7ea721c487
* root: move database calls from ready() to dedicated startup signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimise gunicorn startup to only do DB code in one worker Signed-off-by: Jens Langhammer <jens@goauthentik.io> * always use 2 workers in compose Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send startup signals for test runner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove k8s import that isn't really needed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ci: bump nested actions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix @reconcile_app not triggering reconcile due to changed functions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * connect startup with uid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust some log levels Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove internal healthcheck we didn't really use it to do anything, and we shouldn't have to since the live/ready probes are handled by django anyways and so the container runtime will restart the server if needed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add setproctitle for gunicorn and celery process titles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * configure structlog early to use it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Revert "configure structlog early to use it" This reverts commit 16778fdbbca0f5c474d376c2f85c6f8032c06044. * Revert "adjust some log levels" This reverts commit a129f7ab6aecf27f1206aea1ad8384ce897b74ad. Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # authentik/root/settings.py * optimize startup to not spawn a bunch of one-off processes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * idk why this shows up Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
63 lines
2.1 KiB
Python
63 lines
2.1 KiB
Python
"""authentik outposts app config"""
|
|
|
|
from prometheus_client import Gauge
|
|
from structlog.stdlib import get_logger
|
|
|
|
from authentik.blueprints.apps import ManagedAppConfig
|
|
from authentik.lib.config import CONFIG
|
|
|
|
LOGGER = get_logger()
|
|
|
|
GAUGE_OUTPOSTS_CONNECTED = Gauge(
|
|
"authentik_outposts_connected",
|
|
"Currently connected outposts",
|
|
["tenant", "outpost", "uid", "expected"],
|
|
)
|
|
GAUGE_OUTPOSTS_LAST_UPDATE = Gauge(
|
|
"authentik_outposts_last_update",
|
|
"Last update from any outpost",
|
|
["tenant", "outpost", "uid", "version"],
|
|
)
|
|
MANAGED_OUTPOST = "goauthentik.io/outposts/embedded"
|
|
MANAGED_OUTPOST_NAME = "authentik Embedded Outpost"
|
|
|
|
|
|
class AuthentikOutpostConfig(ManagedAppConfig):
|
|
"""authentik outposts app config"""
|
|
|
|
name = "authentik.outposts"
|
|
label = "authentik_outposts"
|
|
verbose_name = "authentik Outpost"
|
|
default = True
|
|
|
|
@ManagedAppConfig.reconcile_tenant
|
|
def embedded_outpost(self):
|
|
"""Ensure embedded outpost"""
|
|
from authentik.outposts.models import (
|
|
DockerServiceConnection,
|
|
KubernetesServiceConnection,
|
|
Outpost,
|
|
OutpostType,
|
|
)
|
|
|
|
if not CONFIG.get_bool("outposts.disable_embedded_outpost", False):
|
|
if outpost := Outpost.objects.filter(name=MANAGED_OUTPOST_NAME, managed="").first():
|
|
outpost.managed = MANAGED_OUTPOST
|
|
outpost.save()
|
|
return
|
|
outpost, created = Outpost.objects.update_or_create(
|
|
defaults={
|
|
"type": OutpostType.PROXY,
|
|
"name": MANAGED_OUTPOST_NAME,
|
|
},
|
|
managed=MANAGED_OUTPOST,
|
|
)
|
|
if created:
|
|
if KubernetesServiceConnection.objects.exists():
|
|
outpost.service_connection = KubernetesServiceConnection.objects.first()
|
|
elif DockerServiceConnection.objects.exists():
|
|
outpost.service_connection = DockerServiceConnection.objects.first()
|
|
outpost.save()
|
|
else:
|
|
Outpost.objects.filter(managed=MANAGED_OUTPOST).delete()
|