ff7320b0f8
closes #2235 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
1.2 KiB
1.2 KiB
Create a new ingress for the outpost
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: authentik-outpost
spec:
rules:
- host: app.company
http:
paths:
- backend:
# Or, to use an external Outpost, create an ExternalName service and reference that here.
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
serviceName: ak-outpost-example-outpost
servicePort: 9000
path: /akprox
This ingress handles authentication requests, and the sign-in flow.
Add these annotations to the ingress you want to protect
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://outpost.company:9000/akprox/auth/nginx
# If you're using domain-level auth, use the authentication URL instead of the application URL
nginx.ingress.kubernetes.io/auth-signin: |-
https://app.company/akprox/start
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;