From 3020c31bcdf998f191d0a13bafbcae6b793b1b8a Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Wed, 30 Apr 2025 14:52:38 +0200 Subject: [PATCH] website/docs: add gateway API to release notes and documentation (cherry-pick #14278) (#14298) Co-authored-by: Marc 'risson' Schmitt --- .../docs/add-secure-apps/outposts/integrations/kubernetes.md | 4 ++++ website/docs/releases/2025/v2025.4.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/website/docs/add-secure-apps/outposts/integrations/kubernetes.md b/website/docs/add-secure-apps/outposts/integrations/kubernetes.md index 6fef6bb31e..dcc22d3ca4 100644 --- a/website/docs/add-secure-apps/outposts/integrations/kubernetes.md +++ b/website/docs/add-secure-apps/outposts/integrations/kubernetes.md @@ -13,6 +13,7 @@ This integration creates the following objects: - Secret to store the token - Prometheus ServiceMonitor (if the Prometheus Operator is installed in the target cluster) - Ingress (only Proxy outposts) +- HTTPRoute (only Proxy outposts, when the Gateway API resources are installed in the target cluster, and the `kubernetes_httproute_parent_refs` setting is set, see below) - Traefik Middleware (only Proxy outposts with forward auth enabled) The following outpost settings are used: @@ -24,6 +25,8 @@ The following outpost settings are used: - `kubernetes_ingress_annotations`: Any additional annotations to add to the ingress object, for example cert-manager - `kubernetes_ingress_secret_name`: Name of the secret that is used for TLS connections, can be empty to disable TLS config - `kubernetes_ingress_class_name`: Optionally set the ingress class used for the generated ingress, requires authentik 2022.11.0 +- `kubernetes_httproute_parent_refs`: Define which Gateways the HTTPRoute wants to be attached to. +- `kubernetes_httproute_annotations`: Any additional annotations to add to the HTTPRoute object - `kubernetes_service_type`: Service kind created, can be set to LoadBalancer for LDAP outposts for example - `kubernetes_disabled_components`: Disable any components of the kubernetes integration, can be any of - 'secret' @@ -32,6 +35,7 @@ The following outpost settings are used: - 'prometheus servicemonitor' - 'ingress' - 'traefik middleware' + - 'httproute' - `kubernetes_image_pull_secrets`: If the above docker image is in a private repository, use these secrets to pull. (NOTE: The secret must be created manually in the namespace first.) - `kubernetes_json_patches`: Applies an RFC 6902 compliant JSON patch to the Kubernetes objects. diff --git a/website/docs/releases/2025/v2025.4.md b/website/docs/releases/2025/v2025.4.md index 3211056396..711abf4658 100644 --- a/website/docs/releases/2025/v2025.4.md +++ b/website/docs/releases/2025/v2025.4.md @@ -72,6 +72,10 @@ Previously, sessions were stored by default in the cache. Now, they are stored i - **Source Sync Dry Run**: See [description](#highlights) under Highlights. +- **Gateway API support** :ak-preview + + For Kubernetes users, authentik now supports the Gateway API. The Helm chart supports HTTPRoute. The Kubernetes outpost integrations supports creating HTTPRoute objects for Proxy providers. Refer to our [documentation](../../add-secure-apps/outposts/integrations/kubernetes.md). + ## New integration guides An integration is a how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.