habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/proxy: update ingress controller to work with k8s 1.22

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2021-10-18 10:00:24 +02:00
parent e5906a4115
commit 98a56c77e3
3 changed files with 59 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
authentik/providers/proxy/controllers/k8s/ingress.py
View File

@ -3,15 +3,17 @@ from typing import TYPE_CHECKING
from urllib.parse import urlparse
from kubernetes.client import (
NetworkingV1beta1Api,
NetworkingV1beta1HTTPIngressPath,
NetworkingV1beta1HTTPIngressRuleValue,
NetworkingV1beta1Ingress,
NetworkingV1beta1IngressBackend,
NetworkingV1beta1IngressSpec,
NetworkingV1beta1IngressTLS,
NetworkingV1Api,
V1HTTPIngressPath,
V1HTTPIngressRuleValue,
V1Ingress,
V1IngressSpec,
V1IngressTLS,
V1ServiceBackendPort,
)
from kubernetes.client.models.networking_v1beta1_ingress_rule import NetworkingV1beta1IngressRule
from kubernetes.client.models.v1_ingress_backend import V1IngressBackend
from kubernetes.client.models.v1_ingress_rule import V1IngressRule
from kubernetes.client.models.v1_ingress_service_backend import V1IngressServiceBackend
from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import KubernetesObjectReconciler
@ -22,14 +24,14 @@ if TYPE_CHECKING:
from authentik.outposts.controllers.kubernetes import KubernetesController
class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
class IngressReconciler(KubernetesObjectReconciler[V1Ingress]):
"""Kubernetes Ingress Reconciler"""
def __init__(self, controller: "KubernetesController") -> None:
super().__init__(controller)
self.api = NetworkingV1beta1Api(controller.client)
self.api = NetworkingV1Api(controller.client)
def _check_annotations(self, reference: NetworkingV1beta1Ingress):
def _check_annotations(self, reference: V1Ingress):
"""Check that all annotations *we* set are correct"""
for key, value in self.get_ingress_annotations().items():
if key not in reference.metadata.annotations:
@ -37,7 +39,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
if reference.metadata.annotations[key] != value:
raise NeedsUpdate()
def reconcile(self, current: NetworkingV1beta1Ingress, reference: NetworkingV1beta1Ingress):
def reconcile(self, current: V1Ingress, reference: V1Ingress):
super().reconcile(current, reference)
self._check_annotations(reference)
# Create a list of all expected host and tls hosts
@ -93,7 +95,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
annotations.update(self.controller.outpost.config.kubernetes_ingress_annotations)
return annotations
def get_reference_object(self) -> NetworkingV1beta1Ingress:
def get_reference_object(self) -> V1Ingress:
"""Get deployment object for outpost"""
meta = self.get_object_meta(
name=self.name,
@ -112,31 +114,37 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
ProxyMode.FORWARD_SINGLE,
ProxyMode.FORWARD_DOMAIN,
]:
rule = NetworkingV1beta1IngressRule(
rule = V1IngressRule(
host=external_host_name.hostname,
http=NetworkingV1beta1HTTPIngressRuleValue(
http=V1HTTPIngressRuleValue(
paths=[
NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend(
service_name=self.name,
service_port="http",
V1HTTPIngressPath(
backend=V1IngressBackend(
service=V1IngressServiceBackend(
name=self.name,
port=V1ServiceBackendPort(name="http"),
),
),
path="/akprox",
path_type="ImplementationSpecific",
)
]
),
)
else:
rule = NetworkingV1beta1IngressRule(
rule = V1IngressRule(
host=external_host_name.hostname,
http=NetworkingV1beta1HTTPIngressRuleValue(
http=V1HTTPIngressRuleValue(
paths=[
NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend(
service_name=self.name,
service_port="http",
V1HTTPIngressPath(
backend=V1IngressBackend(
service=V1IngressServiceBackend(
name=self.name,
port=V1ServiceBackendPort(name="http"),
),
),
path="/",
path_type="ImplementationSpecific",
)
]
),
@ -144,16 +152,16 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
rules.append(rule)
tls_config = None
if tls_hosts:
tls_config = NetworkingV1beta1IngressTLS(
tls_config = V1IngressTLS(
hosts=tls_hosts,
secret_name=self.controller.outpost.config.kubernetes_ingress_secret_name,
)
return NetworkingV1beta1Ingress(
return V1Ingress(
metadata=meta,
spec=NetworkingV1beta1IngressSpec(rules=rules, tls=[tls_config]),
spec=V1IngressSpec(rules=rules, tls=[tls_config]),
)
def create(self, reference: NetworkingV1beta1Ingress):
def create(self, reference: V1Ingress):
if len(reference.spec.rules) < 1:
self.logger.debug("No hosts defined, not creating ingress.")
return None
@ -161,13 +169,13 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
self.namespace, reference, field_manager=FIELD_MANAGER
)
def delete(self, reference: NetworkingV1beta1Ingress):
def delete(self, reference: V1Ingress):
return self.api.delete_namespaced_ingress(reference.metadata.name, self.namespace)
def retrieve(self) -> NetworkingV1beta1Ingress:
def retrieve(self) -> V1Ingress:
return self.api.read_namespaced_ingress(self.name, self.namespace)
def update(self, current: NetworkingV1beta1Ingress, reference: NetworkingV1beta1Ingress):
def update(self, current: V1Ingress, reference: V1Ingress):
return self.api.patch_namespaced_ingress(
current.metadata.name,
self.namespace,