Skip to content

outposts: add support for gateway API#13272

Merged
rissson merged 6 commits intomainfrom
outposts-gateway-api
Apr 23, 2025
Merged

outposts: add support for gateway API#13272
rissson merged 6 commits intomainfrom
outposts-gateway-api

Conversation

@rissson
Copy link
Member

@rissson rissson commented Feb 26, 2025
edited
Loading

Details

Closes #14070

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@rissson
wip
6d9931f 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@netlify
Copy link

netlify bot commented Feb 26, 2025
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 875decb
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/68090c2c9da8a70008a83934
😎 Deploy Preview https://deploy-preview-13272--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify
Copy link

netlify bot commented Feb 26, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 875decb
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/68090c2c32b52c000839b319

@rissson rissson mentioned this pull request Apr 15, 2025
Closed
rissson added 4 commits April 23, 2025 16:03
@rissson
Merge branch 'main' into outposts-gateway-api
0eb5ef2
@rissson
only httproute
fe773b1 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson
fixup
7d1d0e2 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson
lint
9325a51 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@codecov
Copy link

codecov bot commented Apr 23, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 75.43860% with 28 lines in your changes missing coverage. Please review.

Project coverage is 92.74%. Comparing base (78cfb50) to head (875decb).
Report is 8 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...entik/providers/proxy/controllers/k8s/httproute.py 74.31% 28 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #13272      +/-   ##
==========================================
- Coverage   92.75%   92.74%   -0.01%     
==========================================
  Files         808      809       +1     
  Lines       41419    41533     +114     
==========================================
+ Hits        38418    38521     +103     
- Misses       3001     3012      +11
Flag Coverage Δ
e2e 47.85% <64.03%> (+0.12%) ⬆️
integration 24.39% <75.43%> (+0.14%) ⬆️
unit 90.55% <64.03%> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@rissson
fixup
875decb 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson rissson marked this pull request as ready for review April 23, 2025 15:50
@rissson rissson requested a review from a team as a code owner April 23, 2025 15:50
@rissson
Copy link
Member Author

rissson commented Apr 23, 2025

Tested and is working fine. Integration tests not really possible due to using custom CRDs.

BeryJu
BeryJu approved these changes Apr 23, 2025
View reviewed changes
Copy link
Member

@BeryJu BeryJu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need some logic so only either this or ingress runs?

authentik/providers/proxy/controllers/k8s/httproute.py


@dataclass(slots=True)
class RouteBackendRef:
Copy link
Member

@BeryJu BeryJu Apr 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming none of these have classes in the Kubernetes API client?

Copy link
Member Author

@rissson rissson Apr 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They unfortunately don't, or I would've loved to use them. In the future, they'll probably get added and we can use them at that point

@rissson
Copy link
Member Author

rissson commented Apr 23, 2025

things tested manually:

  • does not change an existing outpost that has a k8s integration (i.e. no additional resources are created without user intervention)
  • once parentRefs are set in the configuration (which is the manual change mentioned above), the httproute is indeed created on the cluster with the correct configuration (tested as well)
  • adding/removing providers from the outpost correctly changes the httproute
  • deleting the outpost deletes the httproute

@github-actions
Copy link
Contributor

github-actions bot commented Apr 23, 2025
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-875decbf1b332a0d7baeadb831a32c7febceffc2
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-875decbf1b332a0d7baeadb831a32c7febceffc2

Afterwards, run the upgrade commands from the latest release notes.

@rissson
Copy link
Member Author

rissson commented Apr 23, 2025

Does this need some logic so only either this or ingress runs?

No, because this resource needs kubernetes_httproute_parent_refs to be set to a non-empty list for the httproute to be created. At which point, we can specify in the documentation (upcoming PR) that when using HTTPRoute, ingress should be added to kubernetes_disabled_components

@rissson rissson enabled auto-merge (squash) April 23, 2025 16:10
@rissson rissson merged commit 4580dec into main Apr 23, 2025
89 of 90 checks passed
@rissson rissson deleted the outposts-gateway-api branch April 23, 2025 16:22
kensternberg-authentik added a commit that referenced this pull request Apr 25, 2025
@kensternberg-authentik
Merge branch 'main' into dev
baa64bc 
* main:
  packages/docusaurus-theme: Fix header alignment, overscroll, vertical padding. (#14120)
  outposts: add support for gateway API (#13272)
  translate: Updates for file web/xliff/en.xlf in fr (#14200)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14199)
  website/docs: adds code examples for getting user objects from a group object (#14101)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#14198)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14195)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14197)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#14196)
  website/integrations: mealie add integration (#14188)
  core, web: update translations (#14187)
  core: bump goauthentik.io/api/v3 from 3.2025024.8 to 3.2025024.9 (#14189)
  website/docs: update user object doc (#14132)
  website/docs: dev-docs: style guide: no longer using italic for vars (#14185)
  website/docs: dev docs: style guide: update style conventions for urls (#14184)
  website/integrations: paperless: use <slug>. instead of hardcoded slug value (#14183)
  website/docs: updates style guide code block section (#14088)
  website: components: delete multilinecodeblock src (#14094)
  Revert "policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)" (#14180)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BeryJu BeryJu BeryJu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

FR: HTTPRoute support for Kubernetes integration

2 participants

@rissson @BeryJu