core-deployments/authentik/manifest.yaml
Aaron Riedel 2a62797466
All checks were successful
ci/woodpecker/push/dashboard Pipeline was successful
change traefik loglevel
2024-09-10 19:00:52 +02:00

100 lines
2.7 KiB
YAML

apiVersion: v1
kind: Namespace
metadata:
name: authentik
---
apiVersion: v1
kind: Service
metadata:
name: authentik-outpost
namespace: authentik
labels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
spec:
ports:
- name: http
port: 9000
protocol: TCP
targetPort: http
- name: https
port: 9443
protocol: TCP
targetPort: https
type: ClusterIP
selector:
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/name: authentik-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: authentik-outpost
namespace: authentik
labels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
spec:
selector:
matchLabels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
template:
metadata:
labels:
app.kubernetes.io/instance: yolokube-proxy
app.kubernetes.io/managed-by: goauthentik.io
app.kubernetes.io/name: authentik-proxy
spec:
containers:
- env:
- name: AUTHENTIK_HOST
valueFrom:
secretKeyRef:
key: authentik_host
name: authentik-outpost-api
- name: AUTHENTIK_TOKEN
valueFrom:
secretKeyRef:
key: token
name: authentik-outpost-api
- name: AUTHENTIK_INSECURE
valueFrom:
secretKeyRef:
key: authentik_host_insecure
name: authentik-outpost-api
image: ghcr.io/goauthentik/proxy:2024.8.1
name: proxy
ports:
- containerPort: 9000
name: http
protocol: TCP
- containerPort: 9443
name: https
protocol: TCP
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: authentik
namespace: authentik
spec:
forwardAuth:
address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version