From 74f1695d71a7e311c1a8eb9be9f772e55948764d Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Wed, 4 Sep 2024 22:11:06 +0200 Subject: [PATCH] add authentik outpost and middlewear --- authentik/manifest.yaml | 100 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 authentik/manifest.yaml diff --git a/authentik/manifest.yaml b/authentik/manifest.yaml new file mode 100644 index 0000000..ab2b888 --- /dev/null +++ b/authentik/manifest.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: authentik +--- +apiVersion: v1 +kind: Service +metadata: + name: authentik-outpost + namespace: authentik + labels: + app.kubernetes.io/instance: yolokube-proxy + app.kubernetes.io/managed-by: goauthentik.io + app.kubernetes.io/name: authentik-proxy +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: http + - name: https + port: 9443 + protocol: TCP + targetPort: https + type: ClusterIP + selector: + app.kubernetes.io/managed-by: goauthentik.io + app.kubernetes.io/instance: yolokube-proxy + app.kubernetes.io/name: authentik-proxy +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authentik-outpost + namespace: authentik + labels: + app.kubernetes.io/instance: yolokube-proxy + app.kubernetes.io/managed-by: goauthentik.io + app.kubernetes.io/name: authentik-proxy +spec: + selector: + matchLabels: + app.kubernetes.io/instance: yolokube-proxy + app.kubernetes.io/managed-by: goauthentik.io + app.kubernetes.io/name: authentik-proxy + template: + metadata: + labels: + app.kubernetes.io/instance: yolokube-proxy + app.kubernetes.io/managed-by: goauthentik.io + app.kubernetes.io/name: authentik-proxy + spec: + containers: + - env: + - name: AUTHENTIK_HOST + valueFrom: + secretKeyRef: + key: authentik_host + name: authentik-outpost-api + - name: AUTHENTIK_TOKEN + valueFrom: + secretKeyRef: + key: token + name: authentik-outpost-api + - name: AUTHENTIK_INSECURE + valueFrom: + secretKeyRef: + key: authentik_host_insecure + name: authentik-outpost-api + image: ghcr.io/goauthentik/proxy + name: proxy + ports: + - containerPort: 9000 + name: http + protocol: TCP + - containerPort: 9443 + name: https + protocol: TCP +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: authentik + namespace: authentik +spec: + forwardAuth: + address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version