2020-11-15 21:42:02 +00:00
---
title: Outposts
---
2021-09-17 07:47:27 +00:00
An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts.
2020-11-15 21:42:02 +00:00
2020-12-05 21:08:42 +00:00
Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to authentik.
2020-11-15 21:42:02 +00:00
2020-12-05 21:08:42 +00:00
authentik can manage the deployment, updating and general lifecycle of an Outpost. To communicate with the underlying platforms on which the outpost is deployed, authentik has "Service Connections".
2020-11-15 21:42:02 +00:00
2021-09-24 13:37:54 +00:00
- If you've deployed authentik on docker-compose, authentik automatically creates a Service Connection for the local docker socket.
2021-03-02 21:10:54 +00:00
- If you've deployed authentik on Kubernetes, with `kubernetesIntegration` set to true (default), authentik automatically creates a Service Connection for the local Kubernetes Cluster.
2020-11-15 21:42:02 +00:00
2021-09-24 13:37:54 +00:00
To deploy an outpost with these service connections, simply select them during the creation of an Outpost. A background task is started, which creates the container/deployment. You can see that Status on the System Tasks page.
2020-11-15 21:42:02 +00:00
To deploy an outpost manually, see:
2021-03-02 21:10:54 +00:00
- [Kubernetes ](./manual-deploy-kubernetes.md )
- [docker-compose ](./manual-deploy-docker-compose.md )
2021-06-13 21:56:38 +00:00
## Configuration
Outposts fetch their configuration from authentik. Below are all the options you can set, and how they influence the outpost.
```yaml
# Log level that the outpost will set
log_level: debug
# Enable/disable error reporting for the outpost, based on the authentik settings
error_reporting_enabled: true
error_reporting_environment: beryjuorg-prod
########################################
# The settings below are only relevant when using a managed outpost
########################################
# URL that the outpost uses to connect back to authentik
authentik_host: https://authentik.tld/
# Disable SSL Validation for the authentik connection
authentik_host_insecure: false
2021-09-26 10:00:51 +00:00
# Optionally specify a different URL used for user-facing interactions
authentik_host_browser:
2021-06-13 21:56:38 +00:00
# Template used for objects created (deployments, services, secrets, etc)
object_naming_template: ak-outpost-%(name)s
########################################
# Kubernetes outpost specific settings
########################################
2021-08-27 17:10:30 +00:00
# Network the outpost container should be connected to
docker_network: null
2021-09-29 21:55:22 +00:00
# Optionally disable mapping of ports to outpost container, may be useful when using docker networks
# (Available with 2021.9.4+)
docker_map_ports: true
2021-08-27 17:10:30 +00:00
########################################
# Kubernetes outpost specific settings
########################################
2021-06-13 21:56:38 +00:00
# Replica count for the deployment of the outpost
kubernetes_replicas: 1
# Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available)
kubernetes_namespace: authentik
# Any additional annotations to add to the ingress object, for example cert-manager
kubernetes_ingress_annotations: {}
# Name of the secret that is used for TLS connections
kubernetes_ingress_secret_name: authentik-outpost-tls
# Service kind created, can be set to LoadBalancer for LDAP outposts for example
kubernetes_service_type: ClusterIP
# Disable any components of the kubernetes integration, can be any of
# - 'secret'
# - 'deployment'
# - 'service'
2021-09-09 13:52:24 +00:00
# - 'prometheus servicemonitor'
2021-06-13 21:56:38 +00:00
# - 'ingress'
# - 'traefik middleware'
kubernetes_disabled_components: []
```
