Open davidfrickert opened 2 months ago
Sample terraform file for testing (token needs to be replaced) Deploy as is to test that LDAP outpost does not become healthy, uncomment last lines to add dummy application and check that outpost becomes healthy.
terraform {
required_providers {
authentik = {
source = "goauthentik/authentik"
version = "2024.4.0"
}
}
}
provider "authentik" {
url = "https://authentik.127.0.0.1.sslip.io"
token = "REPLACEME"
insecure = true
}
data "authentik_flow" "default-authentication-flow" {
slug = "default-authentication-flow"
}
resource "authentik_service_connection_kubernetes" "local" {
name = "local"
local = true
}
resource "authentik_provider_ldap" "default" {
name = "authentik-ldap-provider"
base_dn = "dc=example,dc=com"
bind_flow = data.authentik_flow.default-authentication-flow.id
}
resource "authentik_outpost" "outpost-ldap" {
name = "ldap"
type = "ldap"
service_connection = authentik_service_connection_kubernetes.local.id
config = jsonencode({
"log_level": "info",
"authentik_host": "http://authentik-server.keycloak-iam.svc.cluster.local",
"docker_map_ports": true,
"kubernetes_replicas": 1,
"kubernetes_namespace": "keycloak-iam",
"authentik_host_browser": "",
"object_naming_template": "ak-outpost-%(name)s",
"authentik_host_insecure": false,
"kubernetes_service_type": "ClusterIP",
"kubernetes_image_pull_secrets": [],
"kubernetes_disabled_components": [],
"kubernetes_ingress_annotations": {},
"kubernetes_ingress_secret_name": "authentik-outpost-tls"
})
protocol_providers = [
authentik_provider_ldap.default.id
]
}
# for some reason the LDAP outpost won't start without an app configured to use it...?
# resource "authentik_application" "dummy-ldap" {
# name = "dummy-ldap"
# slug = "dummy-ldap"
# protocol_provider = authentik_provider_ldap.default.id
# }
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe the bug LDAP Outpost will refuse to start until an Application is created that uses it. This is a bit strange, is it intended? The logs do not imply that an application is required so it makes it kind of confusing to understand what is happening, but it does start working once an Application is created.
To Reproduce Steps to reproduce the behavior:
Expected behavior LDAP outpost starts without an application configured in Authentik to use it.
Screenshots Not necessary.
Logs
Before creating application - LDAP outpost container refuses to start:
After application created - starts OK:
Version and Deployment (please complete the following information):
Additional context N/A