetes.py
+++ b/tests/integration/test_outpost_kubernetes.py
@ -10,6 +10,7 @@ from kubernetes.client.exceptions import OpenApiException
 from authentik.core.tests.utils import create_test_flow
 from authentik.lib.config import CONFIG
 from authentik.outposts.controllers.k8s.deployment import DeploymentReconciler
+from authentik.outposts.controllers.k8s.service import ServiceReconciler
 from authentik.outposts.controllers.k8s.triggers import NeedsUpdate
 from authentik.outposts.models import KubernetesServiceConnection, Outpost, OutpostType
 from authentik.outposts.tasks import outpost_connection_discovery
@ -91,6 +92,35 @@ class OutpostKubernetesTests(TestCase):

        deployment_reconciler.delete(deployment_reconciler.get_reference_object())

+    @pytest.mark.timeout(120)
+    def test_service_reconciler(self):
+        """test that service requires update"""
+        controller = ProxyKubernetesController(self.outpost, self.service_connection)
+        service_reconciler = ServiceReconciler(controller)
+
+        self.assertIsNotNone(service_reconciler.retrieve())
+
+        config = self.outpost.config
+        config.kubernetes_service_type = "NodePort"
+        config.kubernetes_json_patches = {
+            "service": [
+                {
+                    "op": "add",
+                    "path": "/spec/ipFamilyPolicy",
+                    "value": "PreferDualStack",
+                }
+            ]
+        }
+        self.outpost.config = config
+
+        with self.assertRaises(NeedsUpdate):
+            service_reconciler.reconcile(
+                service_reconciler.retrieve(),
+                service_reconciler.get_reference_object(),
+            )
+
+        service_reconciler.delete(service_reconciler.get_reference_object())
+
    @pytest.mark.timeout(120)
    def test_controller_rename(self):
        """test that objects get deleted and re-created with new names"""