core-deployments/authentik/manifest.yaml

127 lines
3.2 KiB
YAML
Raw Normal View History

2024-10-07 09:19:39 +02:00
---
2024-09-04 22:11:06 +02:00
apiVersion: v1
kind: Namespace
metadata:
name: authentik
---
apiVersion: v1
kind: Service
metadata:
name: authentik-outpost
namespace: authentik
labels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
spec:
ports:
- name: http
port: 9000
protocol: TCP
targetPort: http
- name: https
port: 9443
protocol: TCP
targetPort: https
type: ClusterIP
selector:
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/name: authentik-proxy
---
2024-09-29 13:54:21 +02:00
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: authentik-ingress
namespace: authentik
spec:
rules:
2024-10-07 09:19:39 +02:00
- host: "sso.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: authentik-outpost
port:
number: 9000
2024-09-29 13:54:21 +02:00
tls:
2024-10-07 09:19:39 +02:00
- hosts:
- sso.services.yolokube.de
secretName: authentik-tls-key
2024-09-29 13:54:21 +02:00
---
2024-09-04 22:11:06 +02:00
apiVersion: apps/v1
kind: Deployment
metadata:
name: authentik-outpost
namespace: authentik
labels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
spec:
selector:
matchLabels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
template:
metadata:
labels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
spec:
containers:
- env:
2024-10-07 09:19:39 +02:00
- name: AUTHENTIK_HOST
valueFrom:
secretKeyRef:
key: authentik_host
name: authentik-outpost-api
- name: AUTHENTIK_TOKEN
valueFrom:
secretKeyRef:
key: token
name: authentik-outpost-api
- name: AUTHENTIK_INSECURE
valueFrom:
secretKeyRef:
key: authentik_host_insecure
name: authentik-outpost-api
image: ghcr.io/goauthentik/proxy:2024.10.4
2024-09-04 22:11:06 +02:00
name: proxy
ports:
- containerPort: 9000
name: http
protocol: TCP
- containerPort: 9443
name: https
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
2024-10-07 09:19:39 +02:00
name: authentik
namespace: authentik
2024-09-04 22:11:06 +02:00
spec:
2024-10-07 09:19:39 +02:00
forwardAuth:
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-grafana-role
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version