outposts: Enhance config options for k8s outposts #7363
Conversation
✅ Deploy Preview for authentik-storybook canceled.
|
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7363 +/- ##
==========================================
+ Coverage 92.62% 92.65% +0.03%
==========================================
Files 588 588
Lines 29141 29143 +2
==========================================
+ Hits 26991 27002 +11
+ Misses 2150 2141 -9
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
BeryJu
changed the title
There was a problem hiding this comment.
The bugfixes for TLS and service type make sense, but for the other options kubernetes_json_patches should be used, we don't want to add specific config options for every single K8s option; see #5908 (comment)
This shall rather be configured using `kubernetes_json_patch` introduced with goauthentik#6319
|
I have removed the IP family configuration options in favor of |
|
I was not able to find examples in the documentation for the |
@PKizzle It should probably link to something like https://github.com/kubernetes-sigs/kustomize/blob/master/examples/jsonpatch.md which better demos how the JSON patches work (also feel free to add examples to the config if you want to) |
|
I will update the documentation in another PR. |
|
@BeryJu Is there anything I should change in this PR before it can get merged? |
* main: (31 commits) root: support redis username (#8935) core: bump black from 24.2.0 to 24.3.0 (#8945) web: bump the wdio group in /tests/wdio with 2 updates (#8939) web: bump the sentry group in /web with 1 update (#8941) website: bump postcss from 8.4.35 to 8.4.36 in /website (#8940) core: bump twilio from 9.0.1 to 9.0.2 (#8942) core: bump ruff from 0.3.2 to 0.3.3 (#8943) events: discard notification if user has empty email (#8938) ci: always run ci-main on branch pushes (#8950) core: bump goauthentik.io/api/v3 from 3.2024022.2 to 3.2024022.3 (#8946) website/docs: add new name "Microsft Entra ID" for Azure AD (#8930) outposts: Enhance config options for k8s outposts (#7363) website/docs: add link to CRUD docs (#8925) web: bump API Client version (#8927) outpost: improved set secret answers for flow execution (#8013) stages/user_write: ensure user data is json-serializable (#8926) website/docs: update example ldapsearch commands (#8906) admin: Handle latest version unknown in admin dashboard (#8858) core: bump coverage from 7.4.3 to 7.4.4 (#8917) core: bump urllib3 from 1.26.18 to 2.2.1 (#8918) ...
Details
Now by leaving
kubernetes_ingress_secret_nameempty no TLS section will be added to the ingress.This is useful for ingress configurations where a default TLS secret is used if none is specified.
Additionally,kubernetes_service_ip_family_policyandkubernetes_service_ip_familiesadd more detailed control over the created service i.e. when running Authentik in a dual-stack k8s cluster setup.Todo