outposts: support json patch for Kubernetes#6319
Conversation
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #6319 +/- ##
==========================================
- Coverage 92.50% 92.50% -0.00%
==========================================
Files 560 560
Lines 26939 26993 +54
==========================================
+ Hits 24917 24966 +49
- Misses 2022 2027 +5
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
d04bbb6 to
2c3c4af
Compare
|
@ChandonPierre thanks for the PR! I made quite a few changes with b0617d0 (what was supposed to be a small commit), lmk if you'd change anything about that commit |
The overall structure makes sense - I prefer this approach - Thanks for the refactor! I think there were some regressions introduced (tests are failing) I will try to look into it |
test patch on create and update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
this was supposed to be a small change but turned out to rework quite a few things basically use the same keys as `kubernetes_disabled_components` to allow patches for all kinds of different objects, since people might want to patch the service or secret or something else, idk also moves all of the patching logic to the base reconciler Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
a8aac5e to
6fd8c50
Compare
* main: web/admin: hide pagination when no data is loaded yet (#6353) web/admin: adjust style of page header (#6355) root: set csrf cookie's secure flag same as session (#6350) outposts: Fix infinite self-recursion in traefik reconciler. (#6336) outposts: fix patch processing (#6338) web: bump API Client version (#6351) Updates for file web/xliff/en.xlf in zh_CN on branch main (#6340) Updates for file web/xliff/en.xlf in zh-Hans on branch main (#6341) enterprise: fix license check not using DER as spec specifies (#6348) core: bump goauthentik.io/api/v3 from 3.2023061.3 to 3.2023061.4 (#6342) core: bump drf-spectacular from 0.26.3 to 0.26.4 (#6343) core: bump ruff from 0.0.278 to 0.0.280 (#6344) website: bump postcss from 8.4.26 to 8.4.27 in /website (#6345) web: bump @esbuild/linux-arm64 from 0.18.15 to 0.18.16 in /web (#6347) web: bump @esbuild/darwin-arm64 from 0.18.15 to 0.18.16 in /web (#6346) outposts: support json patch for Kubernetes (#6319) providers/oauth2: fix grant_type password raising an exception (#6333) web: bump API Client version (#6331) enterprise: cleanup v2 (#6330) web: bump prettier from 2.8.8 to 3.0.0 in /web (#6329)
|
Is there an example of using this in the web ui anywhere? I've been trying to get it to work but cannot seem to get any patches to apply |
here's a snippet I just copied from my web ui check the worker container logs if it's not applying |
|
Thanks, that appears to work, is it possible to patch the service though? It seems to just not create the service when I do anything to it in the patches |
It should work, it's possible the patched spec is getting rejected by the api server - the worker container logs should reflect this |
|
Wierd, I'm trying to use this... kubernetes_json_patches: and it isn't showing anything in the logs on either the worker or server, but the service never gets created when I reference it that way |
Outpost is |
|
Yes, I changed it to LoadBalancer and am attempting to configure the metallb annotation to allow sharing of the ip, but so far no luck getting the patch to apply |
|
kubernetes_json_patches: Here's another attempt that seems to fail to create it, but I still am not seeing anything in the logs |
This shall rather be configured using `kubernetes_json_patch` introduced with goauthentik#6319
* Allow specifying the service's ipFamilyPolicy and ipFamilies * Add documentation * Only create k8s TLS Ingress config if secretName is set * Fix linter issues. * Fix wrong attributes * Remove IP family configuration option This shall rather be configured using `kubernetes_json_patch` introduced with #6319 * Add test for k8s service reconciler * Fix linter issues
Details
Resolves Support customizing kubernetes objects created by managed outposts #5908
Changes
New Features
kubernetes_json_patchoutpost config option.nodeAffinity,tolerations,resources, etcBreaking Changes
Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been made
make web)make i18n-extract)If applicable
make website)