habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bbd639c37df49d4a25f134a582ec225b35b9034c
authentik/website/docs/add-secure-apps/outposts/manual-deploy-kubernetes.md
Jens L. d9c79558b1 website/docs: fix outdated and incorrect example kubernetes deployment (#14928) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-05 21:09:56 +02:00

3.0 KiB
Raw Blame History

title
title
Manual Outpost deployment on Kubernetes

Use the following manifest, replacing all values surrounded with __.

Afterwards, configure the proxy provider to connect to <service name>.<namespace>.svc.cluster.local, and update your Ingress to connect to the authentik-outpost service.

apiVersion: v1
kind: Secret
metadata:
    labels:
        app.kubernetes.io/instance: __OUTPOST_NAME__
        app.kubernetes.io/name: authentik-outpost
    name: authentik-outpost-api
type: Opaque
stringData:
    AUTHENTIK_HOST: "__AUTHENTIK_URL__"
    AUTHENTIK_INSECURE: "true"
    AUTHENTIK_TOKEN: "__AUTHENTIK_TOKEN__"
---
apiVersion: v1
kind: Service
metadata:
    labels:
        app.kubernetes.io/instance: __OUTPOST_NAME__
        app.kubernetes.io/name: authentik-outpost
    name: authentik-outpost
spec:
    ports:
        - name: http
          port: 9000
          protocol: TCP
          targetPort: http
        - name: https
          port: 9443
          protocol: TCP
          targetPort: https
    type: ClusterIP
    selector:
        app.kubernetes.io/instance: __OUTPOST_NAME__
        app.kubernetes.io/name: authentik-outpost
---
apiVersion: apps/v1
kind: Deployment
metadata:
    labels:
        app.kubernetes.io/instance: __OUTPOST_NAME__
        app.kubernetes.io/name: authentik-outpost
    name: authentik-outpost
spec:
    selector:
        matchLabels:
            app.kubernetes.io/instance: __OUTPOST_NAME__
            app.kubernetes.io/name: authentik-outpost
    template:
        metadata:
            labels:
                app.kubernetes.io/instance: __OUTPOST_NAME__
                app.kubernetes.io/name: authentik-outpost
        spec:
            containers:
                - image: ghcr.io/goauthentik/proxy
                  name: proxy
                  ports:
                      - containerPort: 9000
                        name: http
                        protocol: TCP
                      - containerPort: 9443
                        name: https
                        protocol: TCP
                  envFrom:
                      - secretRef:
                            name: authentik-outpost-api
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    annotations:
        # This example includes annotations for common ingress controllers,
        # remove annotations not used
        nginx.ingress.kubernetes.io/affinity: cookie
        nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
        nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
        traefik.ingress.kubernetes.io/affinity: "true"
    labels:
        app.kubernetes.io/instance: __OUTPOST_NAME__
        app.kubernetes.io/name: authentik-outpost
    name: authentik-outpost
spec:
    ingressClassName: nginx
    rules:
        - host: __EXTERNAL_HOSTNAME__
          http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: authentik-outpost
                            port:
                                name: http