Aaron Riedel
afc55a389d
All checks were successful
ci/woodpecker/push/dashboard Pipeline was successful
124 lines
3.2 KiB
YAML
124 lines
3.2 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: authentik
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: authentik-outpost
|
|
namespace: authentik
|
|
labels:
|
|
app.kubernetes.io/instance: yolokube-proxy
|
|
app.kubernetes.io/managed-by: goauthentik.io
|
|
app.kubernetes.io/name: authentik-proxy
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 9000
|
|
protocol: TCP
|
|
targetPort: http
|
|
- name: https
|
|
port: 9443
|
|
protocol: TCP
|
|
targetPort: https
|
|
type: ClusterIP
|
|
selector:
|
|
app.kubernetes.io/managed-by: goauthentik.io
|
|
app.kubernetes.io/instance: yolokube-proxy
|
|
app.kubernetes.io/name: authentik-proxy
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
kubernetes.io/tls-acme: "true"
|
|
name: authentik-ingress
|
|
namespace: authentik
|
|
spec:
|
|
rules:
|
|
- host: "sso.services.yolokube.de"
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: authentik-outpost
|
|
port:
|
|
number: 9000
|
|
tls:
|
|
- hosts:
|
|
- sso.services.yolokube.de
|
|
secretName: authentik-tls-key
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: authentik-outpost
|
|
namespace: authentik
|
|
labels:
|
|
app.kubernetes.io/instance: yolokube-proxy
|
|
app.kubernetes.io/managed-by: goauthentik.io
|
|
app.kubernetes.io/name: authentik-proxy
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: yolokube-proxy
|
|
app.kubernetes.io/managed-by: goauthentik.io
|
|
app.kubernetes.io/name: authentik-proxy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: yolokube-proxy
|
|
app.kubernetes.io/managed-by: goauthentik.io
|
|
app.kubernetes.io/name: authentik-proxy
|
|
spec:
|
|
containers:
|
|
- env:
|
|
- name: AUTHENTIK_HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: authentik_host
|
|
name: authentik-outpost-api
|
|
- name: AUTHENTIK_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: token
|
|
name: authentik-outpost-api
|
|
- name: AUTHENTIK_INSECURE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: authentik_host_insecure
|
|
name: authentik-outpost-api
|
|
image: ghcr.io/goauthentik/proxy:2024.8.3
|
|
name: proxy
|
|
ports:
|
|
- containerPort: 9000
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 9443
|
|
name: https
|
|
protocol: TCP
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: authentik
|
|
namespace: authentik
|
|
spec:
|
|
forwardAuth:
|
|
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-meta-version
|