outposts: default to currently running namespace if possible

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 18:44:32 +02:00
parent 7f7046f0e4
commit 72836ecd9d
3 changed files with 20 additions and 5 deletions
--- a/authentik/outposts/controllers/k8s/base.py
+++ b/authentik/outposts/controllers/k8s/base.py
@ -48,10 +48,13 @@ class KubernetesObjectReconciler(Generic[T]):
    @property
    def name(self) -> str:
        """Get the name of the object this reconciler manages"""
-        return (self.controller.outpost.config.object_naming_template % {
+        return (
+            self.controller.outpost.config.object_naming_template
+            % {
                "name": slugify(self.controller.outpost.name),
                "uuid": self.controller.outpost.uuid.hex,
-        }).lower()
+            }
+        ).lower()

    def up(self):
        """Create object if it doesn't exist, update if needed or recreate if needed."""
--- a/authentik/outposts/controllers/k8s/utils.py
+++ b/authentik/outposts/controllers/k8s/utils.py
@ -0,0 +1,11 @@
+"""k8s utils"""
+from pathlib import Path
+
+
+def get_namespace() -> str:
+    """Get the namespace if we're running in a pod, otherwise default to default"""
+    path = Path("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
+    if path.exists():
+        with open(path, "r") as _namespace_file:
+            return _namespace_file.read()
+    return "default"
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -33,6 +33,7 @@ from authentik.lib.config import CONFIG
 from authentik.lib.models import InheritanceForeignKey
 from authentik.lib.sentry import SentryIgnoredException
 from authentik.lib.utils.http import USER_ATTRIBUTE_CAN_OVERRIDE_IP
+from authentik.outposts.controllers.k8s.utils import get_namespace
 from authentik.outposts.docker_tls import DockerInlineTLS

 OUR_VERSION = parse(__version__)
@ -59,7 +60,7 @@ class OutpostConfig:

    object_naming_template: str = field(default="ak-outpost-%(name)s")
    kubernetes_replicas: int = field(default=1)
-    kubernetes_namespace: str = field(default="default")
+    kubernetes_namespace: str = field(default_factory=get_namespace)
    kubernetes_ingress_annotations: dict[str, str] = field(default_factory=dict)
    kubernetes_ingress_secret_name: str = field(default="authentik-outpost-tls")
    kubernetes_service_type: str = field(default="ClusterIP")