website/docs: add note for which outpost configs apply for which outposts (#3443)
add note for which outpost configs apply for which outposts closes #3427 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
198c940a80
commit
bda218f7fc
|
@ -1,32 +1,7 @@
|
||||||
---
|
|
||||||
title: Overview
|
|
||||||
---
|
|
||||||
|
|
||||||
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
|
|
||||||
|
|
||||||
![](outposts.png)
|
|
||||||
|
|
||||||
Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to authentik.
|
|
||||||
|
|
||||||
authentik can manage the deployment, updating and general lifecycle of an Outpost. To communicate with the underlying platforms on which the outpost is deployed, authentik has several built-in integrations.
|
|
||||||
|
|
||||||
- If you've deployed authentik on docker-compose, authentik automatically creates an integration for the local docker socket (See [Docker](./integrations/docker.md)).
|
|
||||||
- If you've deployed authentik on Kubernetes, with `kubernetesIntegration` set to true (default), authentik automatically creates an integrations for the local Kubernetes Cluster (See [Kubernetes](./integrations/kubernetes.md)).
|
|
||||||
|
|
||||||
To deploy an outpost with these integrations, simply select them during the creation of an Outpost. A background task is started, which creates the container/deployment. You can see that Status on the System Tasks page.
|
|
||||||
|
|
||||||
To deploy an outpost manually, see:
|
|
||||||
|
|
||||||
- [Kubernetes](./manual-deploy-kubernetes.md)
|
|
||||||
- [docker-compose](./manual-deploy-docker-compose.md)
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
Outposts fetch their configuration from authentik. Below are all the options you can set, and how they influence the outpost.
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Log level that the outpost will set
|
# Log level that the outpost will set
|
||||||
# Allowed levels: trace, debug, info, warning, error
|
# Allowed levels: trace, debug, info, warning, error
|
||||||
|
# Applies to: non-embedded
|
||||||
log_level: debug
|
log_level: debug
|
||||||
########################################
|
########################################
|
||||||
# The settings below are only relevant when using a managed outpost
|
# The settings below are only relevant when using a managed outpost
|
||||||
|
@ -36,27 +11,33 @@ authentik_host: https://authentik.tld/
|
||||||
# Disable SSL Validation for the authentik connection
|
# Disable SSL Validation for the authentik connection
|
||||||
authentik_host_insecure: false
|
authentik_host_insecure: false
|
||||||
# Optionally specify a different URL used for user-facing interactions
|
# Optionally specify a different URL used for user-facing interactions
|
||||||
|
# Applies to: proxy outposts
|
||||||
authentik_host_browser:
|
authentik_host_browser:
|
||||||
# Template used for objects created (deployments/containers, services, secrets, etc)
|
# Template used for objects created (deployments/containers, services, secrets, etc)
|
||||||
object_naming_template: ak-outpost-%(name)s
|
object_naming_template: ak-outpost-%(name)s
|
||||||
# Use a specific docker image for this outpost rather than the default. This also applies to Kubernetes
|
# Use a specific docker image for this outpost rather than the default. This also applies to Kubernetes
|
||||||
# outposts.
|
# outposts.
|
||||||
|
# Applies to: non-embedded
|
||||||
container_image:
|
container_image:
|
||||||
########################################
|
########################################
|
||||||
# Docker outpost specific settings
|
# Docker outpost specific settings
|
||||||
########################################
|
########################################
|
||||||
# Network the outpost container should be connected to
|
# Network the outpost container should be connected to
|
||||||
|
# Applies to: non-embedded
|
||||||
docker_network: null
|
docker_network: null
|
||||||
# Optionally disable mapping of ports to outpost container, may be useful when using docker networks
|
# Optionally disable mapping of ports to outpost container, may be useful when using docker networks
|
||||||
# (Available with 2021.9.4+)
|
# (Available with 2021.9.4+)
|
||||||
|
# Applies to: non-embedded
|
||||||
docker_map_ports: true
|
docker_map_ports: true
|
||||||
# Optionally additional labels for docker containers
|
# Optionally additional labels for docker containers
|
||||||
# (Available with 2022.1.2)
|
# (Available with 2022.1.2)
|
||||||
|
# Applies to: non-embedded
|
||||||
docker_labels: null
|
docker_labels: null
|
||||||
########################################
|
########################################
|
||||||
# Kubernetes outpost specific settings
|
# Kubernetes outpost specific settings
|
||||||
########################################
|
########################################
|
||||||
# Replica count for the deployment of the outpost
|
# Replica count for the deployment of the outpost
|
||||||
|
# Applies to: non-embedded
|
||||||
kubernetes_replicas: 1
|
kubernetes_replicas: 1
|
||||||
# Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available)
|
# Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available)
|
||||||
kubernetes_namespace: authentik
|
kubernetes_namespace: authentik
|
||||||
|
@ -76,11 +57,6 @@ kubernetes_service_type: ClusterIP
|
||||||
kubernetes_disabled_components: []
|
kubernetes_disabled_components: []
|
||||||
# If the above docker image is in a private repository, use these secrets to pull.
|
# If the above docker image is in a private repository, use these secrets to pull.
|
||||||
# NOTE: The secret must be created manually in the namespace first.
|
# NOTE: The secret must be created manually in the namespace first.
|
||||||
|
# Applies to: non-embedded
|
||||||
kubernetes_image_pull_secrets: []
|
kubernetes_image_pull_secrets: []
|
||||||
```
|
```
|
||||||
|
|
||||||
## Metrics
|
|
||||||
|
|
||||||
Each authentik outpost has a Prometheus metrics endpoint accessible under port `:9300/metrics`. This endpoint is not mapped via docker, as the endpoint doesn't have any authentication.
|
|
||||||
|
|
||||||
For the embedded outpost, the metrics of the outpost and the metrics of the core authentik server are both returned under the same endpoint.
|
|
|
@ -12,15 +12,19 @@ The embedded outpost cannot be disabled, if it doesn't make sense to use it in y
|
||||||
|
|
||||||
### Configuration
|
### Configuration
|
||||||
|
|
||||||
Since the outpost uses OAuth2, there is some configuration required.
|
Since authentik doesn't know it's own "primary" URL, there might be some configuration required.
|
||||||
|
|
||||||
On a fresh authentik install, your Outpost list will look like this:
|
By default, when opening the admin dashboard on a fresh install, authentik will automatically configure the outpost to use the same URL as was used to access authentik.
|
||||||
|
|
||||||
![](./stock.png)
|
If this isn't correct, or needs to be changed, click the edit button on the right of the outpost, and set the value of `authentik_host` to the URL you want to login with.
|
||||||
|
|
||||||
Click the edit button on the right of the column, and set the value of `authentik_host` to the URL you want to login with.
|
|
||||||
Make sure to set it to full URL, only configuring a hostname or FQDN will not work.
|
Make sure to set it to full URL, only configuring a hostname or FQDN will not work.
|
||||||
|
|
||||||
|
Additionally, most of the other configuration options can be used as with any other outpost, except from items which are marked as "non-embedded"
|
||||||
|
|
||||||
|
import Configuration from "../_config.md";
|
||||||
|
|
||||||
|
<Configuration />
|
||||||
|
|
||||||
### Routing
|
### Routing
|
||||||
|
|
||||||
Routing is handled like this:
|
Routing is handled like this:
|
Binary file not shown.
Before Width: | Height: | Size: 23 KiB |
35
website/docs/outposts/index.mdx
Normal file
35
website/docs/outposts/index.mdx
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
title: Overview
|
||||||
|
---
|
||||||
|
|
||||||
|
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
|
||||||
|
|
||||||
|
![](outposts.png)
|
||||||
|
|
||||||
|
Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to authentik.
|
||||||
|
|
||||||
|
authentik can manage the deployment, updating and general lifecycle of an Outpost. To communicate with the underlying platforms on which the outpost is deployed, authentik has several built-in integrations.
|
||||||
|
|
||||||
|
- If you've deployed authentik on docker-compose, authentik automatically creates an integration for the local docker socket (See [Docker](./integrations/docker.md)).
|
||||||
|
- If you've deployed authentik on Kubernetes, with `kubernetesIntegration` set to true (default), authentik automatically creates an integrations for the local Kubernetes Cluster (See [Kubernetes](./integrations/kubernetes.md)).
|
||||||
|
|
||||||
|
To deploy an outpost with these integrations, simply select them during the creation of an Outpost. A background task is started, which creates the container/deployment. You can see that Status on the System Tasks page.
|
||||||
|
|
||||||
|
To deploy an outpost manually, see:
|
||||||
|
|
||||||
|
- [Kubernetes](./manual-deploy-kubernetes.md)
|
||||||
|
- [docker-compose](./manual-deploy-docker-compose.md)
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
Outposts fetch their configuration from authentik. Below are all the options you can set, and how they influence the outpost.
|
||||||
|
|
||||||
|
import Configuration from "./_config.md";
|
||||||
|
|
||||||
|
<Configuration />
|
||||||
|
|
||||||
|
## Metrics
|
||||||
|
|
||||||
|
Each authentik outpost has a Prometheus metrics endpoint accessible under port `:9300/metrics`. This endpoint is not mapped via docker, as the endpoint doesn't have any authentication.
|
||||||
|
|
||||||
|
For the embedded outpost, the metrics of the outpost and the metrics of the core authentik server are both returned under the same endpoint.
|
Reference in a new issue