website/docs: add docs for outpost configuration

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-13 23:56:38 +02:00
parent 79508e1965
commit 4e9be85353
4 changed files with 53 additions and 7 deletions

View file

@ -63,7 +63,7 @@ class DockerController(BaseController):
self.client.images.pull(image_name) self.client.images.pull(image_name)
container_args = { container_args = {
"image": image_name, "image": image_name,
"name": f"authentik-proxy-{self.outpost.uuid.hex}", "name": container_name,
"detach": True, "detach": True,
"ports": { "ports": {
f"{port.port}/{port.protocol.lower()}": port.inner_port or port.port f"{port.port}/{port.protocol.lower()}": port.inner_port or port.port

View file

@ -50,6 +50,8 @@ class ServiceConnectionInvalid(SentryIgnoredException):
class OutpostConfig: class OutpostConfig:
"""Configuration an outpost uses to configure it self""" """Configuration an outpost uses to configure it self"""
# update website/docs/outposts/outposts.md
authentik_host: str authentik_host: str
authentik_host_insecure: bool = False authentik_host_insecure: bool = False

View file

@ -131,13 +131,16 @@ export class OutpostForm extends ModelForm<Outpost, string> {
label=${t`Configuration`} label=${t`Configuration`}
name="config"> name="config">
<ak-codemirror mode="yaml" value="${until(new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesDefaultSettingsRetrieve().then(config => { <ak-codemirror mode="yaml" value="${until(new OutpostsApi(DEFAULT_CONFIG).outpostsInstancesDefaultSettingsRetrieve().then(config => {
let fc = config.config; let fc = config.config;
if (this.instance) { if (this.instance) {
fc = this.instance.config; fc = this.instance.config;
} }
return YAML.stringify(fc); return YAML.stringify(fc);
}))}"></ak-codemirror> }))}"></ak-codemirror>
<p class="pf-c-form__helper-text">${t`Set custom attributes using YAML or JSON.`}</p> <p class="pf-c-form__helper-text">${t`Set custom attributes using YAML or JSON.`}</p>
<p class="pf-c-form__helper-text">
See <a target="_blank" href="https://goauthentik.io/docs/outposts/outposts#configuration">documentation</a>.
</p>
</ak-form-element-horizontal> </ak-form-element-horizontal>
</form>`; </form>`;
} }

View file

@ -19,3 +19,44 @@ To deploy an outpost manually, see:
- [Kubernetes](./manual-deploy-kubernetes.md) - [Kubernetes](./manual-deploy-kubernetes.md)
- [docker-compose](./manual-deploy-docker-compose.md) - [docker-compose](./manual-deploy-docker-compose.md)
## Configuration
Outposts fetch their configuration from authentik. Below are all the options you can set, and how they influence the outpost.
```yaml
# Log level that the outpost will set
log_level: debug
# Enable/disable error reporting for the outpost, based on the authentik settings
error_reporting_enabled: true
error_reporting_environment: beryjuorg-prod
########################################
# The settings below are only relevant when using a managed outpost
########################################
# URL that the outpost uses to connect back to authentik
authentik_host: https://authentik.tld/
# Disable SSL Validation for the authentik connection
authentik_host_insecure: false
# Template used for objects created (deployments, services, secrets, etc)
object_naming_template: ak-outpost-%(name)s
########################################
# Kubernetes outpost specific settings
########################################
# Replica count for the deployment of the outpost
kubernetes_replicas: 1
# Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available)
kubernetes_namespace: authentik
# Any additional annotations to add to the ingress object, for example cert-manager
kubernetes_ingress_annotations: {}
# Name of the secret that is used for TLS connections
kubernetes_ingress_secret_name: authentik-outpost-tls
# Service kind created, can be set to LoadBalancer for LDAP outposts for example
kubernetes_service_type: ClusterIP
# Disable any components of the kubernetes integration, can be any of
# - 'secret'
# - 'deployment'
# - 'service'
# - 'ingress'
# - 'traefik middleware'
kubernetes_disabled_components: []
```