2021-11-12 21:57:19 +00:00
|
|
|
Create a new ingress for the outpost
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
apiVersion: networking.k8s.io/v1beta1
|
|
|
|
|
kind: Ingress
|
|
|
|
|
metadata:
|
|
|
|
|
name: authentik-outpost
|
|
|
|
|
spec:
|
|
|
|
|
rules:
|
2021-11-26 12:29:38 +00:00
|
|
|
- host: app.company
|
2021-11-12 21:57:19 +00:00
|
|
|
http:
|
|
|
|
|
paths:
|
|
|
|
|
- backend:
|
2021-11-26 13:08:45 +00:00
|
|
|
# Or, to use an external Outpost, create an ExternalName service and reference that here.
|
|
|
|
|
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
|
|
|
|
|
serviceName: ak-outpost-example-outpost
|
2021-11-12 21:57:19 +00:00
|
|
|
servicePort: 9000
|
2022-02-16 09:19:33 +00:00
|
|
|
path: /outpost.goauthentik.io
|
2021-11-12 21:57:19 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
This ingress handles authentication requests, and the sign-in flow.
|
|
|
|
|
|
|
|
|
|
Add these annotations to the ingress you want to protect
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
metadata:
|
|
|
|
|
annotations:
|
2022-02-12 17:06:04 +00:00
|
|
|
nginx.ingress.kubernetes.io/auth-url: |-
|
2022-02-16 09:19:33 +00:00
|
|
|
http://outpost.company:9000/outpost.goauthentik.io/auth/nginx
|
2022-02-12 17:14:14 +00:00
|
|
|
# If you're using domain-level auth, use the authentication URL instead of the application URL
|
2022-02-12 17:06:04 +00:00
|
|
|
nginx.ingress.kubernetes.io/auth-signin: |-
|
2022-02-16 09:19:33 +00:00
|
|
|
https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
|
2022-02-12 17:06:04 +00:00
|
|
|
nginx.ingress.kubernetes.io/auth-response-headers: |-
|
2021-11-26 12:29:38 +00:00
|
|
|
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
|
2022-02-13 13:48:47 +00:00
|
|
|
nginx.ingress.kubernetes.io/auth-snippet: |
|
|
|
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
2021-11-12 21:57:19 +00:00
|
|
|
```
|
