diff --git a/authentik/outposts/controllers/base.py b/authentik/outposts/controllers/base.py index 33b2acaa0..4777a61d0 100644 --- a/authentik/outposts/controllers/base.py +++ b/authentik/outposts/controllers/base.py @@ -1,5 +1,6 @@ """Base Controller""" from dataclasses import dataclass +from typing import Optional from structlog.stdlib import get_logger from structlog.testing import capture_logs @@ -23,6 +24,7 @@ class DeploymentPort: port: int name: str protocol: str + inner_port: Optional[int] = None class BaseController: diff --git a/authentik/outposts/controllers/docker.py b/authentik/outposts/controllers/docker.py index 74bc288b6..d3f8bd386 100644 --- a/authentik/outposts/controllers/docker.py +++ b/authentik/outposts/controllers/docker.py @@ -66,7 +66,7 @@ class DockerController(BaseController): "name": f"authentik-proxy-{self.outpost.uuid.hex}", "detach": True, "ports": { - f"{port.port}/{port.protocol.lower()}": port.port + f"{port.port}/{port.protocol.lower()}": port.inner_port or port.port for port in self.deployment_ports }, "environment": self._get_env(), @@ -141,7 +141,7 @@ class DockerController(BaseController): def get_static_deployment(self) -> str: """Generate docker-compose yaml for proxy, version 3.5""" ports = [ - f"{port.port}:{port.port}/{port.protocol.lower()}" + f"{port.port}:{port.inner_port or port.port}/{port.protocol.lower()}" for port in self.deployment_ports ] image_name = self.get_container_image() diff --git a/authentik/outposts/controllers/k8s/deployment.py b/authentik/outposts/controllers/k8s/deployment.py index 420e87deb..8c75118af 100644 --- a/authentik/outposts/controllers/k8s/deployment.py +++ b/authentik/outposts/controllers/k8s/deployment.py @@ -62,7 +62,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]): for port in self.controller.deployment_ports: container_ports.append( V1ContainerPort( - container_port=port.port, + container_port=port.inner_port or port.port, name=port.name, protocol=port.protocol.upper(), ) @@ -105,7 +105,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]): name="AUTHENTIK_INSECURE", value_from=V1EnvVarSource( secret_key_ref=V1SecretKeySelector( - name=secret_name, + name=self.name, key="authentik_host_insecure", ) ), diff --git a/authentik/outposts/controllers/k8s/service.py b/authentik/outposts/controllers/k8s/service.py index 886512796..b076de161 100644 --- a/authentik/outposts/controllers/k8s/service.py +++ b/authentik/outposts/controllers/k8s/service.py @@ -39,7 +39,7 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]): name=port.name, port=port.port, protocol=port.protocol.upper(), - target_port=port.port, + target_port=port.inner_port or port.port, ) ) selector_labels = DeploymentReconciler(self.controller).get_pod_meta() diff --git a/authentik/providers/ldap/controllers/docker.py b/authentik/providers/ldap/controllers/docker.py index f2d93e93d..0819c6a58 100644 --- a/authentik/providers/ldap/controllers/docker.py +++ b/authentik/providers/ldap/controllers/docker.py @@ -10,5 +10,5 @@ class LDAPDockerController(DockerController): def __init__(self, outpost: Outpost, connection: DockerServiceConnection): super().__init__(outpost, connection) self.deployment_ports = [ - DeploymentPort(3389, "ldap", "tcp"), + DeploymentPort(389, "ldap", "tcp", 3389), ] diff --git a/authentik/providers/ldap/controllers/kubernetes.py b/authentik/providers/ldap/controllers/kubernetes.py index 924f9bf9b..4c5176d9c 100644 --- a/authentik/providers/ldap/controllers/kubernetes.py +++ b/authentik/providers/ldap/controllers/kubernetes.py @@ -10,5 +10,5 @@ class LDAPKubernetesController(KubernetesController): def __init__(self, outpost: Outpost, connection: KubernetesServiceConnection): super().__init__(outpost, connection) self.deployment_ports = [ - DeploymentPort(3389, "ldap", "tcp"), + DeploymentPort(389, "ldap", "tcp", 3389), ]