k8s outpost integration: _ in outpost name breaks deployment

[RaicuRobert]

Describe the bug
When deploying an outpost in a k8s environment using blueprints via helm, the deployments, secrets and other components are not created.

To Reproduce
Steps to reproduce the behavior:

1. Create an outpost blueprint of the form

# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json

context: {}
entries:
  - model: authentik_blueprints.metaapplyblueprint
    attrs:
      identifiers:
        name: ldap-provider-blueprint
      required: true

  - attrs:
      type: ldap
      providers: 
        - !KeyOf ldap-provider
      service_connection: !Find [authentik_outposts.kubernetesserviceconnection, [name, "Local Kubernetes Cluster"]]
      config:
        log_level: info
        authentik_host: http://authentik.example.com/ # Assume the host is correct
        refresh_interval: minutes=5
        kubernetes_replicas: 1
        kubernetes_namespace: authentik
        authentik_host_browser: ""
        object_naming_template: ak-outpost-%(name)s
        authentik_host_insecure: false
        kubernetes_json_patches: null
        kubernetes_service_type: ClusterIP
        kubernetes_ingress_class_name: null
        kubernetes_disabled_components: []
        kubernetes_ingress_annotations: {}
        kubernetes_ingress_secret_name: authentik-outpost-tls
    model: authentik_outposts.outpost
    id: ldap-outpost
    identifiers:
      name: ldap_outpost
    permissions: []
    conditions: []
    state: present

metadata:
  name: LDAP Outpost
version: 1

2. Add it to a config map
3. Register it in the helm file
4. Check for secrets and pods
5. Observe that there are no "ak-outpost-<>" resources

Expected behavior
k8s deployment of the outpost should happen

Screenshots
Consider these two outpost the see logs:

• ldap_outpost: the one in the blueprint
• test: manually created (sorry for the naming)
  

Logs
The outpost created with the blueprint has no k8s resources deployed, even if it is has a service_connection to k8s

$ kubectl -n authentik get secrets
NAME                                            TYPE                       DATA   AGE
ak-outpost-test                                 Opaque                     4      74m
authentik-1735598614                            Opaque                     18     6d1h

$ kubectl -n authentik get pods
NAME                                           READY   STATUS    RESTARTS   AGE
ak-outpost-test-f99b75976-jkbjq                1/1     Running   0          78m
authentik-1735598614-redis-master-0            1/1     Running   0          6d1h
authentik-1735598614-server-576f96f7f5-2d2ln   1/1     Running   0          45h
authentik-1735598614-worker-6f5df697f9-x295q   1/1     Running   0          19h

$ kubectl -n authentik get deployments
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
ak-outpost-test               1/1     1            1           79m
authentik-1735598614-server   1/1     1            1           6d1h
authentik-1735598614-worker   1/1     1            1           6d1h

Version and Deployment (please complete the following information):

• authentik version: v2024.12.1
• Deployment: helm

Additional context
Add any other context about the problem here.

[rissson]

Could you look in the admin interface, in Dashboard > System tasks, if you have a failed deployment task. It should look like this:

[RaicuRobert]

<html>
<body>
<!--StartFragment-->
Traceback (most recent call last): File "/authentik/outposts/tasks.py", line 153, in outpost_controller logs = getattr(controller, f"{action}_with_logs")() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/authentik/outposts/controllers/kubernetes.py", line 112, in up_with_logs raise ControllerException(str(exc)) from exc authentik.outposts.controllers.base.ControllerException: (422) Reason: Unprocessable Entity HTTP response headers: HTTPHeaderDict({'Audit-Id': '1294919c-daee-4bf0-a274-fd46ca48a520', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': 'db51198e-ee5f-42b2-bb90-b594d20affbf', 'X-Kubernetes-Pf-Prioritylevel-Uid': '1687c46b-5bc7-4244-a41d-1d9615bec865', 'Date': 'Mon, 06 Jan 2025 12:27:00 GMT', 'Content-Length': '934'}) HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Secret \"ak-outpost-ldap_outpost\" is invalid: metadata.name: Invalid value: \"ak-outpost-ldap_outpost\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')","reason":"Invalid","details":{"name":"ak-outpost-ldap_outpost","kind":"Secret","causes":[{"reason":"FieldValueInvalid","message":"Invalid value: \"ak-outpost-ldap_outpost\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')","field":"metadata.name"}]},"code":422}
--


<!--EndFragment-->
</body>
</html>

I don't know how I did not see this before but it seems that in a k8s env, naming the outpost sith a "_" character breaks the creation of the secret.

It worked after renaming "ldap_outpost" to "ldap-outpost"