habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
582812b3ec5df24a556f41e76b925647788038e2
authentik/docs/topics/add-secure-apps/outposts/manual-deploy-kubernetes.md
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

105 lines
3.0 KiB
Markdown
Raw Blame History

---
title: Manual Outpost deployment on Kubernetes
---
Use the following manifest, replacing all values surrounded with `__`.
Afterwards, configure the proxy provider to connect to `<service name>.<namespace>.svc.cluster.local`, and update your Ingress to connect to the `authentik-outpost` service.
```yaml
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
name: authentik-outpost-api
type: Opaque
stringData:
AUTHENTIK_HOST: "__AUTHENTIK_URL__"
AUTHENTIK_INSECURE: "true"
AUTHENTIK_TOKEN: "__AUTHENTIK_TOKEN__"
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
name: authentik-outpost
spec:
ports:
- name: http
port: 9000
protocol: TCP
targetPort: http
- name: https
port: 9443
protocol: TCP
targetPort: https
type: ClusterIP
selector:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
name: authentik-outpost
spec:
selector:
matchLabels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
template:
metadata:
labels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
spec:
containers:
- image: ghcr.io/goauthentik/proxy
name: proxy
ports:
- containerPort: 9000
name: http
protocol: TCP
- containerPort: 9443
name: https
protocol: TCP
envFrom:
- secretRef:
name: authentik-outpost-api
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# This example includes annotations for common ingress controllers,
# remove annotations not used
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
traefik.ingress.kubernetes.io/affinity: "true"
labels:
app.kubernetes.io/instance: __OUTPOST_NAME__
app.kubernetes.io/name: authentik-outpost
name: authentik-outpost
spec:
ingressClassName: nginx
rules:
- host: __EXTERNAL_HOSTNAME__
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: authentik-outpost
port:
name: http
```
Reference in New Issue View Git Blame Copy Permalink