website: latest PR for new Docs structure (#11639)

* first pass * dependency shenanigans * move blueprints * few broken links * change config the throw errors * internal file edits * fighting links * remove sidebarDev * fix subdomain Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix relative URL Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix mismatched package versions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix api reference build Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test tweak * links hell * more links hell * links hell2 * yep last of the links * last broken link fixed * re-add cves Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add devdocs redirects * add dir * tweak netlify.toml * move latest 2 CVES into dir * fix links to moved cves * typoed title fix * fix link * remove banner * remove committed api docs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * integrations: remove version dropdown Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update Makefile Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * change doc links in web as well Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix some more docs paths Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix more docs paths Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * ci: require ci-web.build for merging Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Revert "ci: require ci-web.build for merging" This reverts commit b99a4842a9. * remove sluf for Application * put slug back in * minor fix to trigger deploy * Spelled out Documentation in menu bar * remove image redirects... Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove explicit index.md Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove mdx first Signed-off-by: Jens Langhammer <jens@goauthentik.io> * then remove .md Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing prefix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Tana M Berry <tana@goauthentik.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2024-10-09 09:33:40 -05:00
parent 6b2fced1b9
commit 6d5172d18a
336 changed files with 2138 additions and 872 deletions
--- a/website/docs/add-secure-apps/providers/proxy/_envoy_istio.md
+++ b/website/docs/add-secure-apps/providers/proxy/_envoy_istio.md
@ -0,0 +1,51 @@
+Set the following settings on the _IstioOperator_ resource:
+
+```yaml
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+    name: istio
+    namespace: istio-system
+spec:
+    meshConfig:
+        extensionProviders:
+            - name: "authentik"
+              envoyExtAuthzHttp:
+                  # Replace with <service-name>.<namespace>.svc.cluster.local
+                  service: "ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local"
+                  port: "9000"
+                  pathPrefix: "/outpost.goauthentik.io/auth/envoy"
+                  headersToDownstreamOnAllow:
+                      - cookie
+                  headersToUpstreamOnAllow:
+                      - set-cookie
+                      - x-authentik-*
+                      # Add authorization headers to the allow list if you need proxy providers which
+                      # send a custom HTTP-Basic Authentication header based on values from authentik
+                      # - authorization
+                  includeRequestHeadersInCheck:
+                      - cookie
+```
+
+Afterwards, you can create _AuthorizationPolicy_ resources to protect your applications like this:
+
+```yaml
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+    name: authentik-policy
+    namespace: istio-system
+spec:
+    selector:
+        matchLabels:
+            istio: ingressgateway
+    action: CUSTOM
+    provider:
+        name: "authentik"
+    rules:
+        - to:
+              - operation:
+                    hosts:
+                        # You can create a single resource and list all Domain names here, or create multiple resources
+                        - "app.company"
+```