582812b3ec
website: Copy files during build. website: Allow for mixed env builds. website: Reduce build size. website: Expose build. website: Add build memory debugging. WIP: Disable broken links check to compare memory usage. website: Update deps. website: Clean up API paths. website: Flesh out 3.8 fixes. Format. website: Update ignore paths. Website: Clean up integrations build. website: Fix paths. website: Optimize remark. website: Update deps. website: Format. website: Remove linking. website: Fix paths. wip: Attempt API only build. Prep. Migrate render to runtime. Tidy sidebar. Clean up templates. docs: Move directory. WIP docs: Flesh out split. website: Fix issue where routes have collisions.
1.7 KiB
1.7 KiB
Set the following settings on the IstioOperator resource:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istio
namespace: istio-system
spec:
meshConfig:
extensionProviders:
- name: "authentik"
envoyExtAuthzHttp:
# Replace with <service-name>.<namespace>.svc.cluster.local
service: "ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local"
port: "9000"
pathPrefix: "/outpost.goauthentik.io/auth/envoy"
headersToDownstreamOnAllow:
- cookie
headersToUpstreamOnAllow:
- set-cookie
- x-authentik-*
# Add authorization headers to the allow list if you need proxy providers which
# send a custom HTTP-Basic Authentication header based on values from authentik
# - authorization
includeRequestHeadersInCheck:
- cookie
Afterwards, you can create AuthorizationPolicy resources to protect your applications like this:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: authentik-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "authentik"
rules:
- to:
- operation:
hosts:
# You can create a single resource and list all Domain names here, or create multiple resources
- "app.company"